Zoom faces a privacy and security backlash

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The use of the Zoom video conference application has exploded in popularity amid the ongoing coronavirus pandemic but this has lead to the importance of scrutiny from a security and privacy perspective which as uncovered lots of privacy and security issues and even zero day vulnerabilities.
As result of this Zoom now faces a privacy and security backlash.

More on this topic:

Wired article on Zoom

Even Doc Searls has written a series of four posts about Zoom and privacy.

 

Top 5 Security links

In COVID-19 Scam Scramble, Cybercrooks Recycle Phishing Kits

Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

Online Credit Card Skimmers Are Thriving During the Pandemic

‘Zombie’ Windows win32k bug reanimated by researcher

Privacy vs. Surveillance in the Age of COVID-19

Covid-19 phishing on the rise

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Criminals continue to use the covid-19 pandemic for personal gain and according to Barracuda networks the amount of phishing emails have spikes by over 650% since the end of February.

But even as the campaigns are revving up their attempts at tricking people, their attempts remain largely the same as before the pandemic started. The tools, methods and payloads stays pretty much the same, but now trying to leverage the fear and need for information during a crisis. The company proofpoint.com made en excellent one-slide summary of what is new seen below.

 

 

Top 5 Security links

Reality Check: The Story of Cybersecurity

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Often, hackers are portrayed as “technical sorcerers” while defenders are “hapless techies focused on zero-day vulnerabilities and only the most advanced threat vectors,” but in reality, that’s not true.
Cybercriminals are not always sophisticated, and in fact, more script kiddies exist than technically savvy hackers.
The difference is that cybercriminals are more organized and create tools and exploit kits that allow less sophisticated actors to become well equipped in launching attacks.”

said Rohit Ghai, president of RSA, in his keynote at the RSA Conference in San Francisco this week.

“The security landscape needs to change the narrative of its story. So we need to reclaim our narrative, reorganize our defense, and rethink our culture.”
this was his solicitation to the cyber security community.

more talks from the RSA Conference 2020 or download the RSAC 2020 Trend Report

 

Top 5 Security News

RSAC 2020: Lack of Machine Learning Laws Open Doors To Attacks

New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users

FBI recommends using passphrases instead of complex passwords

Gmail Is Catching More Malicious Attachments With Deep Learning

 

Cloud security is voodoo?

“Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.”

“Check Point Research analysts who discovered two vulnerabilities in the Microsoft Azure cloud infrastructure have published the details of how these flaws were found and how attackers could potentially use them.”

Read more at darkreading.com

 Top 5 Security News

 

 

(Blogpost image by Animesh Bhattarai on Unsplash)

The State of Breach Protection 2020

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“What are the key considerations security decision makers should take into account when designing their 2020 breach protection?”
1,536 cybersecurity professionals has been asked that question and many other security related questions in Cynet’s “The State of Breach Protection 2020″ survey.
The survey report will give a great insight into common practices, prioritizations and preferences of organization today in how their are protecting themselves from breaches.

Download the full survey report here

 

Top 5 Security News

EU privacy fines near £100m, but regulators are hungry for more

Iran-Linked PupyRAT backdoor used in recent attacks on European energy sector

250 Million Microsoft Customer Support Records Exposed Online

NIST’s new privacy rules – what you need to know

Cisco Warns of Critical Network Security Tool Flaw

Windows update

New year, new vulnerabilities

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The year 2020 started of by throwing out a bunch of new vulnerabilities that needed fixing.
First it was the Citrix vulnerability in Application Delivery Controller and Gateway products, formerly known as netscaler. The vulnerability was technically was released in 2019 as CVE-2019-19781; and allowed an attacker to get arbitrary remote code execution trough a directory traversal. The exploit was really easy to pull of and only needed two web-requests to the gateway, and multiple POC was released early January leading to active exploitation in the wild. Citrix has not yet released a patch for the vulnerability, but instead released a way to mitigate the vulnerability by means of configuration. A patch is expected next week.

Then on Tuesday, 14th of January Microsoft released its monthly patches fixing a bunch of bugs and security issues. In this patch there were two critical vulnerabilities that warranted extra atention. One was dubbed “curveball” and is tracked as CVE-2020-0601. Curveball is a bug in the Windows crypto API(Crypt32.dll) and how Windows Elliptic Curve Cryptography (ECC). The vulnerability allows anyone to present a certificate, and windows will happily acknowledge it as a valid certificate even when it is no. This could let an attacker launch Man-in-the-middle attacks against HTTPS connections, present fake certificates for phishing pages and allow fake signed executables to be launched. The vulnerability affects Windows 10, and Windows server 20016 and later.

Another big one from this patch was the Microsoft RD gateway vulnerability tracked as CVE-2020-0609 allowing arbitrary remote code execution by sending a specially crafted request to the server over the RDP connection. By using this exploit an attacker could get full access to the server by means of installing software, create users with full access rights etc.

There were also multiple other other vulnerabilities fixed, such as CVE-2020-0603 is a critical remote code execution bug in ASP.NET Core allowing an attacker to execute code by getting a user to open a file, and CVE-2020-0636 (Windows Subsystem for Linux (WSL)) allowing a user to run commands with elevated privileges.

In other news, SHA-1 is a Shambles after the first chosen prefix collision for sha1 was done. This means that sha1 is considered unsafe to use for integrity checking as you can create two documents that are completely different, add extra data to make them the same length and then add some specific data to generate the same sha1-sum for both documents. SHA1 should now be avoided for integrity checking of data.

A total of 334 vulnerabilities was patched by Oracle this week, covering many widely used applications like MySQL, VirtualBox, Java and Oracle Database.

On a different note, Windows 7 and windows server 2008(r2) is now end of life as of January 14, and will not get any more security updates. Microsoft wil also up the fees for running these operation systems, so both from a economical and security standpoint it makes sense to upgrade now sooner than later.

To sum up this weeks security news, stay up to date with patching at all times. There is no excuse not to.

Ransomware

Threat Hunting or Efficiency: Pick Your EDR Path?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Cybersecurity teams face a lot of conflicting objectives—both within their teams and from upper management. But a May 2019 commissioned study conducted by Forrester Consulting on behalf of McAfee really puts a fine point on it: When decision makers were asked which endpoint security goals and initiatives they’re prioritizing for the coming year, the top two responses were “improve security detection capabilities” (87%) and “increase efficiency in the SOC” (76%).

Read more

 

Top 5 Security News

5 scams to watch out for this shopping season

Dexphot Malware Hijacked 80K+ Devices to Mine Cryptocurrency

It’s Way Too Easy to Get a .gov Domain Name

A Cause You Care About Needs Your Cybersecurity Help

Google caught a state hacker crew uploading badness to the Play Store

white printing paper with numbers

Data leaks and breaches

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Today I want to take a look at data leaks and breaches as the last week has had quite a few of those. Unicef Norway had a database exposed to the internet (Paywall) without any form of authentication. Most of the data here was public data about people, but certain sensitive information such as address and phone numbers for people living in hiding, prominent people in the public and young children could be found. Singapore Accountancy Commission (SAC) had a folder containing 6,541 accountants data in sent to multiple parties in a security mishap, that was not discovered until months later.
T-mobile in the United states also suffered a data-breach towards some of its prepaid customers. According to T-mobile no sensitive data was stolen, but they still urged affected customers to change their PIN number and account passwords.

 

Top 5 Security News

Thousands of hacked Disney+ accounts are already for sale on hacking forums

Google Discloses Android Camera Hijack Hack

Twitter will finally let users disable SMS as default 2FA method

French hospital contracts 6,000 PC-locking ransomware infection

AccorHotels subsidiary Gekko Group exposes hotels and travelers data in massive data leak

Visa Warns of New JavaScript Skimmer ‘Pipka’

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

A new JavaScript skimmer targets data entered into the payment forms of ecommerce merchant websites, Visa Payment Fraud Disruption (PFD) warns.

Visa notes in a security alert (PDF).

“In September 2019, Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program identified a new JavaScript skimmer that targets payment data entered into payment forms of eCommerce merchant websites. PFD is naming the skimmer Pipka, due to the skimmer’s configured exfiltration point at the time of analysis (as shown below in the Pipka C2s).” reads the advisory published by VISA. “Pipka was identified on a North American merchant website that was previously infected with the JavaScript skimmer Inter, and PFD has since identified at least sixteen additional merchant websites compromised with Pipka.”

read more

 

Top 5 Security News

Website, Know Thyself: What Code Are You Serving?

GitHub gathers friends for a security code cleanse to scrub that software up to spec

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

AI wordsmith too dangerous to be released… has been released

Flaws in Qualcomm chips allows stealing private from devices

Using two laptops

Insider threats

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

This week we have seen multiple cases of one of the harder issues in security, the insider threat.
Two former employees of twitter have been charged with spying on Twitter users for Saudi Arabia, together with a third man with ties to the Saudi royal family. According to court documents they were working together, using twitters internal systems to unmask  critics of the Kingdom and other users of Twitter.
Trend Micro also suffered from an insider attack where an employee accessed and sold customer data to a malevolent third party. Trend started getting suspicious after customers started getting calls from scammers claiming to be from Trend Micro support. The employee was fired after a three month investigation by Trend micro, and is now investigated by law enforcement.  You can read more about both cases here.

The Cybersecurity Insiders 2020 Insider Threat Report came out, and found that more than half of the organizations that participated believes that insider threats are harder to follow up in cloud environments. Meaning that the trend of offloading to the cloud could increase risk on unexpected levels.

Insider threats are one of the more complex issues in security with different challenges depending on a lot of factors, and organizations need to focus on what the challenges are for their specific organization, and find preventive measures that works in their environment.

Top 5 Security News

BlueKeep Attacks Have Arrived, Are Initially Underwhelming
Cybersecurity Skills Shortage Tops Four Million
Bug Hunters Hack Samsung Galaxy S10, Xiaomi Mi9 at Pwn2Own
Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs
Facebook reveals another privacy breach, this time involving developers