FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

New Unc0ver jailbreak released, works on all recent iOS versions

New "Unc0ver" jailbreak unlocks devices, even those running the current iOS 13.5 release.
  • May 24th 2020 at 10:52

AgentTesla Delivered via a Malicious PowerPoint Add-In, (Sat, May 23rd)

Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common techniques to compromise a computer. Especially because Microsoft implemented automatically executed macros when the document is opened. In Word, the macro must be named AutoOpen(). In Excel, the name must be Workbook_Open(). However, PowerPoint does not support this kind of macro. Really? Not in the same way as Word and Excel do!
  • May 23rd 2020 at 06:16

Chrome: 70% of all security bugs are memory safety issues

Google software engineers are looking into ways of eliminating memory management-related bugs from Chrome.
  • May 23rd 2020 at 06:00

25 million user records leak online from popular math app Mathway

The Mathway user data has been previously on sale on the dark web, hacker forums, and Telegram channels for the past two weeks.
  • May 22nd 2020 at 16:45

Windows malware opens RDP ports on PCs for future remote access

Security experts believe the malware's operators are very likely to sell access to infected hosts to other hacker groups.
  • May 22nd 2020 at 14:50

Some Strings to Remember, (Fri, May 22nd)

When you handle unknown files, be it for malware analysis or other reasons, it helps to know some strings / hexadecimal sequences to quickly recognize file types and file content.
  • May 22nd 2020 at 13:46

This Week in Security News: New Bluetooth Vulnerability Exposes Billions of Devices to Hackers and Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers

By Jon Clay (Global Threat Communications)

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about a new security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device. Also, learn about two malware files that pose as Zoom installers but when decoded, contain malware code.

Read on:

Forward-Looking Security Analysis of Smart Factories <Part 1> Overlooked Attack Vectors

Trend Micro recently released a paper showing the results of proof-of-concept research on new security risks associated with smart factories. In this series of five columns, Trend Micro will explore the security risks to be aware of when promoting smart factories by examining overlooked attack vectors, feasible attack scenarios, and recommended defense strategies. This first column introduces the concept of “smart manufacturing,” and explains the research methods and attack vectors that are unique to smart factories.

Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers

Trend Micro found two malware files that pose as Zoom installers but when decoded, contain malware code. These malicious fake installers do not come from Zoom’s official installation distribution channels. One of the samples installs a backdoor that allows threat actors to run malicious routines remotely, while the other sample involves the installation of the Devil Shadow botnet in devices.

Adobe Releases Critical Out-of-Band Security Update

This week, Adobe released four security updates, one of them being an out-of-band security update for Adobe Character Animator that fixes a critical remote code execution vulnerability. All these vulnerabilities were discovered by Mat Powell of Trend Micro’s Zero Day Initiative and were not found in the wild.

QNodeService: Node.js Trojan Spread via Covid-19 Lure

Trend Micro recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar”, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file led to the download of a new, undetected malware sample written in Node.js; this trojan is dubbed as “QNodeService”.

ShinyHunters Is a Hacking Group on a Data Breach Spree

In the first two weeks of May, a hacking group called ShinyHunters went on a rampage, hawking what it claims is close to 200 million stolen records from at least 13 companies. Such binges aren’t unprecedented in the dark web stolen data economy, but they’re a crucial driver of identity theft and fraud.

Netwalker Fileless Ransomware Injected via Reflective Loading

Trend Micro has observed Netwalker ransomware attacks involving malware that is not compiled but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk. This makes this ransomware variant a fileless threat, enabling it to maintain persistence and evade detection by abusing tools that are already in the system to initiate attacks.

Beware of Phishing Emails Urging for a LogMeIn Security Update

LogMeIn users are being targeted with fake security update requests, which lead to a spoofed phishing page. The phishing email has been made to look like it’s coming from LogMeIn. Not only does the company logo feature prominently in the email body, but the sender’s identity has been spoofed and the phishing link looks, at first glance, like it might be legitimate.

Phishing Site Uses Netflix as Lure, Employs Geolocation

A phishing site was found using a spoofed Netflix page to harvest account information, credit card credentials, and other personally identifiable information (PII), according to a Twitter post by PartnerRe Information Security Analyst Andrea Palmieri. Trend Micro looked into the malicious site, hxxp://secure-up-log.com/netflix/, to learn more about the operation and found that the sites have geolocation features.

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion modern devices to hackers. The attacks, dubbed Bluetooth Impersonation Attacks or BIAS, concern Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for wireless data transfer between devices.

#LetsTalkSecurity: Fighting Back  

This Week, Rik Ferguson, vice president of Security Research at Trend Micro, hosted the third episode of #LetsTalkSecurity featuring guest Katelyn Bowden, CEO & founder of The BADASS Army. In this week’s episode, Rik and Katelyn discuss fighting back and more. Check out this week’s episode and follow the link to find information about upcoming episodes and guests.

Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions

An infamous business email compromise (BEC) gang has submitted hundreds of fraudulent claims with state-level U.S. unemployment websites and coronavirus relief funds. Behind the attacks is Scattered Canary, a highly organized Nigerian cybergang that employs dozens of threat actors to target U.S. enterprise organizations and government institutions. Researchers who tracked the fraudulent activity said the gang may have made millions from the fraudulent activity.

Factory Security Problems from an IT Perspective (Part 1): Gap Between the Objectives of IT and OT

The manufacturing industry is undergoing drastic changes and entering a new transition period. Today, it may be difficult to find companies that don’t include Digital Transformation (DX) or the Internet of Things (IoT) in their strategies. Manufacturing companies need to include cybersecurity in both the information technology (IT) domain and the operational technology (OT) one as well. This three-part blog series discusses the challenges that IT departments face when assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges.

What did you think about this week’s #LetsTalkSecuirty episode? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: New Bluetooth Vulnerability Exposes Billions of Devices to Hackers and Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers appeared first on .

Privilege escalation vulnerability patched in Docker Desktop for Windows

The security flaw could be used to trick the service into connecting to malicious processes.
  • May 22nd 2020 at 12:21

Silent Night Zeus financial botnet sold in underground forums

The botnet is being spread through the RIG exploit kit and COVID-19 spam campaigns.
  • May 22nd 2020 at 11:05

Heavily Loaded - PSW #652

By paul@securityweekly.com

This week, we welcome Jason Nickola, COO and Senior Security Consultant at Pulsar Security, to talk about Building An InfoSec Career! In our second segment, we welcome back Sven Morgenroth, Security Researcher at Nesparker, to talk about HTTP Security Headers In Action! In the Security News, Hackers target the air-gapped networks of the Taiwanese and Philippine military, Stored XSS in WP Product Review Lite plugin allows for automated takeovers, Remote Code Execution Vulnerability Patched in VMware Cloud Director, Shodan scan of new preauth RCE shows 450k devices at risk including all QNAP devices, and The 3 Top Cybersecurity Myths & What You Should Know!

 

Show Notes: https://wiki.securityweekly.com/PSWEpisode652

To learn more about Netsparker, visit: https://securityweekly.com/netsparker

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • May 22nd 2020 at 09:00

Animal Crossing, Danny Trejo, Contact Tracing, & SaltStack - Wrap Up - SWN #36

By paul@securityweekly.com

This week on the Wrap Up, Danny Trejo, COVID-19 Contact Tracing, SaltStack, and lots of hacked Supercomputers with cool names!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode36

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • May 22nd 2020 at 02:38

Ransomware deploys virtual machines to hide itself from antivirus software

The operators of the RagnarLocker ransomware are running Oracle VirtualBox to hide their presence on infected computers inside a Windows XP virtual machine.
  • May 22nd 2020 at 00:49

New Spectra attack breaks the separation between Wi-Fi and Bluetooth

Technical details to be presented in August at the Black Hat 2020 security conference.
  • May 21st 2020 at 21:22

RSA Conference moves 2021 event from February to May

RSA plays it safe for 2021 after ignoring COVID-19 warnings earlier this year and getting at least two attendees infected.
  • May 21st 2020 at 18:40

Hackers tried (and failed) to install ransomware using a zero-day in Sophos firewalls

Sophos acted quickly to put out a patch that stopped the hackers' attempts to deploy ransomware on enterprise networks protected by Sophos firewall devices.
  • May 21st 2020 at 17:03

Japan investigates potential leak of prototype missile data in Mitsubishi hack

The country is analyzing how such a leak could impact national security.
  • May 21st 2020 at 11:21

Video game developers under siege by cyberattacks seeking to plunder in-game cash

The Winnti Group is targeting gaming vendors once more with a new backdoor.
  • May 21st 2020 at 09:30

Take This Engine - ESW #184

By paul@securityweekly.com

This week, we talk Enterprise News, to discuss how RSA Conference 2021 Changes Date from February to May 2021, Docker partners with Snyk on container image vulnerability scanning, Venafi acquires Jetstack to bring together developer speed and enterprise security, Onapsis expands assessments for its Business Risk Illustration service, Volterra launches VoltShare to simplify the process of securely encrypting confidential data end-to-end, and more! In our second segment, we welcome Dan DeCloss, President & CEO of PlexTrac, to talk about Managing Enterprise Security Assessments! In our final segment, we welcome DJ Sampath, Co-Founder & CEO of Armorblox, to discuss Dealing with Phishing Attacks Outside Of Email!

 

Show Notes: https://wiki.securityweekly.com/ESWEpisode184

To learn more about PlexTrac or to claim your Free Month, visit: https://securityweekly.com/plextrac

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

 

  • May 21st 2020 at 09:00

Malware Triage with FLOSS: API Calls Based Behavior, (Thu, May 21st)

Malware triage is a key component of your hunting process. When you collect suspicious files from multiple sources, you need a tool to automatically process them to extract useful information. To achieve this task, I’m using FAME[1] which means “FAME Automates Malware Evaluation”. This framework is very nice due to the architecture based on plugins that you can enable upon your needs. Here is an overview of my configuration:
  • May 21st 2020 at 06:04

BlockFi discloses failed hack attempt after SIM swapping incident

BlockFi says a hacker SIM swapped an employee to gain access to its platform, but the hacker failed in their attempt to steal BlockFi customer funds.
  • May 21st 2020 at 03:57

Hacker leaks 40 million user records from popular Wishbone app

UPDATE: The Wishbone database leaks online after a hacker began selling it earlier this week.
  • May 20th 2020 at 23:07

Bank of America blames PPP applications leak on faulty SBA test server

BofA says SBA test platform allowed others to view details for its customers' PPP loan applications.
  • May 20th 2020 at 17:11

Signal to move away from using phone numbers as user IDs

Signal launches profile PINs, the first step in supporting Signal user accounts that are not tied to phone numbers.
  • May 20th 2020 at 14:06

‘Flight risk’ employees involved in 60% of insider cybersecurity incidents

The majority of staff planning their exit also take sensitive information with them, research suggests.
  • May 20th 2020 at 11:00

Adobe issues out-of-band patch to fix remote code execution flaw in animation software

Information leaks have also been patched up in Premiere Rush, Audition, and Premiere Pro.
  • May 20th 2020 at 10:08

Wireshark Release - 2.6.17, 3.0.11 and 3.2.4 - https://www.wireshark.org/news/20200519.html, (Tue, May 19th)

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
  • May 19th 2020 at 22:15

NXNSAttack technique can be abused for large-scale DDoS attacks

New vulnerability in DNS server software can be leveraged for DDoS attacks with an 1620x amplification factor.
  • May 19th 2020 at 21:23

Can We Delete That? - SCW #29

By paul@securityweekly.com

This week, we welcome Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information! We have the pleasure of having Ann for the entire show today in this two part interview!

 

Show Notes: https://wiki.securityweekly.com/SCWEpisode29

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • May 19th 2020 at 21:00

Ransomware Gangs, DEFCON Safe Mode, & SpaceX To ISS - SWN #35

By paul@securityweekly.com

This week, Dr. Doug returns to the studio, to discuss how DEFCON is Cancelled, Many Applications have Security flaws, Verizon Security Report for 2019, The FBI and DoJ want encryption backdoors, and Space, the final Frontier! The Master of Commentary Jason Wood joins us to talk about how a Ransomware Gang Was Arrested for Spreading Locky to Hospitals!

 

Show Notes: https://wiki.securityweekly.com/SWNEpisode35

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • May 19th 2020 at 20:08

Hacker arrested in Ukraine for selling billions of stolen credentials

Hacker "Sanix" has been selling billions of hacked user credentials on hacker forums and Telegram channels.
  • May 19th 2020 at 17:36

WolfRAT targets WhatsApp, Facebook Messenger app users on Android devices

Updated: The new malware is unstable and appears to be a slapdash effort based on leaked DenDroid code.
  • May 19th 2020 at 17:00

Chrome 83 released with enhanced privacy controls, tab groups feature

Chrome 83 is one of the feature-rich Chrome releases in recent years.
  • May 19th 2020 at 16:05

The Bike Path - BSW #174

By paul@securityweekly.com

This week, we welcome Mike Adler, Vice President of RSA NetWitness Platform at RSA Security, for a conversation on the question: Is the Virtual SOC Our "New Normal"? In the Leadership and Communications segment, Burnt out CISOs are a huge cyber risk, to build strategy, start with the future, 78% of Organizations Use More than 50 Cybersecurity Products to Address Security Issues, and more!

 

Show Notes: https://wiki.securityweekly.com/BSWEpisode174

To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity

To check out the RSA NetWitness Platform (SIEM and integrated EDR), visit: https://www.rsa.com/en-us/products/threat-detection-response

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • May 19th 2020 at 15:30

What is up on Port 62234?, (Tue, May 19th)

Here at the ISC we provide access to a number of bits of data which can be used to dig into problems or even as an early warning system of unusual activity.  Well today's data has revealed a confounding one.  Port 62234, which traditionally has zero on near zero sources attempting to access it suddenly has hundreds of sources.
  • May 19th 2020 at 14:56

Cisco Advisories for FTD, ASA, Firepower 1000, (Tue, May 19th)

Cisco has released a number of advisories for Firepower and Adaptive Security Appliance (ASA). 
  • May 19th 2020 at 14:25

France defends 'centralized' coronavirus tracing app, insists privacy held sacred

The country says StopCovid could be valuable in preventing a second COVID-19 wave.
  • May 19th 2020 at 10:15

FBI warns about attacks on Magento online stores via old plugin vulnerability

FBI says hackers have been planting card skimmers on online stores by exploiting a 2017 bug in the MAGMI plugin.
  • May 19th 2020 at 04:20

Supreme Court rejects lawsuit claiming Facebook provided terrorist forum support

The case accused Facebook of being materially responsible for user-generated terrorist content.
  • May 19th 2020 at 03:01

Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack

New BIAS attack works against Bluetooth devices and firmware from Apple, Broadcom, Cypress, Intel, Samsung, and others.
  • May 18th 2020 at 22:07

Shake My Head - ASW #108

By paul@securityweekly.com

This week, we welcome Jack Zarris, Senior Sales Engineer at Signal Sciences, to talk about Using Rate Limiting to Protect Web Apps and APIs! In our second segment, we welcome Tim Mackey, Principal Security Strategist at Synopsys, to discuss the Highlights From the New Open Source Security and Risk Analysis Report!

 

Show Notes: https://wiki.securityweekly.com/ASWEpisode108

To learn more about Synopsys, visit: https://securityweekly.com/synopsys

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • May 18th 2020 at 22:00

Automating nmap scans, (Mon, May 18th)

With last week’s diary  I left you with using a relatively basic nmap command to perform a relatively thorough scan of an IP range.  That command was:
  • May 18th 2020 at 20:40

FBI criticizes Apple for not helping crack Pensacola shooter's iPhones

Apple said back in January that it helped within hours and handed over to the FBI gigabytes of information.
  • May 18th 2020 at 18:59

Mercedes-Benz onboard logic unit (OLU) source code leaks online

Daimler allowed anyone to register on one of its on-premise GitLab servers.
  • May 18th 2020 at 14:32

Face masks prompt London police to consider pause in rollout of facial recognition cameras

The controversial scheme may be halted due to the widespread adoption of face coverings.
  • May 18th 2020 at 10:40

FBI: ProLock ransomware gains access to victim networks via Qakbot infections

The FBI also warns that the ProLock decryptor doesn't always work correctly, even after victims pay the ransom.
  • May 18th 2020 at 10:08

&#xa;Antivirus & Multiple Detections, (Sun, May 17th)

"When a file contains more than one signature, for example EICAR and a real virus, what will the antivirus report?".
  • May 17th 2020 at 21:08

&#xa;Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP), (Sat, May 16th)

This past two weeks my honeypot captured several probe for this URL /owa/auth/logon.aspx?url=https://1/ecp/ looking for the Exchange Control Panel. In the February 2020 patch Tuesday, Microsoft released a patch for ECP (CVE-2020-0688) for a remote code execution vulnerability affecting Microsoft Exchange server. Zero Day Initiative provided more details for this vulnerability here. Using CyberChef URL Decode, this is the output of the scan:
  • May 16th 2020 at 20:54

Supercomputers hacked across Europe to mine cryptocurrency

Confirmed infections have been reported in the UK, Germany, and Switzerland. Another suspected infection was reported in Spain.
  • May 16th 2020 at 19:42

Juicy Targets - PSW #651

By paul@securityweekly.com

This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to talk about MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data! In our second segment, we welcome back Harry Sverdlove, Founder and CTO of Edgewise Networks, to discuss Securing Remote Access, Quarantines, and Security! In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!

 

Show Notes: https://wiki.securityweekly.com/PSWEpisode651

To learn more about Elastic Security, visit: https://securityweekly.com/elastic

To view the Elastic Dashboard of MITRE ATT&CK Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2

To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • May 15th 2020 at 21:00

SHA3 Hashes (on Windows) - Where Art Thou?, (Fri, May 15th)

No sooner had posted on doing file and string hashes in PowerShell, when I (again) got asked by Jim - "What about SHA3?  Shouldn't we be using Quantum Safe algorithms if we have them?"
  • May 15th 2020 at 19:51
❌