Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/07/2019

Kaspersky finds Uzbekistan hacking op… because group used Kaspersky AV

A new “threat actor” tied to Uzbekistan’s State Security Service has been unmasked by threat researchers at Kaspersky Lab. And the unmasking wasn’t very hard to do, since, as Kim Zetter reports for Vice, the government group used Kaspersky antivirus software—which sent binaries of the malware it was developing back to Kaspersky for analysis. Uzbekistan has not been known for having a cyber-espionage capability. But the Uzbek SSS clearly had a big budget, and according to Kaspersky, the group went to two Israeli companies—NSO Group and Candiru—to buy those capabilities. Unfortunately for the group, it didn’t also buy any sort of operational security know-how along with the exploits it used.

 

EU to push G20 on global response to Facebook’s Libra, warns of trade risks to growth

European Union finance ministers will tell their counterparts at a G20 meeting on Oct. 17-18 that a global regulatory response is needed to virtual currencies such as Facebook’s Libra, an EU document said. The ministers, who will formally approve the text next week, are also calling on G20 partners to reform their taxation of digital companies in 2020 and to urgently address trade tensions which “put global growth at risk,” the document said.

 

FBI warns about high-impact Ransomware attacks on U.S. Organizations

In a wake of the recent string of attacks against cities, school districts and hospitals, the U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued organizations about high-impact ransomware attacks. “Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent.” reads the public service announcement published by the IC3. “Since early 2018, the incidence of broad, indiscriminant ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.

 

No one could prevent another ‘WannaCry-style’ attack, says DHS official

The U.S. government may not be able to prevent another global cyberattack like WannaCry, a senior cybersecurity official has said. Jeanette Manfra, the assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said on stage at TechCrunch Disrupt SF that the 2017 WannaCry cyberattack, which saw hundreds of thousands of computers around the world infected with ransomware, was uniquely challenging because it spread so quickly. “I don’t know that we could ever prevent something like that,” said Manfra, referring to another WannaCry-style attack. “We just have something that completely manifests itself as a worm. I think the original perpetrators didn’t expect probably that sort of impact,” she added.

 

Moscow based Sberbank reports possible data leak

Russia’s largest bank and third-largest bank in Europe, Sberbank announced on Wednesday of a possible personal data leak. Late on October 2, 2019, Sberbank became aware of a possible leak of credit card data affecting at least 200 Sberbank clients. An internal investigation is underway. Its results will be unveiled in a separate statement. A criminal wrongdoing of an employee is the primary lead, as no breach could have occurred from the outside – the database is isolated and has no outer network access. Refreshingly, there was no mention of the classic data-breach disclosure boiler-plate terminology that Sberbank takes the security of your personal data very seriously.

 

Cybersecurity giant Comodo can’t even keep its own website secure

Comodo, which bills itself as a “global leader in cybersecurity solutions,” said its forum was hacked. The admission came in no less than a forum post, which confirmed a hacker exploited a recently disclosed vulnerability in vBulletin, a popular forum software used by Comodo. The flaw, which requires little skill to exploit, allows an attacker to remotely run malicious code on a vulnerable forum. In this case, the exploit was used to dump the entire user database. Exploit code was released on September 23. Two days later, vBulletin released patches for the software.

 

This new hacking group is using ‘island hopping’ to target victims

While it was believed that hacking groups such as China’s APT10 were orchestrating the attacks against European multinationals in the aerospace and defense industries this year, the threats are actually coming from previously unknown hackers, according to one security company.  Identified by cybersecurity consultancy Context, the new organisation, which it has named Avivore, has been particularly astute in covering its tracks. Context, in fact, estimates that it could have been active as early as 2015, although most of the attacks were only exposed in the past 12 months.

 

Details of 92 Million Brazilians Auctioned on Underground Forums

Someone is auctioning on underground forums a database allegedly containing personal information of 92 million Brazilian citizens. They claim that every record is real and unique. The seller also advertises a search service focused on Brazilians, saying that they can dig up details about an individual starting from minimum initial data. The auction is present on multiple restricted-access underground markets where registration is possible based on an invitation from someone in the community or by paying a fee.

 

NBA Canada Just Experienced A Massive Data Breach

The National Basketball Association in Canada is one of the latest companies to have experienced a serious breach of their fan’s data, after food delivery company DoorDash and Capital One also suffered from huge digital intrusions earlier this year. In an email to their fans and subscribers on Monday, the NBA confirmed that they had suffered an intrusion into one of their computer servers, which had contained information about an undisclosed number of Canadians. Their email explained that the customer data that could have potentially been accessed by hackers may include names, addresses, email addresses, phone numbers and “other information you provided when you entered an online NBA contest.”

 

Australian Govt Issues Android and iOS Security Hardening Guides

The Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC) has published a set of two guides designed to help Australian government, commercial organizations, and enterprises harden the security of iOS and Android devices in their fleets. ACSC also mentions that although some of the recommendations included in these guides will reduce security risks, they might also notably degrade the user experience and system functionality. Therefore, organizations are advised to balance out the security and user experience requirements given that not all recommendations are designed to be suitable for all environments.

 

Four U.S. Food Chains Disclose Payment Card Theft via PoS Malware

Hackers caused havoc at four restaurant chains in the U.S. over the summer after compromising their payment systems with malware that stole customers’ payment card information. In the last two days, McAlister’s Deli, Moe’s Southwest Grill, Schlotzsky’s, and Hy-Vee disclosed publicly that their networks were infected with point-of-sale malware copying data from cards used in person at certain locations. McAlister’s, Moe’s, and Schlotzsky’s together have around 1,500 locations spread across the U.S. and are owned by the same parent company, Focus Brands.

 

Minerva attack can recover private keys from smart cards, cryptographic libraries

Czech academics have detailed this week a new cryptographic attack that can recover private keys used to sign operations on some smart cards and cryptographic libraries. Once obtained, the private key can allow attackers to spoof any smart cards or sign other cryptographic operations secured by the affected libraries. The attack, named Minerva, was discovered earlier this year in March by academics from the Centre for Research on Cryptography and Security at the Masaryk University, in the Czech Republic.

 

Meet Candiru — The Mysterious Mercenaries Hacking Apple And Microsoft PCs For Profit

Israel is home to scores of hacker-for-hire businesses, but one of the most clandestine has been Candiru. With no website and few records available, it’s operated largely under the radar. But now a researcher is claiming the elite Tel Aviv-based firm sold cyber weapons to the government of Uzbekistan, while industry sources tell Forbes the company is hacking both Microsoft Windows and Apple Macs for various nation states. In doing so it calls into question the company’s ethics for partnering with a government branded as an abuser of surveillance tools, just like the morals of its compatriot digital arms dealers have come under scrutiny over the last half decade.

 

App maker claims ‘Sign in with Apple’ copies anonymous email feature

Sign in with Apple’s ability to shield your real email address may sound clever, but one app developer claims it’s just riffing on their technology. Blue Mail creator Blix has sued Apple for allegedly violating a 2017 patent on the “Share Email” feature in its app. The company claims that Apple’s generation of a unique email address for sign-ins copies Blue Mail’s ability to share a public email address for messaging while hiding your actual address.

 

APAC firms will need AI as speed increasingly critical in cyberdefence

With cybercriminals are taking less and less time to break into corporate systems, Asia-Pacific enterprises will have look to artificial intelligence (AI) and machine learning tools to better combat threats and bolster their network resilience. Businesses also need to ensure data access is given only when user identities have been authenticated and based on predetermined conditions. It is not a matter of “if” but “when” now an often-cited adage to indicate the inevitability of security breaches, companies need to think about how they can use speed to defend themselves against attacks. 

Related Posts