Making Sense of Security

Securing your Digital World.

Making Sense of Security

OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution

By Alexander Elkholy (Threats Analyst) A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems. What is the vulnerability about? Discovered by Qualys Research Labs and disclosed on February 24, 2020, the vulnerability affects all versions of OpenSMTPD prior to 6.6.4. Part of the OpenBSD project, OpenSMTPD facilitates email communications to allow the retrieval and delivery of mail, and implements the Simple Mail Transfer Protocol (SMTP) protocol. Read more…


US charges four Chinese military members with Equifax hack

by Lisa Vaas The US has charged the Chinese military with plundering Equifax in 2017. The Justice Department (DOJ) on Monday released a nine-count indictment that accused four members of the People’s Liberation Army (PLA) of being hackers behind the breach, which was one of the largest in US history. The breach exposed millions of names and dates of birth, taxpayer ID numbers, physical addresses, and other personal information that could lead to identity theft and fraud. Besides the original estimate of 145.5 million Americans who were affected, the breach also hit 15.2 million Brits and some 100,000 Canadians. The Read more…


Threat actors attempt to capitalize on coronavirus outbreak

By Nick Biasini and Edmund Brumaghin. Coronavirus is dominating the news and threat actors are taking advantage. Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Using the news to try and increase clicks and drive traffic is nothing new for malicious actors. We commonly see actors leveraging current news stories or events to try and increase the likelihood of infection. The biggest news currently is focused on the new virus affecting the world, with a focus on China: the coronavirus. There are countless news articles and Read more…


1.7M Nedbank Customers Affected via Third-Party Breach

A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank. Nedbank, one of South Africa’s largest financial institutions, last week disclosed a security incident affecting the personal data of 1.7 million past and current customers. The breach started with a “data security issue” at Computer Facilities, a third-party marketing contractor Nedbank was using to send SMS and email marketing information, the bank said in a statement. Nedbank identified the vulnerability as part of its routine monitoring procedures. Once it was discovered, officials alerted the service provider and launched an investigation. Read more…


Google Sets Record High in Bug-Bounty Payouts

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


New Bill Proposes NSA Surveillance Reforms

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Wawa Breach May Have Affected More Than 30 Million Customers

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Trolls-For-Hire Pave Way For Sophisticated Social Media Hacks

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Weekly analysis – 14th September 2019 to 21st September 2019

MillerSmiles provides its weekly phishing analysis for the week of 14th September 2019 to 21st September 2019 * This article was originally published here www.MakingSenseofSecurity.com


Hacker Leaks More Than 500K Telnet Credentials for IoT Devices

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Google forced to reveal anonymous reviewer’s details

by Danny Bradbury It’s a small business’s worst nightmare: someone leaves a review on a popular site trashing your company, and they do it anonymously. That’s what happened to Mark Kabbabe, who runs a tooth whitening business in Melbourne, Australia. Last week, a court forced Google to reveal the details of an anonymous poster who published a bad review of his business. According to the court judgement, the anonymous poster used the pseudonym CBsm 23 to publish a review on Google about a procedure they had undergone at Kabbabe’s clinic. The review said that the dentist made the whole Read more…


Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Suspect who refused to decrypt hard drives released after four years

by John E Dunn The contentious case of a man held in custody since 2015 for refusing to decrypt two hard drives appears to have reached a resolution of sorts after the US Court of Appeals ordered his release. Former Philadelphia police sergeant Francis Rawls was arrested in September 2015, during which the external hard drives were seized along with other computers from his home. Based on forensic analysis of his download habits and the testimony of his sister, the police believe they contained child abuse imagery but were unable to prove that without access to the drives. Rawls Read more…


Ring makes 2FA mandatory to keep hackers out of your doorbell account

by Lisa Vaas Leery of losing microseconds of your life by using two-factor authentication (2FA) to keep your stuff safe from hackers? Alas for you, but hurray for security. Bit by bit, the Internet of Things (IoT) is getting a wee bit more secure: last week, Google announced that it would soon begin forcing users of its Nest gadgets to use 2FA, and this week, security came knocking for Amazon’s Ring video doorbells. On Tuesday, Ring president Leila Rouhi said in a blog post that starting immediately, the once-optional authentication is going to be mandatory for all users when Read more…


What’s The Difference Between An Incident And An Actual Loss Of Protected Data?

Information loss leads to devastating financial repercussions and brand reputation – Robert Johnson, III, President & CEO at Cimcor, Inc Chicago, Ill. – Feb. 20, 2020 Inadequate and ineffective technologies are often the culprit behind the failure of compliance mandates and initiatives for many organizations. Vulnerabilities can be a challenge for organizations to manage but identifying the weaknesses and the threats businesses face with information in a state of constant flux is not something to be ignored. Cybersecurity incidents and the threat information associated with them may change as information unfolds, similar to Positive technologies’ latest findings regarding the Citrix Read more…


Fortinet and CyberX

Accelerating IoT and OT Threat Detection and Prevention Donwload the solution brief The post Fortinet and CyberX appeared first on CyberX. Article Link: https://cyberx-labs.com/solution-briefs/fortinet-and-cyberx/ * This article was originally published here www.MakingSenseofSecurity.com


MGM Hotel breach highlights need for sophisticated cloud security

Cybercriminals posted the information of more than 10 million customers on a hacker forum a year after the initial attack on a cloud server. View Original Source Article HERE


92% of Americans would delete an app that sold their personal information

Smartphone users don’t want government encryption backdoors and would rather read “terms and conditions” than watch the movie “Cats.” View Original Source Article HERE


70% of IT leaders say security concerns restrict adoption of public cloud

While the concerns are legitimate, Barracuda also wants IT professionals to know that practical solutions exist. View Original Source Article HERE


California Man Arrested for Politically Motivated DDoS

The distributed denial-of-service attacks took a congressional candidate’s website offline for a total of 21 hours during the campaign for office. A man in Santa Monica, Calif., has been arrested for launching a series of attacks on the website of a California congressional candidate. Arthur Jan Dam is charged with one federal count of  intentionally damaging and attempting to damage a protected computer. According to the arrest affidavit, Dam was responsible for four distributed denial-of-service (DDoS) attacks on the candidates’ Web server, taking the site offline for a total of 21 hours during the campaign in 2018. Dam, it Read more…


Text message package scam delivers more than your business bargained for

There’s a text message scam making the rounds that could target your mail room staff, receptionist, or other employees. The FTC has tips on how you can protect your business. Our Consumer Blog describes a text message people are receiving that claims to be a FedEx tracking notice. In variations on the scheme, fraudsters also are falsely invoking the names of UPS and the U.S. Postal Service. According to the text, there’s a “delivery” that needs to be scheduled by clicking on a link. From there, people are taken to an “Amazon” page, which invites them to complete a customer Read more…


The Amazon Prime phishing attack that wasn’t…

by Paul Ducklin Earlier this week, we received a moderately believable Amazon Prime phish via email. The scam had an Account Locked subject line, with a warning that we wouldn’t be able to buy or sell anything via Amazon’s services until we verified our account. To add a bit more fear and urgency, the crooks went on to warn us that if we didn’t complete the verification process within 24 hours, then our account would be deactivated, not merely suspended. The “good” news, of course, is that verifying our account was as easy as clicking a link in the Read more…


Data of 10.6m MGM hotel guests posted for sale on Dark Web forum

by Lisa Vaas The personal data of 10,683,188 MGM hotel guests that leaked sometime in or before 2017 was posted for sale on the Dark Web this week, ZDNet reports. It doesn’t matter that the data isn’t freshly baked: it’s still edible. ZDNet called hotel guests whose details were included in the data dump and found that, while some of the phone numbers had been disconnected, many were still valid, as “the right person answered the phone.” The data was first spotted by an Israeli security researcher calling themselves Under the Breach who claims to have “deep relations” with Read more…


Freedom Hosting owner pleads guilty to distributing child abuse images

by John E Dunn The man arrested for running what was once believed to be the largest child abuse hosting provider on the dark web, has pleaded guilty in a US court to the charge of advertising child pornography. That service was Freedom Hosting and the man who operated it from its founding in 2008 until his arrest in Ireland in 2013 was dual US-Irish national, Eric Eoin Marques. Extradited to the US last year, what Marques has admitted to carries a mandatory sentence of 15 years, with up to double that possible when he is sentenced by a Read more…


Facebook’s Twitter and Instagram accounts hijacked

by John E Dunn Last Friday, in full glare of the world, Facebook admins suddenly found themselves in an unseemly struggle to wrestle back control of the company’s Twitter accounts from attackers that had defaced them. Normally, these accounts trumpet new platform features or other assorted worthy accomplishments. But on Friday afternoon, a different type of tweet suddenly appeared: Hi, we are OurMine Well even Facebook is hackable but at least their security better than Twitter. The now deleted message continues by offering the services of OurMine to anyone wanting to improve their account security. The same group’s logo Read more…


Self-driving car dataset missing labels for pedestrians, cyclists

by Lisa Vaas A popular self-driving car dataset for training machine-learning systems – one that’s used by thousands of students to build an open-source self-driving car – contains critical errors and omissions, including missing labels for hundreds of images of bicyclists and pedestrians. Machine learning models are only as good as the data on which they’re trained. But when researchers at Roboflow, a firm that writes boilerplate computer vision code, hand-checked the 15,000 images in Udacity Dataset 2, they found problems with 4,986 – that’s 33% – of those images. From a writeup of Roboflow’s findings, which were published Read more…


5 Strategies to Secure Cloud Operations Against Today’s Cyber Threats

With these fundamentals in mind, organizations can reduce their security and compliance risks as they reap the cloud’s many benefits: The cloud, once touted as an IT panacea, has a flip side that we see all too often in headlines when malicious actors take advantage of gaps in security. This cannot be repeated enough: Securing data and networks in a cloud environment is very different than doing so on-premises. Infrastructure elements that were static on-premises are now abstracted to software. Firewalls must be designed to operate in an inherently fluid infrastructure. And in the cloud, you’ll need to focus Read more…


Goblin Panda APT: Recent infrastructure and RAT analysis

  Summary Goblin Panda (also known as Hellsing, Cycledek, and likely other names due to non-standardized naming conventions in security) is a group has been active for the better part of the last decade, and has historically had information theft and espionage related motives that align with Chinese interests. Their targets have primarily been defense, energy, and government organizations located in South/Southeast Asia, with emphasis on Vietnamese targeting. Within this analysis I review artifacts that exhibit behavior consistent with past Newcore RAT samples, which have been attributed to the GoblinPanda APT group.   Analysis While reviewing suspected dropper files, Read more…


FBI: Cybercrime tore a $3.5b hole in victims’ pockets last year

by Lisa Vaas Why do online swindlers rob people over the age of 60? Because that’s where the money is. According to the FBI’s 2019 Internet Crime Report, released on Tuesday by the bureau’s Internet Crime Complaint Center (IC3), the total amount of money clawed out of victims through a smorgasbord of cybercrime types just keeps climbing, with 2019 bringing both the highest number of complaints and the highest dollar losses reported since the center was established in May 2000. Those of us with gray hair tend to have the most money, and thus we have the dubious honor Read more…


Google to force Nest users to turn on 2FA

by Lisa Vaas Nest owners, if you aren’t already flying with two-factor authentication (2FA) on your accounts, get ready for Google to push you into spreading those security wings. On Tuesday – which, appropriately enough, was Safer Internet Day – Google announced that in the spring (or in the fall, for those in the Southern Hemisphere), it will start forcing users of its Nest webcams and other products to use 2FA to secure their accounts. Nest users who haven’t yet enrolled in the 2FA option or migrated to a Google account will be required to take an extra step Read more…


Heading to RSA: NSA Brings Innovative Ideas to Cybersecurity Industry

FORT MEADE, Md., Feb. 12, 2020 — The breadth of talent and expertise across the private industry offers vast potential for collaboration. The RSA Conference — an annual security gathering hosting educational, professional, networking, and awards programs — offers one of the largest opportunities for NSA to bolster partnerships and continue to build understanding of shared risk, increase ongoing cooperation, and further expand opportunities, which is why the Agency will be joining participants again this year. Last year, during RSA Conference 2019, NSA released the highly praised open-source program, Ghidra, which has since garnered over half a million downloads. Read more…


Managed Defense: The Analytical Mindset

When it comes to cyber security (managed services or otherwise), you’re ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an analyst’s trained eyes and investigative process are the deciding factors in effectively going from alerts to answers in your organization. This blog post highlights the events of a recent investigation by FireEye Managed Defense to showcase the investigative tooling and analysis process of our analysts. Threat Overview Recently, FireEye Managed Defense responded to Read more…


Do I really need additional email security when using Office 365?

This is probably the most common question I get asked today! What customers are really asking is “Can I rely on the built-in security capabilities in Office 365 or do I still need to run a 3rd party email security solution such as a Secure Email Gateway?” And the answer — well that depends; every customer’s environment is different. Do I have to go to the Cloud? But first, let’s get the most common misconception out of the way. While it is more efficient to run your email security gateway in the cloud, close to your Office 365 tenancy, Read more…


5 tips for you and your family on Safer Internet Day

by Paul Ducklin No matter how safe and secure you feel when you use your computer, there’s always room for improvement. Why not make Safer Internet Day the excuse you need to do all those cybersecurity tweaks you’ve been putting off… …such as picking proper passwords, turning on two-factor authentication, downloading the latest security updates, making backups of your most important files, and revisiting your privacy settings in case you’re oversharing by mistake? So, let’s go through those five tweaks one-by-one – they’re easier than you think, and much less hassle than you might fear. 1. PICK PROPER PASSWORDS Read more…


5 tips for businesses on Safer Internet Day

by Paul Ducklin Safer Internet Day is here! Note that it’s more than just One Safe Internet Day, where you spend 24 hours taking security seriously, only to fall back on bad habits the day after. As the old saying goes, “Cybersecurity is a journey, not a destination,” and that’s why we have SAFER internet day – it’s all about getting BETTER at cybersecurity, no matter how safe you think you are already. So here are five things you can do in your business, regardless of its size, to help you and your colleagues keep ahead of the cybercrooks. Read more…


Critical Bluetooth bug leaves Android users open to attack

Google releases a fix for the security hole that, if left unplugged, could allow attackers to run malicious code with no user interaction Google has rolled out a security update to address a critical flaw in Android’s Bluetooth implementation that allows remote code execution without user interaction. The vulnerability, tracked as CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0). For these devices, which between them account for almost two-thirds of Android devices in use, the flaw is rated critical by Google. According to German IT security provider ERNW, which discovered the ‘wormable’ security hole and Read more…


Threat Roundup for January 31 to February 7

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Jan 31 and Feb 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting Read more…


RobbinHood Kills Security Processes Before Dropping Ransomware

Attackers deploy a legitimate, digitally signed hardware driver to delete security software from machines before encrypting files. In a newly detected attack campaign, the attackers behind RobbinHood ransomware deploy legitimate, digitally signed hardware drivers to delete security tools on target machines before they encrypt files. These attacks exploit known vulnerability CVE-2019-19320, report Sophos researchers who investigated two attacks employing this technique. The flaw exists in a signed driver that is part of a now-deprecated software package published by Taiwanese motherboard manufacturer Gigabyte. When it was patched with proof-of-concept code in 2018, Gigabyte said its products weren’t affected by the Read more…


Facebook now lets parents monitor their children’s chats

The feature is part of expanded parental controls on the Messenger Kids app aimed at children under 13 Facebook is rolling out a slew of changes to Messenger Kids that give parents more control over how their children use the messaging app. You can review who your kids are interacting with and review their chat histories, according to the social network’s blog post this week. In addition, you get access to the most recent videos and photos your kids have sent or received, and you can remove the content if needed. The app’s revamp also gives you the option Read more…


Adware.Adposhel takes over your web push notifications administration

Since late last year our researchers have been monitoring a new method concerning web push notifications being deployed by an adware family detected by Malwarebytes as Adware.Adposhel. What does Adware.Adposhel change? The adware uses Chrome policies to ensure that notification prompts will be shown and add some of their own domains to the list of sites that are allowed to push web notifications. So far not very new. The recent twist however is that it enforces these settings as an administrator. This is done so the regular Chrome user will not be able to change the settings in the Read more…


How your screen’s brightness could be leaking data from your air-gapped computer

It may not be the most efficient way to steal data from an organisation, let alone the most practical, but researchers at Ben-Gurion University in Israel have once again detailed an imaginative way to exfiltrate information from an air-gapped computer. And this time they haven’t done it by listening to a PC’s fan, or watching the blinking LED lights on a hard drive or even picking up FM radio waves. On this occasion the team of boffins have devised and demonstrated a method for stealing data by watching out for tiny changes to the brightness of the targeted computer’s Read more…


University of Maastricht Paid 30 Bitcoins to Ransomware Attackers

The University of Maastricht publicly revealed that it paid a ransom of 30 bitcoins to recover its computer systems following a ransomware attack. Nick Bos, vice president of the university, shared what officials knew about the digital attack at a press conference. Bos noted that the security incident began when phishers successfully compromised the email account of a university employee in November 2019. The ransomware infection unfolded in earnest on December 24, locking up the university’s computer systems and thereby preventing employees from accessing their emails or workstations. After learning of the infection, the University of Maastricht retained the Read more…


3 Malware Trends to Watch Out for in 2020

Malware closed out 2019 on a strong note. According to AV-TEST, malware authors’ efforts throughout the year helped push the total number of known malware above one billion samples. This development wouldn’t have been possible without the vigor exhibited by malware authors in the fall of 2019. Indeed, after detecting 8.5 million new samples in June and 9.56 million specimens the following month, AV-TEST saw the monthly totals jump up above 13 million in August. This monthly rate of detection has not faltered at the time of writing. After peaking in September with 17.70 million, it’s actually remained above Read more…


So You Want to Achieve NERC CIP-013-1 Compliance…

Is an electricity provider’s supply chain its weakest link in the event of a cyberattack? The evidence is compelling that third parties often play unwitting roles. For example, the NotPetya ransomware attacks in mid-2017 originally gained a foothold via a backdoor in third-party accounting software. To safeguard North America’s electricity supply, the North American Electric Reliability Corporation (NERC) has issued several critical infrastructure protection (CIP) standards. The CIP-013-1 standard, which has been approved by FERC in the fall of 2018, addresses the vulnerabilities and threat vectors that external third parties in the supply chain can have on the Bulk Read more…


Identity Verification And Fraud Prevention In 2020: Closing The Trust Gap

As technology evolves, fraudsters and hackers adapt their techniques. They get smarter and find new ways to beat the tech. That is why data leaks and theft are often in the news and can impact thousands of people. As consumers digitize their lives and take them online, verifying identities and combating fraud is becoming a growing challenge. To be honest, identity verification and fraud prevention are easier said than done. Most companies today do not have face to face meetings with their customers. The system is dependent on businesses having access to consumer information but given the risk of Read more…


Electric scooters vulnerable to remote hacks

A helmet may not be enough to keep you safe(r) while riding an e-scooter Electric scooters are steadily becoming a popular alternative for short commutes. Besides convenience, however, they also introduce a range of cybersecurity and privacy risks, according to a study by the University of Texas at San Antonio (UTSA). The review – which UTSA said is “the first review of the security and privacy risks posed by e-scooters and their related software services and applications” – outlines various attacks scenarios that riders might face and suggests measures to tackle the risks. Many e-scooters rely on a combination of Read more…


How to catch a cybercriminal: Tales from the digital forensics lab

What is it like to defeat cybercrime? A peek into how computer forensics professionals help bring cybercriminals to justice. Many people ask me about what it was like working for law enforcement. More often than not, however, they are actually enquiring about how computer crime is truly investigated. Whether it’s questions about how accurately it is portrayed on TV, the constraints felt by the police, the associated myths, or about how to find closely guarded tactics and secrets, people seem to have a morbid fascination with the dark world of digital forensics. Before joining ESET, I was a computer Read more…


DDoS Attack Potentially Targeted State Voter Registration Site, Says FBI

The FBI said that a distributed denial-of-service (DDoS) attack potentially targeted a state-level voter registration site. In a Private Industry Notification (PIN) released on February 4, the FBI said that a state-level voter registration and voter information website received a high volume of DNS requests over the period of a month. Those requests were consistent with a Pseudo Random Subdomain (PRSD) attack, a type of DDoS attack which attempts to disrupt DNS record lookups. A screenshot of the FBI’s PIN. (Source: Bleeping Computer) At one point, the suspected attack’s DNS requests increased more than tenfold from 15,000 to 200,000. Read more…


FTC Takes Action to Stop Anti-Aging “Cure-All” Marketers From Making Baseless Health Claims

The sellers of a pill called ReJuvenation settled Federal Trade Commission charges that they deceptively claimed that their product is a virtual cure-all for age-related ailments—including cell damage, heart attack damage, brain damage, blindness, and deafness—and even aging itself. The orders settling the FTC’s complaint prohibit the defendants from making such claims unless they are true and supported by scientific evidence. The orders also require payment of $660,000, which the Commission may use to provide refunds to defrauded consumers. “This is another company promising older adults an anti-aging wonder drug that reverses the effects of disease,” said Bureau of Read more…