Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Antus67

Pages: [1] 2 3 ... 223
1
Author:  Zeljka Zorz, Managing EditorMarch 19, 2019

Mirai, the infamous malware that turns Linux-based IoT devices into remotely controlled bots, has been updated to target new devices and device types.



Among these are LG SuperSign TVs (TV solutions meant to be installed in public areas and display information, images, video aimed at customers and employees) and WePresent WiPG-1000 Wireless Presentation systems, both of which are intended for use in business settings.

Full Article Here:https://www.helpnetsecurity.com/2019/03/19/mirai-new-tricks/

2
By Sergiu Gatlan



Two ongoing phishing campaigns are actively targeting Netflix and American Express (AMEX) customers to steal credit card and social security information as discovered by the Office 365 Threat Research team during the weekend.

As detailed by the Windows Defender Security Intelligence team on Twitter, "Two massive, still-active phishing campaigns targeting Netflix and AMEX emerged over the weekend, the Office 365 Threat Research team has discovered. Machine learning and detonation-based protections in Office 365 ATP protect customers both campaigns."

The phishing campaign targeting Naetflix clients redirects its victims to a realistic looking downloadable form designed to collect and exfiltrate credit card information (card number, expiration date, bank name, PIN, and security code) and billing information (name, e-mail, SSN, address, phone, and date of birth).

Full Article Here:https://www.bleepingcomputer.com/news/security/netflix-and-amex-customers-actively-targeted-by-phishing-campaigns/

3

Author: Lindsey O'Donnell
March 19, 2019 10:53 am





When asked if the company plans to pay the ransom, its CFO said its main strategy is to use the backup data stored in the system.

Aluminum giant Norsk Hydro has fallen victim to a serious ransomware attack that has forced it to shut down or isolate several plants and send several more into manual mode, the company said on Tuesday morning.

Oslo, Norway-based Norsk Hydro, one of the world’s largest makers of aluminum, employs 35,000 people in up to 40 countries. The cyberattack, first detected by the company’s IT experts around midnight Norwegian time, has left the aluminum producer struggling to maintain operations despite shutting down some plants and going into manual mode for others.

Full Article Here:https://threatpost.com/norsk-hydro-calls-ransomware-attack-severe/142924/

4

By Ionut Arghire on March 19, 2019

A security researcher working with Google Project Zero has discovered a novel bug class that impacts Windows and some of its drivers.

Discovered by James Forshaw, the issue resides in the fact that some of the kernel mode drivers that Windows ships with do not perform all the necessary checks when handling specific requests, which could allow an attacker to escalate privileges.

Windows distinguishes between system calls by setting their PreviousMode fields to UserMode or KernelMode, to help determine if the arguments of the call are from a trusted or untrusted source.

This applies to the creation and opening of files as well, where kernel mode code can choose from various API functions, including some leading to I/O Manager internal function IopCreateFile. The thread’s PreviousMode is assigned to a specific variable to determine whether to check for valid parameters and buffers.

Full Article Here:https://www.securityweek.com/researcher-finds-novel-bug-class-windows-kernel

5
Security & Technology News / The Case of the Missing Data
« on: Today at 12:06:52 am »
Author: Mike McKee

The latest twist in the Equifax breach has serious implications for organizations.

When the Equifax breach — one of the largest breaches of all time — went public nearly a year-and-a-half ago, it was widely assumed that the data had been stolen for nefarious financial purposes. But as the resulting frenzy of consumer credit freezes and monitoring programs spread, investigators who were tracking the breach behind the scenes made an interesting discovery.

The data had up and vanished.

This was surprising because if the data had, in fact, been stolen with the ultimate goal of committing financial fraud, experts would have expected it to be sold on the Dark Web. At the very least, they would have expected to see a wave of fraudulent credit transactions.

Full Article Here:https://www.darkreading.com/vulnerabilities---threats/the-case-of-the-missing-data/a/d-id/1334181

6
By Lawrence Abrams



A new sextortion email campaign has started over the weekend that pretends to be from the CIA and states that you are involved in an investigation into the distribution and storage or child pornography. The scammers then demand $10,000 in bitcoin or you will be arrested on April 8th, 2019 as part of an international law enforcement operation.

The emails that are being sent have a email subject of "Central Intelligence Agency - Case #49237856", where the number is different for each email. Attached to the emails may be numerous images of the CIA seal.

Full Article Here:https://www.bleepingcomputer.com/news/security/new-sextortion-email-uses-cia-investigation-as-scare-tactic/

7
Author:  Help Net SecurityMarch 18, 2019

20 percent of Americans suffer from security fatigue and don’t trust anyone to protect their personal data. As a result, some people feel they need to take matters into their own hands or at least work with organizations that give them a greater sense of control.



Findings from the nCipher Security survey of more than 1,000 American adults reveal many people want more control over their personal data privacy. Most want tighter controls of how others handle and safeguard their personal data.

Full Article Here:https://www.helpnetsecurity.com/2019/03/18/distrust-personal-data-protection/

8

Author: Lindsey O'Donnell
March 15, 2019 2:30 pm



Lenovo has issued patches for several serious vulnerabilities in its products stemming from Intel technology fixes.

Lenovo has patched several several high-severity vulnerabilities tied to Intel flaws that could enable escalation of privilege, information disclosure, or even denial of service.

Overall the device maker patched flaws tied to 16 high-severity CVEs on Thursday. Those include five related to Intel firmware vulnerabilities, as well as 11 flaws stemming from vulnerabilities in Intel Converged Security and Management Engine (CSME), Intel Server Platform Services, Intel Trusted Execution Engine and Intel Active Management Technology.

The patches come two days after Intel released its own security update, Tuesday, warning of 19 vulnerabilities across its popular graphics drivers for Windows 10, as well as a larger set of fixes across other Intel products, including its Matrix Storage Manager, Active Management Technology and Accelerated Storage Manager.

Full Article Here:https://threatpost.com/lenovo-patches-high-severity-arbitrary-code-execution-flaws/142860/

9
By AFP on March 18, 2019

Scammers are trying to cash in on the Christchurch mosque massacres, using phishing emails with links to fake bank accounts to ensnare people keen to donate, New Zealand's cyber security body said Monday.

The attack on two mosques in which 50 worshippers were killed, allegedly by a white supremacist, has caused an outpouring of grief and prompted a flood of donations -- well over NZ$7 million (US$5 million) -- to those affected.

But CERT NZ, a government agency that responds to cyber security incidents, said emails with links to fake banking logins or fraudulent accounts were being sent out requesting money following the tragedy.

Full Article Here:https://www.securityweek.com/shameless-scammers-seek-cash-christchurch-massacre

10
Author:Kaan Onarlioglu

When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.

Internet domain name ownership is not perpetual.

Domains are assigned to their owners for a limited amount of time. Once a registration expires, domains are released back to the public to be claimed by potential new owners, on a first-come first-served basis.

Internet citizens won't be strangers to questionable (and sometimes outright abusive) practices around this phenomenon. I'm sure many readers have revisited an interesting website bookmarked for a rainy day, only to return and be greeted by an unrelated page laden with advertisement banners. This is one typical method for exploiting residual traffic to a domain, where a new party registers an expired domain in the hopes that the old website's unsuspecting clientele will bring in ad revenue. Another common situation, this time with clear malicious intent, is mimicking an obsolete website in an attempt to mount phishing attacks on visitors.

Full Article Here:https://www.darkreading.com/vulnerabilities---threats/are-you-prepared-for-a-zombie-(domain)-apocalypse/a/d-id/1334171

11
Author: Help Net SecurityMarch 15, 2019

Against the backdrop of a complex and growing cyber threat landscape, organizations are waking up to the fact that one of the biggest chinks in their armour against a data security breach is humans.



According to Apricorn’s latest social media poll, sixty five percent of respondents believe that humans pose the biggest threat to their personal data. A staggering fifty two percent of respondents believe that people with malicious intent present the biggest danger, whilst thirteen percent believe that unintentional human error is also a risk. In stark comparison, just thirty five percent of those polled see technology as a threat to personal data.

Full Article Here:https://www.helpnetsecurity.com/2019/03/15/biggest-threat-to-personal-data/

12
By Lawrence Abrams



A new malspam campaign is underway that is trying to utilize the tragic Boeing 737 Max crashes as a way to spread malware on a recipient's computer. These spam emails pretend to be leaked documents about imminent crashes that the sender states should be reviewed and shared with loved ones to warn them.

This new campaign was discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, who posted about them on Twitter.

Full Article Here:https://www.bleepingcomputer.com/news/security/spam-warns-about-boeing-737-max-crashes-while-pushing-malware/

13
By Ionut Ilascu



Following the Friday mass shooting in Christchurch, New Zealand, multiple internet service providers (ISP) in the country have blocked access to websites that distribute gruesome content from the incident.

The attacker live-streamed on his Facebook account his actions that got 49 people killed. A link to the video and a lengthy "manifesto" appeared on 8chan forum, allegedly shared by the shooter. Copies of the 17-minute footage spread to other websites, including YouTube, Instagram, Twitter, and Reddit.

As mainstream platforms struggled to take down the video and segments of it, some websites continue to make the materials available.

Full Article Here:https://www.bleepingcomputer.com/news/security/new-zealand-mobile-carriers-block-8chan-4chan-and-liveleak/

14
Security & Technology News / Why Phone Numbers Stink As Identity Proof
« on: March 18, 2019, 01:59:38 am »
Author: Brian Krebs

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

How exactly did we get to the point where a single, semi-public and occasionally transient data point like a phone number can unlock access to such a large part of our online experience? KrebsOnSecurity spoke about this at length with Allison Nixon, director of security research at New York City-based cyber intelligence firm Flashpoint.

Full Article Here:https://krebsonsecurity.com/2019/03/why-phone-numbers-stink-as-identity-proof/

15
By Ionut Arghire on March 15, 2019

Over the past several months, threat actors have been increasingly targeting Office 365 and G Suite cloud accounts that are using the legacy IMAP protocol, in an attempt to bypass multi-factor authentication (MFA), Proofpoint reports.

Targeted brute-force attacks have increased in sophistication over the past months, attempting to compromise accounts using variations of the usernames and passwords exposed in large credential dumps, and phishing campaigns continued to provide additional avenues into corporate accounts.

An analysis of over one hundred thousand unauthorized logins across millions of monitored cloud accounts revealed that more than 2% of the user accounts were targeted, and that 15 in 10,000 were successfully breached.

Full Article Here:https://www.securityweek.com/hackers-bypass-mfa-cloud-accounts-imap-protocol

Pages: [1] 2 3 ... 223