Categories
Breach CVE Cyber Security Malware Phishing Ransomware Spyware Vulnerability

Microsoft bans sale of facial recognition tech, Maze attacks Threadstone Advisors LLP, and more

Major cybersecurity events on 15th June 2020 (Morning Post): Privnotes.com masquerades as privnote.com, phishes bitcoins. Twitter forbids users from retweeting articles they have not opened. ActionSpy targets minority group Uyghurs. Facebook aids FBI, captures child predator.

Round Up of Major Breaches and Scams

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same.

Microsoft Joins Ban on Sale of Facial Recognition Tech to Police

Microsoft is joining Amazon and IBM when it comes to halting the sale of facial recognition technology to police departments. In a statement released Thursday by Microsoft President Brad Smith, he said the ban would stick until federal laws regulating the technology’s use were put in place.

Twitter wants to know if you meant to share that article

Sharing clickbait containing spurious content without bothering to check it over is a perennial problem for attention-challenged social media users and now Twitter wants to help stop it. The company has launched a test feature that reminds you to read articles before retweeting them. The service will warn users if they try to retweet articles that they haven’t opened.

FBI warns about fraudsters targeting banking app users

As the use of mobile banking apps surges during COVID-19 lockdowns, so does the risk that these platforms will be exploited by cybercriminals, warns the FBI’s Internet Crime Complaint Center (IC3). Citing estimates by US financial technology providers, the Bureau’s online fraud wing said that more than 75 percent of Americans used mobile banking in some form in 2019.

Lamphone: spying on conversations by watching a light bulb in the room

A team of academics from Israeli Ben-Gurion University of the Negev and the Weizmann Institute of Science demonstrated how to spy on secret conversations in a room from a nearby remote location just by measuring the amount of light emitted by an overhead hanging light bulb. The spying technique dubbed Lamphone will be presented by the researchers at the forthcoming Black Hat USA 2020 conference in August.

COVID-19 themed attacks increase in Brazil, India, and UK

While Coronavirus spreads on a global scale, threat actors continues to use COVID-19 lures, in April Google announced that the Gmail malware scanners have blocked around 18 million phishing and malware emails using COVID-19 lures in just one week. The IT giant also announced to have blocked more than 240 million spam messages related to the ongoing Coronavirus pandemic.

15 Individuals Plead Guilty to Multimillion-Dollar Online Auction Fraud Scheme

A Department of Justice (DoJ) statement announcing the pleas described the defendants as participating in a scam where they posted false advertisements, typically for vehicles and other high-priced goods, on popular sites such as eBay and Craigslist.

Office 365 to offer more info on how it protects your email

Microsoft is working on providing Office 365 Advanced Threat Protection (ATP) users with more information on the route incoming emails take while going through the filtering stack before reaching their inbox, as well as on the effectiveness of any configuration changes.

Round Up of Major Malware and Ransomware Incidents

Android ‘ActionSpy’ Malware Targets Turkic Minority Group

Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan. The spyware is distributed either via watering-hole websites or fake websites. Researchers believe ActionSpy is being used in ongoing campaigns to target Uyghur victims. The Uyghurs, a Turkic minority ethnic group affiliated with Central and East Asia, have previously been targeted in spyware attacks.

Maze ransomware gang hacked M&A firm Threadstone Advisors LLP

Threadstone Advisors LLP, a corporate advisory firm specialising in mergers ‘n’ acquisitions, is the last victim of the Maze ransomware operators. MAZE ransomware operators have stolen the data of the company before encrypting its systems and threaten to leak it in case the victim will not pay the ransom. The list of clients of the firm includes Victoria Beckham, Charles S. Cohen, Pittsburgh Brewing Co., Harrys of London, and Xcel Brands.

TroyStealer – A new info stealer targeting Portuguese Internet users

The world of cybercrime is changing, and more and more malware variants have spread every day. To keep your system safe, one of the things you can do is following a cyber doctrine focused on the threats that lunk on the web. One of the most recent threats is the info stealer TroyStealer, first shared by Abuse.ch on Twitter, and targeting Portuguese users.

RDH suffers ransomware attack

Rangely District Hospital (RDH) will send notices this week to patients whose records may have been involved in a ransomware attack in April 2020. According to a press release issued June 8, parts of the hospital’s computer network were attacked by ransomware, including some files containing patients’ health information and other files necessary to view certain patient information.

Many ransomware decryption tools are actually just more ransomware

When a piece of ransomware has encrypted all the files on your computer and is demanding money for it all to be unlocked, good advice is hard to come by and Google is not always your friend. There’s one thing you certainly shouldn’t do: Start searching online for software to crack open the ransomware in the hope of being able to decrypt everything yourself.

Honeypot reveals tactics used by cybercriminals to deploy ransomware

Some types of cyberattacks are one-and-done deals where the cybercriminals get in and out quickly after infecting or compromising an organization. Other types of attacks, however, expand over a period of time as they try to impact additional resources within the organization.

Black Kingdom ransomware hacks networks with Pulse VPN flaws

Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found. The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors.

Round Up of Major Vulnerabilities and Patches

Intel patches chip flaw that could leak your cryptographic secrets

This week, Intel patched a CPU security bug that hasn’t attracted a funky name, even though the bug itself is admittedly pretty funky. Known as CVE-2020-0543 for short, or Special Register Buffer Data Sampling in its full title, it serves as one more reminder that as we expect processor makers to produce ever-faster chips that can churn through ever more code and data in ever less time we sometimes pay a cybersecurity price, at least in theoretical terms.

Facebook paid for a 0-day to help FBI unmask child predator

Facebook paid a cybersecurity firm six figures to develop a zero-day in a Tor-reliant operating system in order to unmask a man who spent years sextorting hundreds of young girls, threatening to shoot or blow up their schools if they didn’t comply, Motherboard’s Vice has learned.

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

D-Link has recently released a firmware update to address three out of six security flaws impacting the DIR-865L wireless home router. The flaws were reported to D-Link by researchers at Palo Alto Networks in February, experts pointed out that the issues could also affect newer models because they share portions of firmware code.

Cryptominers Found in Azure Kubernetes Containers

A new criminal campaign is targeting Kubernetes clusters on Microsoft Azure to turn misconfigured Kubeflow workloads into cryptominers. Kubeflow is an open source project that started as a toolkit for learning TensorFlow in Kubernetes and has since become a common framework for running machine learning applications in containers.

Avast fixes bug blocking programs from starting in Windows 10

A bug has been fixed in AVG and Avast security applications that set registry keys that blocked applications from running in Windows 10. This past week, Windows 10 users began to complain that they were unable to launch Microsoft Office and other applications in Windows 10.

Windows 10 Privacy Settings bug lets users change admin options

The Microsoft June 2020 Patch Tuesday consisted of 129 security fixes for critical and important vulnerabilities. Of these, an “Important” and equally ironic vulnerability, tracked as CVE-2020-1296, concerns privilege escalation in the Windows Diagnostics & Feedback settings app: the annoying privacy setting screen is shown to users when setting up or upgrading Windows.