Microsoft Exchange Attack Exposes New xHunt Backdoors
“Both of the backdoors installed on the compromised Exchange server of a Kuwait government organization used covert channels for C2 communications, specifically DNS tunneling and an email-based channel using drafts in the Deleted Items folder of a compromised email account,” said researchers with Palo Alto’s Unit 42 team, Monday.
3 keys to managing cyber risk in state, county and city agencies
IT managers may not be aware of the security functionality available in the software that they do know about. Software may already include built-in tools for identity management and application-allow listing, which can automatically place controls over which applications can be run on the network. Agencies can create security policies to immediately flag or block non-sanctioned applications.
Ransomware Update: More Data Leaked, NY Health System Recovers
REvil threat actors recently posted data they allegedly stole from the New Jersey Dental Hygienist Association (NJDHA) and Beacon Health Solutions. Meanwhile, the Clop ransomware hacking group leaked data they claim to have stolen from Nova Biomedical, a developer and manufacturer of advanced technology blood testing analyzers.
UVM Medical Center reassigns, furloughs 300 workers due to IT system downtime: 6 details
1. The Burlington, Vt.-based hospital took computers offline on Oct. 28 after a cyber breach. Employees who were unable to perform their job functions were told to go home, according to the report.
2. Around 300 employees of the hospital were either re-assigned or furloughed, President and COO Stephen Leffler, MD, said during a press conference on Nov. 6. He told the press about 130 workers were given temporary assignments.
Required Actions to Prevent Common Ransomware Exploits, Access Points
“These emails usually contain a link, most often to a Google Docs page, though other well-known file hosting platforms have been used as well,” she added. “The Google Docs page will then present a convincing image with another embedded link. This link is typically to a malicious executable hosted on a trusted platform such as Amazon AWS.” Given the chain of legitimate services, organizations may find it challenging to both detect and prevent these campaigns.
How to manage insider cyber risks amid COVID-19
Large-scale remote work has significantly reduced organizations’ visibility into the digital and interpersonal behavior of their workforces. It has also hampered their ability to detect, investigate, and resolve potential issues. For employees under stress or predisposed to acting in ways that are harmful to the business, this provides the time, space, and tacit license to do things they otherwise would or could not.
Zoom settles charges with FTC over deceptive security practices
In its action against Zoom, the FTC alleged Zoom “engaged in a series of deceptive and unfair practices that undermined the security of its users.” The FTC alleged that Zoom misled users when it claimed it offered end-to-end encryption — intended to protect user communications from external, unintended eavesdroppers — when Zoom actually didn’t offer that level of security, according to the complaint.
Treasury Asks if External Cyber Acts Qualify for Terrorism Risk Insurance Program
The program only applies to “certified” acts of terror, which carry a threshold of $5 million in property and casualty policy losses. The congressionally created Cyberspace Solarium Commission recommended in March that the government “do more to further define what types of cyber events fall under the TRIA umbrella and what types of events should remain covered by insurance companies themselves.”
Crooks behind Ghimob banking trojan have ambitions far beyond Brazil, researchers say
The data that anti-virus company Kaspersky released shows how an enterprising group of crooks has used Brazil to fine-tune their banking trojan, as the financially-focused malware is called. After successfully infecting numerous victims in Brazil, the campaign has expanded to target users in other Portuguese-speaking countries, from Angola to Mozambique to Portugal.
How cyber policy will evolve under Biden
“What you'll see is a recommitment to cyber being an important issue,” said Chris Painter, who served as the top U.S. cyber diplomat from 2011 to 2017. “He’ll take the good things that have happened, and he’ll make them more consistent and strategic.” James Lewis, a cyber expert at the Center for Strategic and International Studies, predicted that Biden would marry “a high degree of continuity” with “a lot smoother implementation.”
The Invisible Threat: Building Cyber Resilience to Respond to the Rise in Third Party Cyberthreats
In fact, this move to third party vectors now accounts for nearly half the attacks federal agencies confront: 45%. And amid other progress fighting traditional threats, the surge in indirect threats is a troubling development that “blurs the true scale of cyberthreats,” according to the report's authors. Federal leaders agree--with 85% stating that their agencies need to think beyond securing their enterprises and take steps to secure their ecosystems to be effective.
Vietnamese hacking group OceanLotus uses imitation news sites to spread malware
In this case, OceanLotus is suspected to send victims links to its sites through spearphishing or social media messaging. The fake sites themselves, which are still active, are not entirely malicious. Much of the content on the fake media pages is benign, focusing on news topics of interest in Vietnam and Southeast Asia, and doesn’t include malicious redirects, Volexity researchers said in a blog post on the matter.
Army Wants Smaller Brigades, Stronger Divisions & Lots Of Robots
“Be cautious of revolutions in military affairs,” said Donald Sando, Donahoe’s civilian deputy and an intellectual mainstay at Fort Benning for many years. “We can’t hope endlessly that technology will make warfare easier or less brutal or less costly, [because] The reality is, it doesn’t; it changes it. It makes it harder in many cases.”
Facebook and Twitter struggle with online fury from Trump supporters
On Thursday afternoon, Facebook moved to shut down a “Stop the Steal” group, which had amassed more than 360,000 followers in just a day, saying that it was concerned about calls for violence from some of the group’s members. [...] Another 79,000-strong private group called Stand Up Michigan to Unlock Michigan was also shut down by Facebook, but only after it had successfully called for its members to storm a Detroit counting center.
Data Privacy Gets Solid Upgrade With Early Adopters
Solid, a technology aimed at redesigning the way users' data on the Web is accessed and giving users more control of their privacy, passed another hurdle on Nov. 9 when four organizations announced pilot projects with startup infrastructure provider Inrupt. Designed by Tim Berners-Lee — the inventor of the World Wide Web — the and Massachusetts Institute of Technology, Solid is an open standard that gives users the ability to share their data with websites and companies while retaining control of who can access the information.
RansomEXX trojan variant is being deployed against Linux systems, warns Kaspersky
RansomEXX's Linux variant contains few or no functions used by other ransomware families, containing no command-'n'-control server phone-home functionality or anti-analysis "tricks". Potentially this is because the ransomware is, well, ransomware; once deployed its presence is obvious to users and network admins alike because everything stops working, except for ransom notes demanding payment for decryption.
Cybercriminals Shift Tactics Against OT Networks
The top five industrial sectors most vulnerable to a cyberattack are manufacturing (15%), building management systems (13%), electric utilities (13%), pharmaceuticals, (12%) and consumer goods (12%). Nearly two-thirds (65%) also noted their IT and OT networks have become more interconnected since the pandemic began, with 73% said they expect them to become even more interconnected as a result. The survey also finds 44% of respondents believe their OT networks are less secure than their IT networks.
Ultimate Member Plugin for WordPress Allows Site Takeover
A WordPress plugin installed on more than 100,000 sites has three critical security bugs that each allow privilege escalation – and potentially full control over a target WordPress site. The plugin, called Ultimate Member, allows web admins to add user profiles and membership areas to their web destinations. According to Wordfence researchers, the flaws make it possible for both authenticated and unauthenticated attackers to escalate their privileges during registration, to attain the status of an administrator.
Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies
"Hacking SIP servers and gaining control allows hackers to abuse them in several ways," the cybersecurity firm noted in its analysis. "One of the more complex and interesting ways is abusing the servers to make outgoing phone calls, which are also used to generate profits. Making calls is a legitimate feature, therefore it's hard to detect when a server has been exploited."
TikTok users troll Trump “voter fraud” reporting hotline en masse
As part of this effort, Trump administration officials and their allies, such as the president's adult sons, took to social media asking anyone with suspicions or evidence of voter fraud to call a specific hotline number. The Internet has responded to the existence of this hotline exactly as one might expect: with maximum trolling.