Researchers at F5 Labs, the threat intelligence arm of F5 Networks, have uncovered a new malware campaign dubbed “CryptoSink” used deploy an XRM (Monero) mining operation targeting Elastisearch systems. Key features include: The campaign exploits a five-year-old vulnerability (CVE-2014-3120) in Elasticsearch systems running on Windows and Linux On Linux, it delivers several previously unknown malwares which weren’t detected by antivirus solutions It uses previously unseen methods to kill competing crypto-miners on the infected machine and to persist on the server (by replacing the Linux remove command) It backdoors the server by adding the attacker’s SSH keys. It uses several command and control (C&C) servers; the…
ISBuzz Team
Avast’s Global PC Risk Report uncovers global risk ratio of the most ‘at risk’ countries One in every nine business PCs around the world is at risk of infection from malware at any time, according to new research by Avast (LSE:AVST), a global leader in cybersecurity. Pakistan, Vietnam and China topped the list of riskiest places to be a business with more than a one in three chance of infection. The United States, the Netherlands and Ireland recorded the lowest business risk ratio globally; however, each still had a one in eleven chance of infection. The Riskiest Countries The findings were released in the…
TechCrunch is reporting that companies are leaking sensitive data due to misconfigured Box accounts. https://twitter.com/zackwhittaker/status/1105113673377464320 Pravin Kothari, CEO at CipherCloud: “In the past, applications were inside the perimeter so it was not a huge issue if your applications such as SharePoint, Exchange, or File server were not properly configured. That’s no longer the case with cloud applications such as Box, AWS S3 and Salesforce. A single misconfiguration can cause havoc as all your sensitive information could be exposed to the public or hackers by a user’s inadvertent action. Not only do you have to deal with reputational damage, but if the exposed data had regulatory requirements then you’re…
A new watering hole attack is leveraging SLACK, a collaborative platform that lets users create and use their own workspaces, to send command-and-control communications without being detected. The new approach was discovered by Trend Micro. We can’t paste this image from the Clipboard, but you can save it to your computer and insert it from there. Expert Comments below: Usman Rahim, Digital Security & Operations Manager at The Media Trust: “Battlefields are increasingly online, and this attack in particular was carefully planned. Watering hole attacks are carried out primarily on specific organizations. Whoever orchestrated this campaign wanted to gather personal and communications information on…
A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computers on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours. BleepingComputer was first notified about the Yatron RaaS by a security researcher who goes by the name A Shadow. Since then, the actor behind this ransomware has strangely been promoting the service by tweeting to various ransomware and security researchers. Yatron contains code to utilise the EternalBlue and DoublePulsar exploits to spread to Windows machines on the same network using SMBv1 vulnerabilities that should have been patched a long time ago. Maor Hizkiev, CTO and Co-founder…
Phishing attacks have been launched by Bristol City Council IT chiefs against the authority’s own staff to beef up cyber security after a “worrying” report revealed the danger of a breach has increased. Bristol City Council employees who fall for the “scams”, staged by their own colleagues, are redirected to a training programme to help them avoid succumbing to a real attack. A report to the resources scrutiny commission said it was “likely” hackers would target the authority’s computer systems and , if successful, the impact would be “critical”, the highest level possible. The assessment means the level of risk of a cyberattack is rated as…
Viper – known as Clifford in the United Kingdom – and Pandora Car Alarm System, which cater for at least three million customers between them, recently became the topic of interest to researchers from Pen Test Partners. On Friday, the cybersecurity researchers published their findings into the true security posture of these “smart” alarms and found them falling short of the vendors’ claims. Not only could compromising the smart alarms result in the vehicle type and owner’s details to be stolen, but the car could be unlocked, the alarm disabled, the vehicle tracked, microphones compromised, and the immobiliser to be hijacked. Experts Comments below: …
The Dutch Data Protection Authority says that cookie walls that force consumers to accept tracking cookies is not compliant with The EU’s General Data Protection Regulation. https://twitter.com/enilon/status/1105174092544688131 Expert Comment below: Chris Olson, CEO at The Media Trust: “For years, the internet has enabled organizations to conduct surveillance on unwary consumers. This practice is now being upended by GDPR, the California Consumer Privacy Act (CCPA) and similar laws being passed around the world. To demonstrate their seriousness about protecting consumer privacy, GDPR regulators are closing the loopholes on obtaining site visitors’ consent for collecting their behavioral and personal data. And they are…
Samsung could no longer offer the sophisticated recognition system based on face and iris scan the company is working for the last few years as officially confirmed last month. Instead, the company is offering more basic face unlock functionality on its new Samsung’s Galaxy 10 offering which has been found to be very easy to bypass. https://twitter.com/MathesonStep/status/1104467645909221376 Expert Comments below: Cary Gibbs, Regional Director of EMEA channels at Tripwire: “Vendors and manufacturers have a responsibility towards private individuals who purchase their products. People who aren’t necessarily as versed in the technical details of the features their device offers may unknowingly…
Dozens of companies inadvertently leaking sensitive corporate and customer data because of misconfiguration of their Box enterprise storage accounts. The discoveries were made by researches at Adversis which found major companies left their data exposed without knowing. The default configuration in Box enterprise account is private but can be made public with a single link and these secret links can easily be discovered. Adversis found more than 90 companies with publicly accessible folders. Expert Comments Juliette Rizkallah, CMO at SailPoint: “Today’s business users have a myriad of applications that they can work from to get their jobs done – whether that’s…