CISA alerts of phishing attack targeting SBA loan relief accounts

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released an alert about phishing attacks targeting various government organizations to steal logins for the Small Business Administration COVID-19 loan relief accounts.

In a newer phishing attack that started in August, security researchers saw the threat actor using convincing tricks to fool potential victims into providing personal and financial information

 

Some Countermeasures:

Checking the source of the message for the sender address will reveal the real one. Simply comparing it with the legitimate email will show the fraud attempt.

Paying attention to the URL in the address bar should also ensure that you don’t fall for a trick and are on the genuine page.

CISA recommends organizations include warning banners for messages from an external source. Even if the message bypasses email defenses, users may act with more caution.

Source: CISA alerts of phishing attack targeting SBA loan relief accounts



Phishing Scam

Download a Security Risk Assessment Steps paper!

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Leave a Comment

Bracing for election day, Facebook rolls out voting resources to US users

Eager to avoid a repeat of its disastrous role as a super-spreader of misinformation during the 2016 election cycle, Facebook is getting its ducks in a row. Following an announcement earlier this summer, the company is now launching a voting information hub that will centralize election resources for U.S. users and ideally inoculate at least […]

The voting information center will appear in the menu on both Facebook and Instagram. As part of the same effort, Facebook will also target U.S. users with notifications based on location and age, displaying relevant information about voting in their state. The info center will help users check their state-specific vote-by-mail options, request mail-in ballots and provide voting-related deadlines.

Along with other facets of its pre-election push, Facebook will roll previously-announced “voting alerts,” a feature that will allow state election officials to communicate election-related updates to users through the platform. “This will be increasingly critical as we get closer to the election, with potential late-breaking changes to the voting process that could impact voters,”

Source: Bracing for election day, Facebook rolls out voting resources to US users



Election Security by U.S. Election Assistance Commission








Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Leave a Comment

If you haven’t yet patched this critical hole in SAP NetWeaver Application Server, today is not your day

Full details of security vuln plus proof-of-concept exploits revealed

This critical-severity bug – scoring 9.9 out of 10 on the CVSS v3 meter – can be exploited by a rogue authenticated user, or someone whose access has been hijacked, to inject arbitrary code into an application server. This means they can run malicious commands they shouldn’t be able to on the server, download sensitive information, or crash the installation.

“In consequence, an attacker can break out of the desired syntactic instructions. Injecting ABAP code in the VALUE field allows the attacker to manipulate the source code of the generated subroutine pool and thereby the execution logic of the entire module. Since the attacker can freely choose the characters that can be used in this field, arbitrary ABAP code can be injected.

“To exploit this behavior an attacker can supply special characters like ‘ and . to escape the string quotation that is built into the source code. Afterwards, an attacker can simply specify any semantically valid ABAP code that gets executed by the application server.”

Source: If you haven’t yet patched this critical hole in SAP NetWeaver Application Server, today is not your day

 

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Leave a Comment

WSJ News Exclusive | TikTok Tracked User Data Using Tactic Banned by Google

TikTok skirted a privacy safeguard in Google’s Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found.

The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasn’t disclosed to TikTok users. TikTok ended the practice in November, the Journal’s testing showed.

The identifiers collected by TikTok, called MAC addresses, are most commonly used for advertising purposes. The White House has said it is worried that users’ data could be obtained by the Chinese government and used to build detailed dossiers on individuals for blackmail or espionage.

Source: WSJ News Exclusive | TikTok Tracked User Data Using Tactic Banned by Google
Cyber Espionage



Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

 

Leave a Comment

Hacked government, college sites push malware via fake hacking tools

A large scale hacking campaign is targeting governments and university websites to host articles on hacking social network accounts that lead to malware and scams.

Some of the sites targeted in this campaign belong to government sites for San Diego, Colorado, Minnesota, as well as sites for UNESCO, the National Institutes of Health (nih.gov), National Cancer Institute (cancer.gov), Rutgers, University of Washington, Arizona State University, Rochester Institute of Technology, University of Iowa, Maryland University, and University of Michigan,

From the samples observed by BleepingComputer, the threat actors exploit vulnerabilities in CMS platforms to insert their own hosted articles. One of the common methods we saw was to exploit Drupal’s Webform component to upload PDFs with links to the fake hacking tools.

Source: Hacked government, college sites push malware via fake hacking tools

 

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

 

Leave a Comment

Small and medium‑sized businesses: Big targets for ransomware attacks

Why are small and medium-sized businesses a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion?

According to a recent report by the Ponemon Institute, the biggest challenge faced by SMBs is a shortage of personnel to deal with cyber-risks, attacks, and vulnerabilities, while the second greatest problem revolves around limited budgets. The third biggest challenge is that the firms may lack an understanding of how to protect against cyberattacks.

According to Datto’s report, ransomware is at the top of the list of the malware threats that SMBs face, with one in five reporting that they had fallen victim to a ransomware attack. The average ransom requested by threat actors is about US$5,900. However, that is not the final price tag; the cost of downtime is 23 times greater than the ransom requested in 2019, coming in at US$141,000 and representing an increase of over 200% from 2018 to 2019.

“Funding cybercriminals also funds larger cyberattacks, so it must be reiterated that paying won’t always get make the issue go away,” says ESET cybersecurity specialist Jake Moore.

The key, then, is prevention, and it includes these basic measures:

  • All employees should undergo regular training so as to be up-to-date on cybersecurity best practices. This can go a long way in lowering the chances of them clicking on potentially hazardous links in their emails that could be laced with ransomware or plugging in unknown USB devices that could be loaded with malware.
  • You should always keep your operating systems and other software updated to the newest version available and, whenever a patch is released, apply it.
  • Always plan for the worst and hope for the best, so have a business continuity plan at the ready in case disaster strikes. It should include a data backup and maybe even a backup infrastructure you can use while you try to restore your locked systems.
  • Backups are essential for everyone, be it individuals or huge enterprises. Back up your business-critical data regularly and test those backups frequently to see if they are functioning correctly, so that they don’t leave you in a bind if you’re hit. At least the most valuable data should also be stored off-line.
  • Reduce the attack surface by disabling or uninstalling any unnecessary software or services. Notably, as remote access services are often the primary vector for many ransomware attacks, you would be well advised to disable internet-facing RDP entirely or at least limit the number of people allowed remote access to the firm’s servers over the internet.
  • Never underestimate the value of a reputable, multilayered security solution. Besides your employees, it is your first line of defense that you should have up and running to protect you against all manner of threats, not ‘just’ ransomware attacks. Also, make sure the product is patched and up-to-date.

Source: Small and medium‑sized businesses: Big targets for ransomware attacks | WeLiveSecurity

 
Guide to Protecting and Recovering from Ransomware Attacks

How phishing attacks have exploited the US Small Business Administration

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

 

Leave a Comment

So you’ve decided you want to write a Windows rootkit. Good thing this chap’s just demystified it in a talk

Demirkapi shows how drivers can be misused for deep pwnage

DEF CON Writing a successful Windows rootkit is easier than you would think. All you need is do is learn assembly and C/C++ programming, plus exploit development, reverse engineering, and Windows internals, and then find and abuse a buggy driver, and inject and install your rootkit, and bam. Happy days.

Alternatively, write your own malicious driver, sign it with a stolen or leaked certificate or your own paid-for cert so that Windows trusts it, and load it.

This is according to undergraduate bug-hunter Bill Demirkapi in a talk he gave at the now-virtual DEF CON hacking conference, which you can watch below. He told the web audience on Thursday many common Windows drivers provide the conduit rootkit writers need to compromise PCs at a level most antivirus can’t or won’t reach.

A rootkit is a type of malware that, once it has gained all-controlling kernel-level access on a machine, modifies the system to ensure it retains that power while remaining out of sight of users, and ideally the operating system and any installed antivirus. Thus any subsequent malicious code launched by the rootkit inherits its high privileges, allowing it to snoop on the PC, steal passwords, and so on.

The trick to pulling this off is gaining code execution at an administrator or kernel level – and leveraging that to hook into the OS and stay out of sight. One way of doing this is by exploiting security flaws in drivers that wind up granting normal applications that level of access, or by exploiting the dozens of elevation-of-privilege flaws Microsoft patches every month in its software.

“There are a lot of publicly available vulnerable drivers out there,” said Demirkapi, “and with some reversing knowledge, finding your own zero-day [vulnerability] in one of these drivers can be trivial.”

Demirkapi gave the infamous Capcom driver as an example of insecure kernel-level software that can be tricked into granting any application-level code complete control over a machine. Some of these buggy driver APIs require administrator privileges to exploit, though. The holy grail is one that grants, on x86 machines, unprivileged ring-3 code unhindered ring-0 code execution.

Another way into the kernel is to write your own malicious driver, sign it with a stolen or leaked code-signing certificate or a paid-for one, and load it. Antivirus tools pretty much leave kernel drivers alone and focus on application-level software, and the operating system is rather lax in checking certs are legit. If you use a certificate you’ve paid for, the rootkit can be traced back to you, if or when it’s discovered.

Using a signed malicious driver is a more stable route into the heart of Windows, as exploiting vulnerable drivers requires tailoring your exploit code for particular versions and conditions.

However you manage it, from there it’s just a matter of opening a stealthy connection to a remote command’n’control server and phoning home for instructions, if necessary, while blending in with the noise on the system and hooking into the OS to intercept operations, such as file access. The rootkit should also ensure it runs all the time so that it doesn’t lose control of the box, and blocks attempts by security tools to uncover it.

It’s not impossible for antivirus to detect these sorts of rootkits, we’re told, though it will involve monitoring all the points where the the malware can insert its tentacles into the operating system. “It’s going to be pretty expensive, because an antivirus would need to replicate our hooking procedure,” the Trend Micro driver botherer said.

Source: So you’ve decided you want to write a Windows rootkit. Good thing this chap’s just demystified it in a talk

Leave a Comment

Hackers abuse lookalike domains and favicons for credit card theft

Hackers are abusing a new technique: combining homoglyph domains with favicons to conduct credit card skimming attacks.

Source: Hackers abuse lookalike domains and favicons for credit card theft



Credit Card Scammers on the Dark Web




Preventing Credit Card Fraud: A Complete Guide for Everyone from Merchants to Consumers




PCI Compliance

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum.

Source: Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Leave a Comment

Reading the 2020 Cost of a Data Breach Report ….

2020 Cost of a Data Breach Report: the global total cost of a data breach averaged $3.86 million in 2020, down about 1.5% from the 2019 study.

Source: Reading the 2020 Cost of a Data Breach Report ….

 

 
Top Takeaways from the Verizon Data Breach Investigations Report




Explore Data Security Controls

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event

More than 130 security researchers and developers are ready to showcase their work.

Source: 11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event



Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface






Explore InfoSec Hacking

Download a Security Risk Assessment Steps paper!


Leave a Comment

Twitter says a spear phishing attack led to the huge bitcoin scam

Twitter shared an update in a blog post and tweets Thursday night.

Source: Twitter says a spear phishing attack led to the huge bitcoin scam



Twitter Says It Knows How Hackers Gained Access


What is spear phishing?



Phishing Scams

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

EU, in first-ever cyber sanctions, hits Russian intelligence

The European Union on Thursday slapped sanctions on six people and three organizations, including Russia’s military intelligence agency, accusing them of responsibility for several cyber-attacks that threatened EU interests.

EU headquarters said in a statement that those targeted include people considered to be involved in the 2017 “WannaCry” ransomware attack, the “NotPetya” strike that notably caused havoc in Ukraine, and the “Operation Cloud Hopper” hacking campaign.

The sanctions are the first that the EU has ever imposed for cyber-attacks.

Source: EU, in first-ever cyber sanctions, hits Russian intelligence



The EU imposes cyber sanctions




Cyber Enhanced Sanction Strategies: Do Options Exist?




Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Hacker leaks 386 million user records from 18 companies for free

A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches.

Source: Hacker leaks 386 million user records from 18 companies for free

Leave a Comment

Rite Aid deployed facial recognition system in hundreds of U.S. stores

Rite Aid used facial recognition in largely lower-income, non-white neighborhoods. The systems included one from a firm with links to China and its government

Source: Rite Aid deployed facial recognition system in hundreds of U.S. stores



Rite Aid facial recognition rollout faces trouble




Cyber Espionage

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Facebook’s ‘Red Team’ Hacks Its Own AI Programs

Attackers increasingly try to confuse and bypass machine-learning systems. So the companies that deploy them are getting creative.

Source: Facebook’s ‘Red Team’ Hacks Its Own AI Programs

Leave a Comment

Information security, cybersecurity and privacy protection

Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of privacy information management systems according to ISO/IEC 27701 in combination with ISO/IEC 27001 (DRAFT) 

Within a year or so, organisations will be able to have their Privacy Information Management Systems certified compliant with ISO/IEC 27701, thanks to a new accreditation standard ISO/IEC TS 27006 part 2, currently in draft.

Source: ISO/IEC TS 27006-2 — Information security, cybersecurity and privacy protection

“Potentially, a PIMS certificate may become the generally-accepted means of demonstrating an organisation’s due care over privacy and personal data protection – a way to assure data subjects, business partners, the authorities and courts that they have, in fact, adopted good privacy practices.”

ISO/IEC 27006 | Wikipedia audio article



ISO/IEC 27701 2019 Standard and Toolkit

ISO 27001 self assessment Tools

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Instacart Customers’ Personal Info Is Being Sold Online

Names, credit card data, addresses, and information on transactions as recent as yesterday are being sold online.

As of Wednesday, sellers in two dark web stores were offering information from what appeared to be 278,531 accounts, although some of those may be duplicates or not genuine. As of April, Instacart had “millions of customers across the US and Canada,” according to a company spokesperson.

Source: Instacart Customers’ Personal Info Is Being Sold Online



Personal info of 200K+ Instacart users being sold on the dark web; Instacart says it wasn’t breached







PCI DSS – Data Security Standard

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Apple starts giving ‘hacker-friendly’ iPhones to top bug hunters

These special ‘research’ iPhones will come with specific, custom-built iOS software with features that ordinary iPhones don’t have. Starting today, the company will start loaning these special research iPhones to skilled and vetted researchers that meet the program’s eligibility.

Source: Apple starts giving ‘hacker-friendly’ iPhones to top bug hunters



Apple Offering $1 Million Bounty If Someone Can Hack iOS




Bittium Encrypted Tough Mobile 2 Ultra Security



Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Black Hat USA Announces New Community Programs to Address the Needs of Information Security Professionals

Programs will address diversity and inclusion, mental health and career education.

“The technical content that is presented on the Black Hat stage each year is an important contribution to the industry, but we’ve found that more sensitive topics such as mental health and diversity within the information security community are often not highlighted enough,” said Steve Wylie, Black Hat General Manager.

Source: Black Hat USA Announces New Community Programs to Address the Needs of Information Security Professionals



Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment