Hacked government, college sites push malware via fake hacking tools

A large scale hacking campaign is targeting governments and university websites to host articles on hacking social network accounts that lead to malware and scams.

Some of the sites targeted in this campaign belong to government sites for San Diego, Colorado, Minnesota, as well as sites for UNESCO, the National Institutes of Health (nih.gov), National Cancer Institute (cancer.gov), Rutgers, University of Washington, Arizona State University, Rochester Institute of Technology, University of Iowa, Maryland University, and University of Michigan,

From the samples observed by BleepingComputer, the threat actors exploit vulnerabilities in CMS platforms to insert their own hosted articles. One of the common methods we saw was to exploit Drupal’s Webform component to upload PDFs with links to the fake hacking tools.

Source: Hacked government, college sites push malware via fake hacking tools

 

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

 

Leave a Comment

Small and medium‑sized businesses: Big targets for ransomware attacks

Why are small and medium-sized businesses a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion?

According to a recent report by the Ponemon Institute, the biggest challenge faced by SMBs is a shortage of personnel to deal with cyber-risks, attacks, and vulnerabilities, while the second greatest problem revolves around limited budgets. The third biggest challenge is that the firms may lack an understanding of how to protect against cyberattacks.

According to Datto’s report, ransomware is at the top of the list of the malware threats that SMBs face, with one in five reporting that they had fallen victim to a ransomware attack. The average ransom requested by threat actors is about US$5,900. However, that is not the final price tag; the cost of downtime is 23 times greater than the ransom requested in 2019, coming in at US$141,000 and representing an increase of over 200% from 2018 to 2019.

“Funding cybercriminals also funds larger cyberattacks, so it must be reiterated that paying won’t always get make the issue go away,” says ESET cybersecurity specialist Jake Moore.

The key, then, is prevention, and it includes these basic measures:

  • All employees should undergo regular training so as to be up-to-date on cybersecurity best practices. This can go a long way in lowering the chances of them clicking on potentially hazardous links in their emails that could be laced with ransomware or plugging in unknown USB devices that could be loaded with malware.
  • You should always keep your operating systems and other software updated to the newest version available and, whenever a patch is released, apply it.
  • Always plan for the worst and hope for the best, so have a business continuity plan at the ready in case disaster strikes. It should include a data backup and maybe even a backup infrastructure you can use while you try to restore your locked systems.
  • Backups are essential for everyone, be it individuals or huge enterprises. Back up your business-critical data regularly and test those backups frequently to see if they are functioning correctly, so that they don’t leave you in a bind if you’re hit. At least the most valuable data should also be stored off-line.
  • Reduce the attack surface by disabling or uninstalling any unnecessary software or services. Notably, as remote access services are often the primary vector for many ransomware attacks, you would be well advised to disable internet-facing RDP entirely or at least limit the number of people allowed remote access to the firm’s servers over the internet.
  • Never underestimate the value of a reputable, multilayered security solution. Besides your employees, it is your first line of defense that you should have up and running to protect you against all manner of threats, not ‘just’ ransomware attacks. Also, make sure the product is patched and up-to-date.

Source: Small and medium‑sized businesses: Big targets for ransomware attacks | WeLiveSecurity

 
Guide to Protecting and Recovering from Ransomware Attacks

How phishing attacks have exploited the US Small Business Administration

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

 

Leave a Comment

So you’ve decided you want to write a Windows rootkit. Good thing this chap’s just demystified it in a talk

Demirkapi shows how drivers can be misused for deep pwnage

DEF CON Writing a successful Windows rootkit is easier than you would think. All you need is do is learn assembly and C/C++ programming, plus exploit development, reverse engineering, and Windows internals, and then find and abuse a buggy driver, and inject and install your rootkit, and bam. Happy days.

Alternatively, write your own malicious driver, sign it with a stolen or leaked certificate or your own paid-for cert so that Windows trusts it, and load it.

This is according to undergraduate bug-hunter Bill Demirkapi in a talk he gave at the now-virtual DEF CON hacking conference, which you can watch below. He told the web audience on Thursday many common Windows drivers provide the conduit rootkit writers need to compromise PCs at a level most antivirus can’t or won’t reach.

A rootkit is a type of malware that, once it has gained all-controlling kernel-level access on a machine, modifies the system to ensure it retains that power while remaining out of sight of users, and ideally the operating system and any installed antivirus. Thus any subsequent malicious code launched by the rootkit inherits its high privileges, allowing it to snoop on the PC, steal passwords, and so on.

The trick to pulling this off is gaining code execution at an administrator or kernel level – and leveraging that to hook into the OS and stay out of sight. One way of doing this is by exploiting security flaws in drivers that wind up granting normal applications that level of access, or by exploiting the dozens of elevation-of-privilege flaws Microsoft patches every month in its software.

“There are a lot of publicly available vulnerable drivers out there,” said Demirkapi, “and with some reversing knowledge, finding your own zero-day [vulnerability] in one of these drivers can be trivial.”

Demirkapi gave the infamous Capcom driver as an example of insecure kernel-level software that can be tricked into granting any application-level code complete control over a machine. Some of these buggy driver APIs require administrator privileges to exploit, though. The holy grail is one that grants, on x86 machines, unprivileged ring-3 code unhindered ring-0 code execution.

Another way into the kernel is to write your own malicious driver, sign it with a stolen or leaked code-signing certificate or a paid-for one, and load it. Antivirus tools pretty much leave kernel drivers alone and focus on application-level software, and the operating system is rather lax in checking certs are legit. If you use a certificate you’ve paid for, the rootkit can be traced back to you, if or when it’s discovered.

Using a signed malicious driver is a more stable route into the heart of Windows, as exploiting vulnerable drivers requires tailoring your exploit code for particular versions and conditions.

However you manage it, from there it’s just a matter of opening a stealthy connection to a remote command’n’control server and phoning home for instructions, if necessary, while blending in with the noise on the system and hooking into the OS to intercept operations, such as file access. The rootkit should also ensure it runs all the time so that it doesn’t lose control of the box, and blocks attempts by security tools to uncover it.

It’s not impossible for antivirus to detect these sorts of rootkits, we’re told, though it will involve monitoring all the points where the the malware can insert its tentacles into the operating system. “It’s going to be pretty expensive, because an antivirus would need to replicate our hooking procedure,” the Trend Micro driver botherer said.

Source: So you’ve decided you want to write a Windows rootkit. Good thing this chap’s just demystified it in a talk

Leave a Comment

Hackers abuse lookalike domains and favicons for credit card theft

Hackers are abusing a new technique: combining homoglyph domains with favicons to conduct credit card skimming attacks.

Source: Hackers abuse lookalike domains and favicons for credit card theft



Credit Card Scammers on the Dark Web




Preventing Credit Card Fraud: A Complete Guide for Everyone from Merchants to Consumers




PCI Compliance

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum.

Source: Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Leave a Comment

Reading the 2020 Cost of a Data Breach Report ….

2020 Cost of a Data Breach Report: the global total cost of a data breach averaged $3.86 million in 2020, down about 1.5% from the 2019 study.

Source: Reading the 2020 Cost of a Data Breach Report ….

 

 
Top Takeaways from the Verizon Data Breach Investigations Report




Explore Data Security Controls

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event

More than 130 security researchers and developers are ready to showcase their work.

Source: 11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event



Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface






Explore InfoSec Hacking

Download a Security Risk Assessment Steps paper!


Leave a Comment

Twitter says a spear phishing attack led to the huge bitcoin scam

Twitter shared an update in a blog post and tweets Thursday night.

Source: Twitter says a spear phishing attack led to the huge bitcoin scam



Twitter Says It Knows How Hackers Gained Access


What is spear phishing?



Phishing Scams

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

EU, in first-ever cyber sanctions, hits Russian intelligence

The European Union on Thursday slapped sanctions on six people and three organizations, including Russia’s military intelligence agency, accusing them of responsibility for several cyber-attacks that threatened EU interests.

EU headquarters said in a statement that those targeted include people considered to be involved in the 2017 “WannaCry” ransomware attack, the “NotPetya” strike that notably caused havoc in Ukraine, and the “Operation Cloud Hopper” hacking campaign.

The sanctions are the first that the EU has ever imposed for cyber-attacks.

Source: EU, in first-ever cyber sanctions, hits Russian intelligence



The EU imposes cyber sanctions




Cyber Enhanced Sanction Strategies: Do Options Exist?




Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Hacker leaks 386 million user records from 18 companies for free

A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches.

Source: Hacker leaks 386 million user records from 18 companies for free

Leave a Comment

Rite Aid deployed facial recognition system in hundreds of U.S. stores

Rite Aid used facial recognition in largely lower-income, non-white neighborhoods. The systems included one from a firm with links to China and its government

Source: Rite Aid deployed facial recognition system in hundreds of U.S. stores



Rite Aid facial recognition rollout faces trouble




Cyber Espionage

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Facebook’s ‘Red Team’ Hacks Its Own AI Programs

Attackers increasingly try to confuse and bypass machine-learning systems. So the companies that deploy them are getting creative.

Source: Facebook’s ‘Red Team’ Hacks Its Own AI Programs

Leave a Comment

Information security, cybersecurity and privacy protection

Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of privacy information management systems according to ISO/IEC 27701 in combination with ISO/IEC 27001 (DRAFT) 

Within a year or so, organisations will be able to have their Privacy Information Management Systems certified compliant with ISO/IEC 27701, thanks to a new accreditation standard ISO/IEC TS 27006 part 2, currently in draft.

Source: ISO/IEC TS 27006-2 — Information security, cybersecurity and privacy protection

“Potentially, a PIMS certificate may become the generally-accepted means of demonstrating an organisation’s due care over privacy and personal data protection – a way to assure data subjects, business partners, the authorities and courts that they have, in fact, adopted good privacy practices.”

ISO/IEC 27006 | Wikipedia audio article



ISO/IEC 27701 2019 Standard and Toolkit

ISO 27001 self assessment Tools

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Instacart Customers’ Personal Info Is Being Sold Online

Names, credit card data, addresses, and information on transactions as recent as yesterday are being sold online.

As of Wednesday, sellers in two dark web stores were offering information from what appeared to be 278,531 accounts, although some of those may be duplicates or not genuine. As of April, Instacart had “millions of customers across the US and Canada,” according to a company spokesperson.

Source: Instacart Customers’ Personal Info Is Being Sold Online



Personal info of 200K+ Instacart users being sold on the dark web; Instacart says it wasn’t breached







PCI DSS – Data Security Standard

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Apple starts giving ‘hacker-friendly’ iPhones to top bug hunters

These special ‘research’ iPhones will come with specific, custom-built iOS software with features that ordinary iPhones don’t have. Starting today, the company will start loaning these special research iPhones to skilled and vetted researchers that meet the program’s eligibility.

Source: Apple starts giving ‘hacker-friendly’ iPhones to top bug hunters



Apple Offering $1 Million Bounty If Someone Can Hack iOS




Bittium Encrypted Tough Mobile 2 Ultra Security



Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Black Hat USA Announces New Community Programs to Address the Needs of Information Security Professionals

Programs will address diversity and inclusion, mental health and career education.

“The technical content that is presented on the Black Hat stage each year is an important contribution to the industry, but we’ve found that more sensitive topics such as mental health and diversity within the information security community are often not highlighted enough,” said Steve Wylie, Black Hat General Manager.

Source: Black Hat USA Announces New Community Programs to Address the Needs of Information Security Professionals



Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

Maybe it was the old Lionel Hutz play: ‘No-logging VPN? I meant, no! Logging VPN!’

Source: Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

 

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Twitter stepped up search to fill top security job ahead of hack

Search for a chief information security officer

Twitter Inc had stepped up its search for a chief information security officer in recent weeks, two people familiar with the effort told Reuters, before the breach of high-profile accounts on Wednesday raised alarms about the platform’s security. Twitter said hackers had targeted employees with access to its internal systems and “used this access to take control of many highly-visible (including verified) accounts.”

The second and third rounds of hijacked accounts tweeted out messages telling users to send bitcoin to a given address in order to get more back. Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency.

The U.S. House Intelligence Committee was in touch with Twitter regarding the hack, according to a committee official who did not wish to be named.

Source: Twitter stepped up search to fill top security job ahead of hack


Twitter says 130 accounts were targeted in hack



Explore latest CISO Titles at DISC InfoSec

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

You CAN Stop Stupid

You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions: Winkler Ira, Celaya Brown, Dr. Tracy

You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions [Winkler Ira, Celaya Brown, Dr. Tracy] You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions. The Twitter Hack and their “explanation” definitely showed why Ira’s next book with Tracy Celaya Brown is so critical. The fact an admin was “Social Engineered” should be expected with the results controlled.

Source: You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions: Winkler, Ira, Celaya Brown, Dr. Tracy



Twitter: High-profile hacks were part of a ‘Coordinated Social Engineering Attack’




Explore more on “Social Engineering”

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Comments (1)

Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

The list was shared by the operator of a DDoS booter service. the list was compiled by scanning the entire internet for devices that were exposing their Telnet? port (23). Telnet sends password as plain text. we are still using clear text protocols in 2020? The hacker then may try using factory default usernames and passwords, as well easy-to-guess password combinations.

Source: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices | ZDNet



How Do Passwords Get Stolen?








Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment