Cybersecurity News: MacOS malware and University Hospital data leak

The Latest in Cybersecurity September 17th, 2020:

1. Panther Labs $15 million funding

The cybersecurity company announced that it received $15 million in funding to help the development of its security platform. Many cybersecurity companies have struggled with monitoring all types of activities across platforms and Panther Labs has provided an open solution for the engineers working at cloud services and platforms. Launched in 2018 by Airbnb alumni Jack Naglieri, Panther Labs has been working on key functions related to security such as the open source project which is now used by many companies such as Netflix. With this new funding, Panther plans on investing into security and engineering in order to make its platform more efficient.

2. New MacOS malware

A new MacOS virus has been discovered called the ZShlayer and it was able to slip past antivirus security systems. This malware is a variant of the Shlayer macOS virus which contains malicious adware that has previously been used to infected devices with over 1000 domains. Most notably, the malware was delivered through Adobe Flash Player this past june. The reason why it was able to slip past Apple’s security is due to the fact it uses an Apply application bundle thus its ability to get past the notarization check. This infection is more proof that hackers are creating more dangerous malware to attack devices and businesses should be performing analysis more often in order to find malware such as this.

3. University Hospital New Jersey massive data leak

Over 48,000 documents were leaked after a ransomware hit the University Hospital. The SunCrypt ransomware allegedly stole over 250gb worth of data that was stored online and they leaked a 2 gigabyte archive that contains highly sensitive documents. The news site BleepingComputer reported that employees of the hospital were hit with a TrickBot trojan virus prior to the attack thus compromising the entire network to the eventual attack.

Cybersecurity Trending: ‘Millions of voter data leaked by Biden campaign app’

The Latest in Cybersecurity September 15th, 2020:

Here’s the latest you might want to know: New updates released for Adobe Media Encoder, TikTok Android, and Biden Campaign app.

1. New Adobe Media Encoder update

Today, Adobe released a new security patch for the Adobe Media Encoder. It fixes three issues which could allow user sensitive information to be accessed by attackers . The vulnerabilities fixed had a priority level of 3 meaning they aren’t currently being exploited but should still be updated and resolved. All users are instructed to update their applications as soon as they can to prevent any sort of attempted attack.

 

2. TikTok fixes Android flaws

In recent days, researchers found highly severe flaws on the android version of TikTok that could potentially have been exploited by hackers. This find comes after Oracle reportedly partnered with the App. If these flaws were exploited, the victims of the attack would have their private data possibly taken. This type of news isn’t exactly new for TikTok in that past year the application has had multiple security issues most relating to those which can make user data public. In August it was reported that millions of android users were having their data collected by the app without authorization.

 

3. Millions of voter data leaked by Biden campaign app

A bug found in Joe Biden’s campaign app allows anyone to access millions of files from American citizens. The application is used to promote and allow users to show their support by telling others to vote. Most of the info is already available to users but the bug made it easier to allow anyone to use the information to possibly exploit it. The Biden campaign were made aware of this flaw quickly and released a security update. The campaign has stated user data is now secure and there is no longer a way user data can be exploited.

Cybersecurity News: Staples Data Breach, Magento Store Hacking

The Latest in Cybersecurity September 14:

1. Staples Data Breach

The office supply retailer informed its customers that some of their data might’ve been accessed. Staples has said that only a limited number of orders were accessed for Staples.com, so there is a chance that canadian will not be affected by this issue. The data accessed is being classified as non-sensitive meaning full payment data was not taken but the name and addresses could’ve been. Customers are being advised to keep checking their emails for any sort of fraudulent emails.

2. Artech ransomware attack

The IT staffing firm has sent out notices this week stating that personal info might’ve been copied back in January after a ransomware attack. Around 337 megabytes of data was stolen from the company’s servers but it is not known if that data was of employees or those who were job searching. Artech after a six month investigation determined that highly sensitive data such as SSN and driver’s license numbers were among the exposed. Those who are notified by Artech should stay alert and watch their bank accounts and emails for possible fraud.

3. Magento stores hacking

Magento is a very popular platform that allows the creation of online stores for websites in order to sell products and use credit card information. Due to this, hackers often try to install malware scripts that can steal that data. Over 2000 online sites by magento were hacked but it is not known how these hacking are occurring. Hackers also recently started selling exploits for magento sites for absurd amounts of money but only 10 sales were made for the exploit. All Magento users are advised to upgrade to Magento 2 in order to better protect themselves

Cybersecurity Trending: Changes to Zoom, Gaming Data Leak

The Latest in Cybersecurity for September 11th, 2020.

The Daily Round Up- Zoom launches new security improvement, another major school district hit with attack, and Razer leaks 100k customers data.

1. Zoom Two-Factor Verification

Zoom announced today that it would be making Two-Factor Verification available to all users. In recent months, Zoom has seen an increased number of users due to the COVID-19 pandemic as many people are continuing to work from their homes. This announcement is another major improvement from the platform as researchers are constantly finding new ways that attackers can exploit.

2. Fairfax County Public Schools hit with ransomware.

The cyberattacks on public schools continue as the threat group MAZE claims that it sent out a ransomware attack on one of the largest school boards in the US. If this claim is proven to be true, this is the second time the school district has had a technology incident as back in April the school boards failed to deliver remote learning capabilities.

3. Razer Gaming Data Leak

Researchers came across a misconfigured cluster of data that potentially exposed sensitive customer information to the general public. The exact number of affected customers is yet to be determined but the estimate is around 100,000. Security Consultant Bob Diachenko says he discovered the issue on August 18 and contacted Razer but it took almost 3 weeks for the data to be secured and out of reach for attackers. Razer customers are advised to look out for any sort of phishing in their emails and phones.

More schools under attack: top cybersecurity news

Here’s the latest you have to know in cybersecurity:

Hartford schools under attack and September patch updates are now released for Microsoft and Android. Read more below.

 

1. September 2020 Microsoft Patch Released

This month’s security updates were released by microsoft and it patched 129 flaws and vulnerabilities in the security system. Out of the 129 vulnerabilities, 32 of them were labelled as “remote code issues”, thus meaning a hacker could exploit the flaw through a network. Another 20 issues were labelled as “critical”, which are the important issues as they have the highest severity.

2. September 2020 Android Patch Released

Android’s new security patch update fixed 22 issues while addressing two major flaws in the system. The most important vulnerabilities in this patch were those that affect the Media framework as the issue was classified as critical. This patch comes after last month’s update fixed twice as many issues.

3. Hartford Public Schools Delayed Due To Ransomware

Hartford, Connecticut schools were forced to be delayed after network systems were taken down including the bus transportation database. This delay comes after mayor Luke Bronin stated that cybercriminals got access to the city’s online systems last week and deployed over 200 ransomware attacks into servers. School officials have stated that no personal information was taken and the database for transportation is once again online.

Cybersecurity News: Warner Music Hacked, T-Mobile to provide free internet

1. PIN Verification Bypass for VISA

In modern times, all contactless payments are used with VISA, researchers have found a flaw in which the PIN for the VISA can be completely bypassed by hackers. Researchers used a setup to exploit the vulnerability and found that PIN verification wasn’t needed because the terminal believes it is already verified by the customer.

Another Flaw was also found for VISA and older Mastercards. Researchers found that attackers alter the Application Cryptogram before the payment is completed. Since Offline transactions aren’t connected to a network, there is at least a 24 hour delay before the bank confirms your transaction. Attackers can use this delay in order to make purchases before the bank sees that the card was declined.

2. T-Mobile to provide Free Internet to 10 Million Students.

T-Mobile has said it has a plan to provide millions of households free internet. The pandemic has made remote learning the new normal. The name of this new initiative is Project 10Million as T-Mobile will be offering students 100GB of data and a free wifi hotspot for the next 5 years.

3. Warner Music Hack

Warner Music is known for being one of the biggest recording companies in the world but even they have some not so great moments. The company admitted that they had several of their websites hacked and customers card information, names, and addresses could’ve been copied.

Users who paid through PayPal will remain unaffected but should still watch out for any unknown transactions.

Google Play Store and Outlook under attack: Cybersecurity hits

Latest cybersecurity news on some of the biggest companies: Google, Facebook, and Outlook. Malwares, attacks, threats—the never ending list of cybersecurity issues are faced by big names too. Nobody is safe online.

1. Google Play Store apps infected with Malware

Pradeo Researchers found six apps on the Google Play Store that were infected with a trojan malware which has been named “joker”. All of these applications appear to be completely harmless when first installed but the malware will start to conduct billing fraud by spamming SMS messages or using the account to make transactions.

The following is a list of the applications infected with this malware:

● Fingertip GameBox

● Emoji Wallpaper

● Safety AppLock

● Convenient Scanner 2

● Separate Doc Scanner

● Push Message-Texting & SMS

All together these applications amassed over 200,000 installations.

This isn’t the first time a “Joker” malware has found its way into the Play Store, on two other occasions this year a malware was found to be uploaded onto apps that seemed to be safe. This year alone, just over 17,000 apps were removed by Google due to this malicious trojan.

 

2. Facebook to launch new WhatsApp website

The widely used and popular application, WhatsApp revealed six previously unknown issues that were fixed quickly. WhatsApp has more than 2 billion users worldwide and is a popular target for hackers, who will constantly try to find vulnerabilities to expose.

Facebook will be launching a new website which will list all the vulnerabilities have been found and fixed in WhatsApp, this change comes after an incident last year with an alleged issue where a spyware group used a vulnerability to infect devices.

Facebook has stated that the bugs that are listed are those that have been patched, and it should be used as a reminder to update their apps in order to prevent bugs in the platform.

 

3. Attackers are stealing Credentials through Outlook

Microsoft Outlook has been under attack in recent days as a phishing campaign uses a screen overlay to make users interact. This was discovered after emails that looked similar to that of the support team for Outlook were used to phish users into clicking onto a link embedded.

The email claimed that the company had sent important messages into a “quarantine” inbox. The link in the email is made to seem like it is legitimate as an overlay with credential request is added to the login page, thus providing the hacker with the personal info.

‘Cybercrimes cost businesses $25 a minute’: Cybersecurity News

Read the daily round-up of cybersecurity news below:

1. Cybercrime will cost businesses an absurd amount by next year

Cybercrimes are a major issue and threat to businesses, therefore millions of dollars are spent per minute just trying to tackle these issues. Over the last 5 years the cost of fighting this major problem has risen exponentially and by next year it will have doubled the cost per minute from 2015.

Researchers revealed that cybercrimes cost businesses $25 a minute, and by 2021 the global cost per minute will surpass $11 million.

2. Google increases its Bug Bounty

In 2018, Google added product abuse to its Vulnerability Reward Program and has stated it has found over 700 issues. Due to the success of this change, Google increased the payout from $5000 to just over $13,300 but that’s not all, google has also announced it will pay up to $5000 to those who find high risk security issues.

Google also states that the main focus of this research is to protect its users more than its products while also preventing any form of fraud.

Read more blog posts here.

Apple and Fritzfrog Malware: Cybersecurity News

Your daily cybersecurity news round-up:

1. FritzFrog Malware

FritzFrog is a form of peer-to-peer malware that has just been discovered and it has been found in a variety of networks this year. FritzFrog is fileless and operates decentralized.

Most Malware use existing sources or past patterns, but with FritzFrog it is more unique as it contains data about new targets. Since the first samples were noted, there have been at least 20 different malware versions. Since there is no centralized server to spread the malware, a peer-to-peer network is used and thus gives the malware a more spread out distribution.

2. Apple unknowingly approves malware to run on Mac devices

Apple is known for having very strict rules preventing malware and protecting its users, but even companies like Apple can have a bad day. Apple uses a process called “notarization” which scans apps for security breach issues and malware, if an app is approved the application is allowed to run.

Researchers have now stated that a Mac approved malware has been discovered disguised as Adobe Flash installer. Peter Dantini working alongside Mac security researcher Patrick Wardle discovered the malware and reached out, Apple immediately removed the app thus preventing future operation.

3. Future of Cybersecurity Careers

In recent days businesses are starting to reopen and are taking big leaps in the direction of automation in order to save money. The security industry has had a shortage for year and COVID-19 hasn’t made it any better but it has given employers the chance to reinvent their companies for the future.

Many assume that automation will erase the need for human assistance but that is far from the truth, in fact companies will be needing more individuals to look after the automation and its programming. If networks are advance enough to run themselves, major companies will be looking to hire people with experience with analytics and algorithms thus creating more job opportunities.

Got cybersecurity news/tips? Send us an email sales@tcsforensics.ca

Latest Cybersecurity News: RBC Bank Cybersquatting

A quick round-up of the top cybersecurity news for September 1, 2020. Check it out below:

1. Royal Bank of Canada among top companies in cybersquatting

Palo Alto Networks released a report this morning, detailing the use of mimicking websites for cyber crimes. In a survey conducted last december, RBC was named the 3rd most mimicked website only behind Paypal and Apple and having the slight edge over Netflix.

Cybersquatting uses very similar domain names in order to trick viewers into clicking onto a link sent by a text or an email. These sites are often used for different criminal activities including sending malware to viewer devices.

 

2. Scammers requested gift cards in two-thirds of business email compromise attacks

Anti-Phishing Working Group(APWG) member Agari looked at thousands of attacks that have taken place in 2020 and it was determined that around 66% of those incidents involved the demand of funds through the use of gift cards. In relation, 18% of the attacks were related to bank transfers and another 16% was payroll diversions.

The money requested was found to be an average of $1213, this is $240 lower from Q1 2020, APWG has stated it feels that scam attempts around this value have a chance of success, because approval is relatively easy and the amount is low enough to slip by some major companies’ controls.

This report was released just a year after the Federal Bureau of Investigation revealed $26 billion in losses over a three-year period due to BEC scams.

 

Canada’s Healthcare System and Cybersecurity: Impact Due to COVID-19

What is Phishing, Types of Attacks, and How to Deal with them

Read more blog posts here.