News Items

According to a new report published by the Identity Theft Resource Center (ITRC), the number of publicly reported data breaches in the United States in the first half of 2020 dropped by 33%. Breaches between January and June of this year impacted 164 million individuals. Attacks by external threat actors are the most common cause of data breaches and were responsible for 404 out of a total of 540 incidents reported in the first half of this year.

WeLiveSecurity reports: "Data Breach Reports Down by One-Third in First Half of 2020"

The data breach suffered by MGM Resorts International last year may have compromised more customer records than initially discovered. MGM originally confirmed that 10.6 million MGM customer records were found online, which included full names, addresses, phone numbers, dates of birth, and more. However, a hacker recently listed more than 142 million MGM hotel guest records for sale on a dark web website. The same hacker claimed to have stolen over 8,200 databases from DataViper's backend servers. This article continues to discuss the data breach faced by MGM Resorts in February, the alleged availability of 142 million MGM customer records on the dark web, and the importance of improving security practices for data in cloud systems.

SiliconANGLE reports "142M Alleged MGM Customer Records Found for Sale on the Dark Web"

A group of spoofed cryptocurrency trading apps is targeting macOS users. According to ESET researchers, these malicious apps are installing Gmera malware, which is capable of stealing user data and cryptocurrency wallets. Gmera malware can also grab screen shots. The malware is distributed via apps that spoof legitimate cryptocurrency trading apps developed by Kattana. This article continues to discuss the distribution, targets, and capabilities of the malicious apps and the Gmera malware hidden in them.

BankInfoSecurity reports "Malicious Cryptocurrency Trading Apps Target MacOS Users"

Researchers at Armorblox have discovered a pair of phishing campaigns with hackers trying to impersonate as Amazon. One campaign is a credential-phishing attempt, and the adversaries act as if an Amazon delivery had failed. The email comes from a third-party vendor email, which was domain-spoofed. The email informs the victim that their order will be canceled if they do not update their payment details within three days. The email includes a link to "update Amazon billing information." If the victim clicks on the link, it leads the victim to a full-fledged Amazon lookalike site with a phishing flow that aims to steal login credentials, billing address information, and credit card details. Once the phish is complete, victims are redirected to the real Amazon home page.

Threatpost reports: "Amazon-Themed Phishing Campaigns Swim Past Security Checks"

A new method to identify deepfake images has been developed by a team of researchers from the Horst Gortz Institute for IT Security at Ruhr-Universitat Bochum and the Cluster of Excellence "Cyber Security in the Age of Large-Scale Adversaries" (CASA). Deepfake images are fake, realistic-looking images generated using computer models, called Generative Adversarial Networks (GANs). Deepfakes can be used to spread disinformation and make social engineering attacks more effective. The new approach proposed by the team to efficiently identify deepfake images involves the analysis of the objects in the frequency domain, which is an established signal processing technique. Frequency analysis has revealed that images generated by GANs display artefacts in the high-frequency range. According to the researchers, the artefacts described in their study can help determine whether an image was created by machine learning algorithms. Researchers must continue to study the creation and identification of deepfakes to help combat deepfake attacks. This article discusses the technique used to advance deepfake images and the new method developed to recognize fake images using frequency analysis.

Homeland Security News Wire reports "Using Frequency Analysis to Recognize Fake Images"

Check Point researchers discovered another security hole in Zoom that has now been patched. The exploitation of this vulnerability could have allowed attackers to impersonate legitimate business accounts in order to trick users into giving up their Zoom credentials, as well as gather sensitive data and distribute malware. According to the researchers, the flaw was contained by Zoom's Vanity URL feature, which enables the generation of custom links for meetings by business users. This article discusses where the new Zoom vulnerability was found and the malicious activities that hackers could have performed through its abuse.

TNW reports "Zoom Vulnerability Exposed Users to Fake Meeting Invites From Hackers"

U.S. colleges and universities continue to be targeted in ransomware attacks. In addition to implementing measures for protecting campus communities from the COVID-19 pandemic, college and university leaders must advance efforts to improve the protection of their computer networks and data from ransomware. The education sector has become one of the most common targets of such attacks due to its weak cybersecurity measures, storage of highly sensitive information, dependence on outdated software, and more. Law enforcement agencies and cybersecurity professionals advise victims not to give into attackers' demands for ransom payments as it would motivate the execution of more ransomware attacks. However, ransomware criminals are becoming increasingly selective in that they are targeting those in possession of critical information. This article continues to discuss recent ransomware attacks against U.S. universities, why the education sector is an attractive target for cybercriminals, the decision to pay ransoms, and how universities could strengthen their digital security.

The Conversation reports "Ransomware Criminals Are Targeting U.S. Universities"

U.S., U.K., and Canadian government officials warn that the Russian government hacking group known as Cozy Bear or APT29 has been targeting coronavirus vaccine research. They have targeted organizations in all three countries. The hacking is aimed mostly at diplomatic, government, think-tank, healthcare, and energy organizations. The hacking group Cozy Bear has a long history of targeting the organization stated above for intelligence gain. The adversaries are using malware dubbed "WellMess" and "WellMail". The hackers are likely trying to steal credentials that would allow them to gain further access.

Cyberscoop reports: "Russian Government Hackers Targeting Coronavirus Vaccine Research, UK, US and Canada Warn"

According to research by Akamai, the number of credential stuffing attacks against media and video companies increased significantly. The company found that the media industry experienced 17 billion credential stuffing attacks between January 2018 and December 2019. Credential stuffing refers to the use of usernames and passwords gathered from data breaches to gain access to user accounts. The technique remains popular among hackers due to password sharing and reuses across different platforms. This article continues to discuss the contributing factors to credential stuffing attacks and the increase in such attacks against the media industry.

Infosecurity Magazine reports "Media and Video Companies Suffer Huge Increase in Cyber-Attacks"

Researchers in a study conducted in 2019 found that most companies allow mobile devices to access between 1/3 and 3/4 of their most business-critical information. The BYOD trend where people use their personal devices for work activities was on the rise in 2019. With the coronavirus making many more employees work remotely, mobile device access to business data is now the norm and not the exception. In 2019 Verizon found that 4 in 10 companies were breached through a mobile device.

Threatpost reports: "Most Companies Are Ignoring Your Most Vulnerable Endpoint...and It's Not the Laptop"

Microsoft is issuing a patch for a 17-year-old wormable Windows Domain Name System (DNS) Server vulnerability discovered by a researcher at Check Point. The exploitation of the DNS Server flaw would allow attackers to intercept users' emails and network traffic, interfere with services and steal users' credentials. According to Microsoft, the flaw impacts all Windows Server versions. The wormable flaw received a Common Vulnerability Scoring System (CVSS) score of 10. Wormable flaws pose a significant threat to security as their exploitation could pave the way for attacks to spread from one vulnerable machine to another without the need for interaction from users. Governments and private entities are encouraged to patch the vulnerability as its abuse could result in hackers gaining control of an entire organization. This article discusses the wormable Windows DNS Server flaw, what malicious activities can be performed by abusing this flaw, the potential impact of wormable vulnerabilities, and the increase in DNS-related hacking operations during the pandemic.

CyberScoop reports "Microsoft Issues Patch for Wormable Windows DNS Server Flaw"

A security researcher was able to extract audio and video from a used Axon body camera they purchased on eBay. The researcher extracted unencrypted data from the camera's microSD card using a forensics tool developed by the Air Force Office of Special Investigations, called Foremost. The video files within the unencrypted data show Huachuca military police performing activities such as searching a house and filling out paperwork. This article continues to discuss the discovery of unencrypted video on an Axon body camera from Fort Huachuca and other findings made by security researchers on the extraction of data from SD cards in used body cameras.

GCN reports "Security Researcher Finds Unencrypted Video on Bodycam From Fort Huachuca"

Deepfakes are fake images, audio recordings, or videos developed using Machine Learning (ML). The continued advancement of deepfakes will decrease the effectiveness of security systems that apply facial recognition technologies for authentication. Therefore, researchers have created an algorithm that generates an adversarial attack against facial manipulation systems to prevent deepfake videos and photos. The algorithm allows users to apply a protective filter to their images or videos before uploading them to the internet. Researchers must continue the development of sophisticated methods for disrupting deepfakes. This article continues to discuss recent advances in deepfake technology, the new algorithm created to prevent deepfakes, and the importance of developing more techniques to combat deepfakes.

NextGov reports "Filter Protects Against Deepfake Photos and Videos"

The developers of the infamous modular banking trojan, called TrickBot, have made a mistake that results in alerts to victims. Once infected, victims will receive a warning that brings attention to the malware's presence on their device and the need to contact their administrator. TrickBot malware is commonly distributed via phishing campaigns. It can steal OpenSSH keys, passwords, cookies, a domain's Active Directory Services database, and more. This article continues to discuss the test module mistakenly left by TrickBot's creators that warns those infected by the malware, what victims should do when they see this warning, and the banking trojan's traditional capabilities.

Bleeping Computer reports "TrickBot Malware Mistakenly Warns Victims That They Are Infected"

Healthcare organizations continue to face significant cybersecurity threats that could affect people's well-being and safety. Therefore, the medical device manufacturer, Becton, Dickinson and Company (BD), has enhanced its coordinated vulnerability disclosure process established to help in the identification, evaluation, and communication of problems to regulators and industry stakeholders. According to Dana-Megan Rossi, BD's director of information security threat and vulnerability management, the company works closely with security researchers to improve the protection of medical devices against cyberattacks. This article continues to discuss BD's collaboration with security researchers to address vulnerabilities in medical devices and other efforts to improve medical device cybersecurity.

GovInfoSecurity reports "Coordinating Disclosures of Medical Device Vulnerabilities"

USB storage devices are very convenient however, from a business security perspective, their highly accessible and portable nature makes them a complete nightmare. According to new research, the researchers found that due to COVID-19, there has been a 123 percent increase in the volume of data downloaded to USB storage devices by employees. Because of the sharp rise in the use of USB storage devices, hundreds of terabytes of potentially sensitive, unencrypted corporate data are floating around at any given time, significantly increasing the risk of severe data loss. The researchers suggest that organizations implement USB control and encryption to minimize the risk of a data breach substantially.

Help Net Security reports: "USB Storage Devices: Convenient Security Nightmares"

Findings from a survey report recently released by Sophos, titled "The State of Cloud Security 2020," suggested that 50% of multi-cloud organizations are more likely to suffer cloud security breaches than organizations using a single cloud environment. According to the report, most organizations that host data or workloads in the public cloud experienced ransomware attacks, account compromise, data theft, or cryptojacking last year. The report also highlights the rise in accidental database exposure due to misconfigurations. This article continues to discuss the increase in cloud security incidents and risks.

CISO MAG reports "7 in 10 Organizations Suffer Public Cloud Security Breach"

A new study conducted by the technology firm Honeywell emphasizes the dangers posed by USB devices to the security of operational technology (OT) systems. The study examined cybersecurity threat data collected from industrial facilities worldwide via Honeywell's Secure Media Exchange (SMX) technology. Findings from the latest Honeywell Industrial USB Threat Report show that the total number of threats posed by USB removable media to industrial process control networks is still high. The number of threats targeting OT systems increased from 16% to 28% over a period of 12 months. The study also pointed out that 1 in 5 threats was designed to leverage USB removable media as an attack vector. This article continues to discuss key findings pertaining to the risk of USB threats to industrial systems.

PR Newswire reports "Honeywell Cybersecurity Research Reveals The Risk Of USB Threats To Industrials Has Doubled Over 12 Months"

An 18-month analysis conducted by cybersecurity researchers at Digital Shadows on cybercriminals' access to and use of stolen account details revealed that usernames and passwords for more than 15 billion accounts are being distributed on the dark web. The stolen credentials circulating on underground forums allow cybercriminals to access network administrator accounts, bank accounts, virtual private networks (VPNs), streaming services, and more. Researchers warn that many account credentials are getting leaked online because of the use of weak passwords, which can easily be cracked through the performance of brute force attacks. Users are encouraged to create a unique password and apply multi-factor authentication (MFA) for each of their online accounts. This article continues to discuss the proliferation of stolen account credentials on the dark web, the value of these credentials to attackers, and how people can strengthen their online accounts' security.

ZDNet reports "Billions of Passwords Now Available on Underground Forums, Say Security Researchers"

A hacking group known as "Keeper" has targeted 570 e-commerce sites to steal customer financial information using Magecart attacks. The hacking group has been around since 2017 and has been able to compromise more than 180,000 payment cards as part of a covert fraud effort. The adversaries inserted malicious computer code onto the sites, usually by exploiting weaknesses in technology provided by the sites' third-party software suppliers. Magecart attacks have become a daily occurrence for small to medium-sized e-commerce businesses around the world.

Cyberscoop reports: "Magecart-Related Group Hits 570 Websites, Taking 184,000 Card Numbers"

The US District Court for the Eastern District of Virginia granted Microsoft permission to seize control of malicious domains used in COVID-19-themed attacks, such as those executed against Office 365 accounts, that have become common over the past several months. According to the company, COVID-19-themed Business Email Compromise attacks (BEC), involving millions of phishing emails, have been observed targeting Microsoft business users in over five dozen countries. The massive scale and persistence of these attacks prompted Microsoft to seek legal action. Threat actors are increasingly exploiting the fear and concern surrounding the coronavirus outbreak to improve the success of email and social engineering lures. Attackers have registered thousands of COVID-19-themed domains in the past several months to trick unsuspecting Internet users into giving up their personal data, credentials, or sensitive other information. This article continues to discuss the rise in coronavirus-related attacks and Microsoft's complaint filed against COVID-19-themed (BEC) attacks.

Dark Reading reports "Microsoft Seizes Domains Used in COVID-19-Themed Attacks"

F5 Networks, one of the leading global providers of enterprise networking equipment, recently patched a critical vulnerability found in its BIG-IP family of application delivery controllers. The remote code execution vulnerability impacts the BIG-IP products' Traffic Management User Interface (TMUI). The US Department of Defense's Cyber Command and the Cybersecurity and Infrastructure Security Agency (CISA) encourage organizations to apply the patch for the vulnerability as its exploitation could lead to complete system compromise. The flaw received a Common Vulnerability Scoring System (CVSS) score of 10, emphasizing its high level of severity. This article continues to discuss the severity and exploitation of the critical BIG-IP flaw.

CyberScoop reports "Cyber Command Backs 'Urgent' Patch for F5 Security Vulnerability"

According to researchers at Ben-Gurion University of the Negev (BGU), it is relatively easy to extract personal information such as face images, names, ages, and more from public screenshots of video meetings held on Zoom and other video conferencing platforms. Data collected from video conference meetings can be cross-referenced with social network data using image processing, text recognition, and forensics. Linkage attacks pose a threat to individuals' privacy as well as the privacy and security of organizations. This article continues to discuss the increased use of video conferencing platforms during the COVID-19 pandemic, the application of Artificial Intelligence (AI) to perform linkage attacks on users, and recommendations for mitigating privacy risks associated with such platforms.

VB reports "Researchers Use AI to Highlight Zoom's Privacy Risks"

Researchers from the Queen Mary University of London and the Chinese Academy of Science did a study that reveals the risks posed to privacy by home security cameras. The study was performed using data from a major home International Protocol (IP) security camera provider. The study's findings showed that attackers could monitor and analyze the traffic generated by IP home security cameras to predict when a house is occupied or not. Past traffic generated by these cameras could also be used by attackers to predict future activity, leaving camera owners' homes more vulnerable to burglary. This article continues to discuss key findings from the study on the inference of privacy-compromising information about an IP home security camera's owner without inspecting video content itself.

SCIENMAG reports "New Research Reveals Privacy Risks Of Home Security Cameras"