Cyber criminals are actively exploiting the fear of COVID-19 pandemic and people’s need of information about the outbreak. Staying secure in the time of the time of COVID-19 is important, so I think it might be beneficial to learn different kinds of attacks targeted the fear of this pandemic disease and learn ways to protect ourselves at cyber area too.
I found interesting the article entitled “CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware”. Attackers developed a poisoned android application program that assumed to provide access to a Coronavirus map tracker providing statistical information about COVID-19. In fact, this app infected by ransomware. Covidlock forces user to change their password used to unlock the phone. Then, a ransom note appears requesting $100 in bitcoin in 48 hours to take the phone’s memory back.
According to this article from the Hacker news, a Chinese security firm Qihoo 360’s Netlab Team discovered that multiple zero-day vulnerabilities in digital video recorders ( DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots.
Several popular password managers contain security vulnerabilities that could be exploited to breach the walls that are supposed to keep your passwords safe, according to researchers from the University of York.
After considering a pool of 19 password managers, the academics chose to test LastPass, Dashlane, Keeper, 1Password, and RoboForm based on their popularity and features. They uncovered a total of four new vulnerabilities, including a flaw both in the 1Password and LastPass Android applications that made them susceptible to phishing attacks. The vulnerability is caused by their use of weak matching criteria for identifying which of the stored credentials should be suggested for autofill.
According to the news, Norwegian Cruise Line had a data breach. DynaRisk team discovered this threats on March 13. They found that private information such as clear text password and email address which are use to log in to Norwegian Cruise Line travel agent portal (agents.ncl.eu) were compromised and found on the dark web.
Windows, Ubuntu, macOS, VirtualBox fall at Pwn2Own hacking contest within a day! The hacking contest can be useful to learn about vulnerabilities. The article didn’t mention in detail what tools they used nor what attacks or found vulnerabilities.
Seem like VMware is still a safe place to host those OS above.
The Norweigian cruise line experienced a data breach as their personal information was found on the dark web by DynaRisk.. DynaRisk contacted the cruise line explaining they viewed login credentials of their travel agents on the dark web, but unfortunately didn’t respond till five days later.
Title: Google launches coronavirus site with health information, local resources
In the wake of the COVID-19 epidemic, Google and its tech giant associated have begun releasing products and websites meant to help people stay safe and aware of areas that have been affected by the super-contagious disease. One of these websites is google.com/covid19 which contains information such as prevention tips, a map of areas where COVID-19 cases have emerged, various methods of contacting local health agencies and other resources.
Facial recognition manufacturers are using the coronavirus pandemic as an opportunity to promote the technology.
Companies are suggesting that facial recognition can be used to keep track of who has the corona virus and has been used as a method to detect anomalies (such as body temperature) in bus passengers in China. With the growing concern of people not self-quarantining during this time, this technology seems to be a way to mitigate the spread of the virus.
Experts have expressed how privacy is still a main issue with this far from perfect technology. While there is a push to promote facial recognition during this time, it is unclear how well protected this stored information will be and the matter of user consent is still uncertain.
Netflix account compromise Bugcrowd doesn’t want you to know about
This week a researcher found a vulnerability with Netflix that allows the attacker to take over an authorized users account. The researcher was on the same network as the user who was establishing connection to Netflix. He then did an arp poising attack and through a man in the middle style attack is able to get the session id of the Netflix user. this is due to Netflix not using HTTPS in all of their sub domains. Because of this the session id is present in plain text across the network. The second half of the article is about how Netflix didn’t want to recognize this as a vulnerability and said it was out of their scope. Do you think that’s right?
With the outbreak of the coronavirus, it was safe to say that many cyber criminals would try to capitalize on the chaos. The DOJ uncovered and shut down a fake coronavirus vaccine/test kit site “coronavirusmedicalkit.com”. The attackers were capitalizing on social hysteria and was marketing the sale of “Free Coronavirus Kits” and all the user had to pay for was shipping. However, when the user went to pay for shipping, the site would steal their CC information. The problem is that, the attackers attempts don’t stop here. There are more malicious emails, phishing, and malware attacks than on a normal basis. So as users we need to be more vigilant and careful!
Security researchers from MIT have found vulnerabilities in the “Voatz” App. This app was initially used in the mid-term 2018 elections of west virginia and is on course to be used further in the 2020 primaries. Researchers have been able to gain root level access of the application and reveal the identity of the voter as well as alter the vote.
Voatz uses the “BlockChain” technology and the developers have refuted the claim of researchers. They claim the app which the researchers were able to compromise was an older version and not used in any of the elections.
The US Department of Justice on Saturday filed its first court action against a website operator accused of committing fraud to profit from the global COVID-19 pandemic.
A temporary restraining order was filed in a federal court in Austin against the operator of coronavirusmedicalkit.com, who allegedly offered fake coronavirus vaccines for sale in a shameless attempt to cash in on a health crisis that has killed 15,430 people.
”Unknown ‘WildPressure’ Malware Campaign Lets Off Steam in Middle East“
The news states that a piece of malware is attacking organizations in the Middle East. They used Milum (previously unknown trojan). Kaspersky described the Trojan’s attack and creation (C ++) as simple and straightforward. This type of Trojan software is often easily overlooked because no major losses have yet occurred. In addition, the construction of this type of malware usually does not have fixed attack targets, and they are distributed without trial.
“To send the beacon, Milum transmits compressed JSON data in HTTP POST requests that are encrypted with RC4, using a 64-byte key stored in the configuration data.” https://threatpost.com/wildpressure-malware-campaign-middle-east/154101/
Cyber criminals are actively exploiting the fear of COVID-19 pandemic and people’s need of information about the outbreak. Staying secure in the time of the time of COVID-19 is important, so I think it might be beneficial to learn different kinds of attacks targeted the fear of this pandemic disease and learn ways to protect ourselves at cyber area too.
I found interesting the article entitled “CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware”. Attackers developed a poisoned android application program that assumed to provide access to a Coronavirus map tracker providing statistical information about COVID-19. In fact, this app infected by ransomware. Covidlock forces user to change their password used to unlock the phone. Then, a ransom note appears requesting $100 in bitcoin in 48 hours to take the phone’s memory back.
Here’s the article: https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware
MULTIPLE DDoS Botnets Exploited O-Day Flaws in LILIN DVR Surveillance Ssytems
According to this article from the Hacker news, a Chinese security firm Qihoo 360’s Netlab Team discovered that multiple zero-day vulnerabilities in digital video recorders ( DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots.
https://thehackernews.com/2020/03/ddos-botnets-lilin-dvr.html
Security flaws found in popular password managers
Several popular password managers contain security vulnerabilities that could be exploited to breach the walls that are supposed to keep your passwords safe, according to researchers from the University of York.
After considering a pool of 19 password managers, the academics chose to test LastPass, Dashlane, Keeper, 1Password, and RoboForm based on their popularity and features. They uncovered a total of four new vulnerabilities, including a flaw both in the 1Password and LastPass Android applications that made them susceptible to phishing attacks. The vulnerability is caused by their use of weak matching criteria for identifying which of the stored credentials should be suggested for autofill.
https://www.welivesecurity.com/2020/03/19/security-flaws-found-in-popular-password-managers/
According to the news, Norwegian Cruise Line had a data breach. DynaRisk team discovered this threats on March 13. They found that private information such as clear text password and email address which are use to log in to Norwegian Cruise Line travel agent portal (agents.ncl.eu) were compromised and found on the dark web.
https://www.infosecurity-magazine.com/news/norwegian-cruise-line-suffers-data/
Windows, Ubuntu, macOS, VirtualBox fall at Pwn2Own hacking contest within a day! The hacking contest can be useful to learn about vulnerabilities. The article didn’t mention in detail what tools they used nor what attacks or found vulnerabilities.
Seem like VMware is still a safe place to host those OS above.
https://www.zdnet.com/article/windows-ubuntu-macos-virtualbox-fall-at-pwn2own-hacking-contest/
https://www.infosecurity-magazine.com/news/norwegian-cruise-line-suffers-data/
The Norweigian cruise line experienced a data breach as their personal information was found on the dark web by DynaRisk.. DynaRisk contacted the cruise line explaining they viewed login credentials of their travel agents on the dark web, but unfortunately didn’t respond till five days later.
Title: Google launches coronavirus site with health information, local resources
In the wake of the COVID-19 epidemic, Google and its tech giant associated have begun releasing products and websites meant to help people stay safe and aware of areas that have been affected by the super-contagious disease. One of these websites is google.com/covid19 which contains information such as prevention tips, a map of areas where COVID-19 cases have emerged, various methods of contacting local health agencies and other resources.
Source: https://www.cnet.com/news/google-launches-coronavirus-site-with-health-information-local-resources/
Facial recognition manufacturers are using the coronavirus pandemic as an opportunity to promote the technology.
Companies are suggesting that facial recognition can be used to keep track of who has the corona virus and has been used as a method to detect anomalies (such as body temperature) in bus passengers in China. With the growing concern of people not self-quarantining during this time, this technology seems to be a way to mitigate the spread of the virus.
Experts have expressed how privacy is still a main issue with this far from perfect technology. While there is a push to promote facial recognition during this time, it is unclear how well protected this stored information will be and the matter of user consent is still uncertain.
https://threatpost.com/covid-19-spurs-facial-recognition-tracking-privacy-fears/153953/
Netflix account compromise Bugcrowd doesn’t want you to know about
This week a researcher found a vulnerability with Netflix that allows the attacker to take over an authorized users account. The researcher was on the same network as the user who was establishing connection to Netflix. He then did an arp poising attack and through a man in the middle style attack is able to get the session id of the Netflix user. this is due to Netflix not using HTTPS in all of their sub domains. Because of this the session id is present in plain text across the network. The second half of the article is about how Netflix didn’t want to recognize this as a vulnerability and said it was out of their scope. Do you think that’s right?
https://arstechnica.com/information-technology/2020/03/bugcrowd-tries-to-muzzle-hacker-who-found-netflix-account-compromise-weakness/
With the outbreak of the coronavirus, it was safe to say that many cyber criminals would try to capitalize on the chaos. The DOJ uncovered and shut down a fake coronavirus vaccine/test kit site “coronavirusmedicalkit.com”. The attackers were capitalizing on social hysteria and was marketing the sale of “Free Coronavirus Kits” and all the user had to pay for was shipping. However, when the user went to pay for shipping, the site would steal their CC information. The problem is that, the attackers attempts don’t stop here. There are more malicious emails, phishing, and malware attacks than on a normal basis. So as users we need to be more vigilant and careful!
https://threatpost.com/fake-coronavirus-vaccine-website-busted-in-doj-takedown/154031/
Security researchers from MIT have found vulnerabilities in the “Voatz” App. This app was initially used in the mid-term 2018 elections of west virginia and is on course to be used further in the 2020 primaries. Researchers have been able to gain root level access of the application and reveal the identity of the voter as well as alter the vote.
Voatz uses the “BlockChain” technology and the developers have refuted the claim of researchers. They claim the app which the researchers were able to compromise was an older version and not used in any of the elections.
https://www.securityweek.com/mit-researchers-find-vulnerabilities-voatz-voting-app
The US Department of Justice on Saturday filed its first court action against a website operator accused of committing fraud to profit from the global COVID-19 pandemic.
A temporary restraining order was filed in a federal court in Austin against the operator of coronavirusmedicalkit.com, who allegedly offered fake coronavirus vaccines for sale in a shameless attempt to cash in on a health crisis that has killed 15,430 people.
https://www.infosecurity-magazine.com/news/us-court-blocks-fake-covid-19/
”Unknown ‘WildPressure’ Malware Campaign Lets Off Steam in Middle East“
The news states that a piece of malware is attacking organizations in the Middle East. They used Milum (previously unknown trojan). Kaspersky described the Trojan’s attack and creation (C ++) as simple and straightforward. This type of Trojan software is often easily overlooked because no major losses have yet occurred. In addition, the construction of this type of malware usually does not have fixed attack targets, and they are distributed without trial.
“To send the beacon, Milum transmits compressed JSON data in HTTP POST requests that are encrypted with RC4, using a 64-byte key stored in the configuration data.”
https://threatpost.com/wildpressure-malware-campaign-middle-east/154101/