Daily Archives: May 10, 2019

Threat Roundup for May 3 to May 10

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 3 and May 10. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More at Talosintelligence.com


Reference
TRU05102019– This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for May 3 to May 10 appeared first on Cisco Blog.

Access and Source Code to Samsung Apps Left Unprotected on Public Server

The source code and security keys associated with a number of Samsung apps and projects have been discovered on unprotected server. Samsung’s SmartThings home automation platform was among the projects exposed in the compromise.

The exposed server contained a code repository that was misconfigured and publicly available. In addition to the underlying code of several major Samsung apps was a security token that allowed unfettered access to 135 projects and applications.

“The real threat lies in the possibility of someone acquiring this level of access to the application source code, and injecting it with malicious code without the company knowing,” said Mossab Hussein, the cybersecurity researcher who discovered the server.

Samsung is one of the world’s biggest technology manufacturers, and the ability to compromise its software would represent a cyber threat of monumental proportions. The company’s SmartThings app alone boasts 100 million installs worldwide. Alerted to the data compromise by Hussein April 10th, 20 days went by before the company revoked access to its security keys.

“[W]hile we have yet to find evidence that any external access occurred, we are currently investigating this further,” a spokesman for the company said.

Read more about the story here.

 

The post Access and Source Code to Samsung Apps Left Unprotected on Public Server appeared first on Adam Levin.

Celebrating Mother’s Day: How McAfee Supports Expecting & Working Mothers

Mother. It’s one of the best, hardest, most rewarding, challenging and unpredictable jobs a woman can have.

As we approach Mother’s Day in the U.S, I’m reminded of the immense happiness motherhood brings me. I’m also reminded of my own mother. As a child, I distinctly remember watching her getting ready for work. I remember what it stirred in me. In a word? Pride. My mother’s commitment to her career inspired me. I wanted a career I would be passionate about, and in turn, inspire my own children.

That’s why this Mother’s Day I’m appreciating working for a company where I can be a mother and a business professional in a role I truly love. I’m also reflecting on how critical the strides we’re making in workplace culture, policies, and programs are to better serve working mothers and parents.

In an industry made up of just 24% women, we can’t afford to miss out on the perspectives and innovation we unlock when we ensure our workplace mirrors the world in which we live. And considering our current cybersecurity talent shortage, an inclusive workplace is critical to bridging our workforce gap.

To encourage more women to bring (and keep!) their valuable and highly sought-after skills in the workplace, we can’t just talk a good game when it comes to championing inclusion and diversity; we have to walk the walk. Here are three ways McAfee is doing just that when it comes to supporting mothers:

Supporting You as Your Family Grows

Welcoming a child is an exciting time in your life. We want to help you take the time you need and to celebrate, bond, and adjust to new life with the newest addition to your family. Whether it’s offering extended leave with your new baby, providing the convenience of bringing your kids to the office or flexible working schedules, our parent initiatives recognize, celebrate, and accommodate your life’s big moments.

Offering Comfort and Convenience in the Workplace

Coming back to work after having a baby can be a big transition for many, which is why McAfee helps support mothers returning to the workplace after leave. For example, if you’re a nursing mother who travels throughout the U.S., we offer a Milk Stork delivery program to give you peace of mind and convenience to get your baby’s nourishment delivered in a safe and speedy manner.

In an ever-growing number of McAfee offices we offer Mother’s Rooms to provide a private and convenient way for mothers or mothers-to-be to enjoy a quiet and comfortable space while providing for their infant (and let’s be honest, sometimes that’s the only 20 minutes or so of quiet time a new working mother might have!). And for expecting or new mothers, Stork Parking provides reserved parking spaces. Fun fact: a pregnant woman’s lungs become increasingly compact as the baby grows which means getting from A to B is no longer a simple task. We recognize this at McAfee. We know that the small things count.

Reintroducing Mothers to the Workforce

We know careers aren’t always linear, and parents may choose to pause their careers to care for their families. McAfee’s Return to Workplace program taps into the potential of those who may have taken a career break with the support, guidance, and resources needed to successfully rejoin the workforce. This global initiative was launched in our Bangalore, Cork, and Plano offices last year. I’m proud to share 80 percent of program participants were offered a full-time position at McAfee.

Being a working mother is a strength. It only adds to the varying perspectives and experiences that drive innovative solutions. At McAfee, I’m so proud of the ways we’re recognizing and supporting mothers – and all of our team members – in being successful at home and at the workplace.

To learn more about the ways we support working mothers and our efforts to build an inclusive workplace where all can belong, read our first-ever Inclusion & Diversity Report.

Ready to join a company that helps you achieve your best at work and at home? We’re hiring.

The post Celebrating Mother’s Day: How McAfee Supports Expecting & Working Mothers appeared first on McAfee Blogs.

May Event Spotlight: IAPP Global Privacy Summit, Data Protection World Forum Webinar, IAPP Webinar, CCPA PRIVACY SUMMIT, European Data Protection Days, Privacy Insight Series Webinar, TrustArc Workshop, and GDPR Salon

TrustArc regularly attends and hosts events around the world and online – please visit us at one or more of the following events. ________________________________________________________________________ IAPP Global Privacy Summit Washington DC May 1 – May 3 The IAPP Global Privacy Summit 2019 gathered more than 3,600 professionals from around the world for an outstanding program with a truly global focus. Four days of education, guidance, inspiration and connections focused on the big picture of data protection. Thank you to everyone who came out and joined us at our TrustArc / RADAR Welcome Party, stopped by booth #203 to say hi or … Continue reading May Event Spotlight: IAPP Global Privacy Summit, Data Protection World Forum Webinar, IAPP Webinar, CCPA PRIVACY SUMMIT, European Data Protection Days, Privacy Insight Series Webinar, TrustArc Workshop, and GDPR Salon

The post May Event Spotlight: IAPP Global Privacy Summit, Data Protection World Forum Webinar, IAPP Webinar, CCPA PRIVACY SUMMIT, European Data Protection Days, Privacy Insight Series Webinar, TrustArc Workshop, and GDPR Salon appeared first on TrustArc Blog.

Nine Charged in Alleged SIM Swapping Ring

Eight Americans and an Irishman have been charged with wire fraud this week for allegedly hijacking mobile phones through SIM-swapping, a form of fraud in which scammers bribe or trick employees at mobile phone stores into seizing control of the target’s phone number and diverting all texts and phone calls to the attacker’s mobile device. From there, the attackers simply start requesting password reset links via text message for a variety of accounts tied to the hijacked phone number.

All told, the government said this gang — allegedly known to its members as “The Community” — made more than $2.4 million stealing cryptocurrencies and extorting people for restoring access to social media accounts that were hijacked after a successful SIM-swap.

Six of those charged this week in Michigan federal court were alleged to have been members of The Community of serial SIM swappers. They face a fifteen count indictment, including charges of wire fraud, conspiracy and aggravated identity theft (a charge that carries a mandatory two-year sentence). A separate criminal complaint unsealed this week charges three former employees of mobile phone providers for collaborating with The Community’s members.

Several of those charged have been mentioned by this blog previously. In August 2018, KrebsOnSecurity broke the news that police in Florida arrested 25-year-old Pasco County, Fla. city employee Ricky Joseph Handschumacher, charging him with grand theft and money laundering. As I reported in that story, “investigators allege Handschumacher was part of a group of at least nine individuals scattered across multiple states who for the past two years have drained bank accounts via an increasingly common scheme involving mobile phone SIM swaps.”

This blog also has featured several stories about the escapades of Ryan Stevenson, a 26-year-old West Haven, Conn. man who goes by the hacker name “Phobia.” Most recently, I wrote about how Mr. Stevenson earned a decent number of bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites — all the while secretly operating a service that leveraged these same flaws to sell their customers’ personal data to people who were active in the SIM swapping community.

One of the six men charged in the conspiracy — Colton Jurisic, 20 of, Dubuque, Iowa — has been more well known under his hacker alias “Forza,” and “ForzaTheGod.” In December 2016, KrebsOnSecurity heard from a woman who had her Gmail, Instagram, Facebook and LinkedIn accounts hijacked after a group of individuals led by Forza taunted her on Twitter as they took over her phone account.

“They failed to get [her three-letter Twitter account name, redacted] because I had two-factor authentication turned on for twitter, combined with a new phone number of which they were unaware,” the source said in an email to KrebsOnSecurity in 2016. “@forzathegod had the audacity to even tweet me to say I was about to be hacked.”

Also part of the alleged Community of SIM swappers is Conor Freeman, 20, of Dublin, Ireland; Reyad Gafar Abbas, 19, of Rochester, New York; Garrett Endicott, 21, of Warrensburg, Missouri.

The three men criminally accused of working with the six through their employment at mobile phone stores are Fendley Joseph, 28, of Murrietta, Calif.; Jarratt White, 22, and Robert Jack, 22, both from Tucson, Ariz. Joseph was a Verizon employee; White and Jack both worked at AT&T stores.

If convicted on the charge of conspiracy to commit wire fraud, each defendant faces a statutory maximum penalty of 20 years in prison.  The charges of wire fraud each carry a statutory maximum penalty of 20 years in prison.

Last month, 20-year-old college student and valedictorian Joel Ortiz became the first person ever to be sentenced for SIM swapping — pleading guilty to a ten year stint in prison for stealing more than $5 million in cryptocurrencies from victims and then spending it lavishly at elaborate club parties in Las Vegas and Los Angeles.

A copy of the indictment against the six men is here (PDF). The complaint against the former mobile company employees is here (PDF).

Epsiode 490 – Tools, Tips and Tricks – Security Recruiter Directory

If you are looking for your next CISO or the hard to find security engineer this episode will be for you. CSOOnline puslished a Security Recruiter Directory to help recruiters, security leaders and job seekers get connected.  Security Recruiter Directory. Be aware, be safe. *** Support the podcast with a cup of coffee *** – […]

The post Epsiode 490 – Tools, Tips and Tricks – Security Recruiter Directory appeared first on Security In Five.

This Week in Security News: Skimming Attacks and Ransomware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how credit card skimming attacks can impact businesses and how ransomware can use software installations to help hide malicious activities.

Read on:

Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada

Trend Micro uncovered recent activity by hacking group Mirrorthief involving the notorious online credit card skimming attack known as Magecart, which impacted 201 online campus stores in the United States and Canada.

Hackers Steal $40.7 Million in Bitcoin from Crypto Exchange Binance

Hackers stole more than 7,000 bitcoin from crypto exchange Binance and were able to access user API keys, two-factor authentication codes and other information to withdraw $41 million in bitcoin from the exchange.

Cyberattack Cripples Baltimore’s Government Computer Servers

Baltimore’s government rushed to shut down most of its computer servers after its network was hit by a ransomware virus, though officials believe it has not touched critical public safety systems.

Dharma Ransomware Uses AV Tool to Distract from Malicious Activities

Trend Micro recently found new samples of Dharma ransomware that are using a new technique: using software installation as a distraction to help hide malicious activities.

What Israel’s Strike on Hamas Hackers Means for Cyberwar

The Israeli Defense Force claimed that it bombed and partially destroyed one building in Gaza because it was allegedly the base of an active Hamas hacking group.

CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner with Rootkit

Trend Micro observed a critical vulnerability involving Confluence that was being exploited by threat actors to perform malicious attacks.

Trump Creates New Cybersecurity Competition with a $25,000 Award

The Trump administration announced steps to address a shortage of cybersecurity workers across the federal government, including sponsorship of a national competition and allowing cyber experts to rotate from one agency to another.

What are your thoughts on hacking groups like Mirrorthief and their impact on businesses and consumers? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

 

The post This Week in Security News: Skimming Attacks and Ransomware appeared first on .

Cyber News Rundown: Dharma Diversion

Reading Time: ~2 min.

Dharma Ransomware Employs Diversion Tactics

Researchers recently discovered a new ransomware variant that displays an ESET AV removal screen once launched in order to divert the a victim’s attention from the silent encryption taking place. Initially dropped by an email spam campaign, the payload comes as a password protected zip archive, with the password made available in the body of the email to entice curious readers. In addition to the ESET removal instructions, the archive also contains a traditional ransom demand with instructions for purchasing and transferring Bitcoin.

Binance Crypto-Exchange Hacked

At least 7,000 Bitcoin were illicitly removed from the hot wallet of Binance, an international cryptocurrency exchange, in a single transaction. By compromising the personal API keys and bypassing two-factor authentication, the hackers were able to access the wallet and steal roughly $41 million worth of Bitcoin. The complete details of the breach are still unknown.

Global Malvertiser Sentenced in US

A man operating several fake companies distributing hundreds of millions of malicious ads across the globe has been arrested and is facing charges after his extradition to the U.S. For nearly five years, Mr. Ivanov and his co-conspirators created dozens of malvertising campaigns, usually starting a new one immediately after the previous one was flagged by a legitimate ad network. While this is not the only case of malvertising campaigns causing chaos on the web, it is one of the first to see actual indictments.

Robbinhood Ransomware Shuts Down Two US Cities

Both Baltimore City Hall and the city of Amarillo, Texas, were victims of a variant of Robbinhood ransomware this week. Following the attack, citizens of both cities will be seeing online bill payment options temporarily offline as they work to restore networks that were damaged or disconnected to stop the spread of the infection. This is the second cyber attack to hit both cities within the past year, with Potter County, Texas recovering from a similar attack just a couple weeks ago. Neither city has released more information on the ransom amount or when the attack began.

Freedom Mobile Exposes Payment Credentials

An unencrypted database containing millions of customer records for Freedom Mobile, a Canadian telecom provider, was discovered to be left freely available to the public. While the database was secured in less than a week, the time it was left accessible to criminals is cause for concern. The data contained full payment card information, including essentially everything a criminal would need to commit identity fraud against millions of people. Though Freedom Mobile claims the 15,000 were affected, it calls into question the practices used to store their sensitive data.

The post Cyber News Rundown: Dharma Diversion appeared first on Webroot Blog.