AA18-337A: SamSam Ransomware - humanit managed services

Week 48 in Information Security, 2018

Sennheiser's HeadSetup software is installing a root certificate into the OS Trusted CA Certificate store. They have also put a private key on a device, the same one for all users, which allows any user to perform a man-in-the-middle SSL attacks against SSL communication. https://www.bleepingcomputer.com/news/security/sennheiser-headset-software-could-allow-man-in-the-middle-ssl-attacks/
German chat platform Knuddels.de (Cuddles) has been fined 20k€ for storing user passwords in plain text. What is interesting is that the regional GDPR data watchdog wanted to avoid bankrupting the company. "The overall financial burden on the company was taken into account in addition to other circumstances". https://www.theregister.co.uk/2018/11/23/knuddels_fined_for_plain_text_passwords/
Crooks are using new attack vector to spread malware, they are requesting maintainer access to a widely-used open source projects on github, then pushing compromised version to millions of people. https://github.com/dominictarevent-stream/issues/116
Two international cybercriminal Rings dismantled and eight defendants indicted for causing tens of millions of dollars in losses in the digital advertising fraud. They have produced Boaxxe/Miuref & Kovter malware. https://www.us-cert.gov/ncas/alerts/TA18-331A
Cisco Talos has discovered DNSpionage malware targeting governments and companies in the Middle East using phishing attack. https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
The U.S. Treasury Department has sanctioned two Iranians allegedly involved in Bitcoin ransomware scheme SamSam. They have basically put Bitcoin addresses on the Office of Foreign Assets Control’s (OFAC) sanctions list. https://home.treasury.gov/news/press-releases/sm556
Scammers are changing the contact details for banks on Google Maps. http://blog.abhijittomar.com/2018/10/19/google-business-claim-scam/
Almost all VPN browser extensions are in fact just a proxy and are vulnerable to a different level of IP leaks and DNS leaks. https://blog.innerht.ml/vpn-extensions-are-not-for-privacy/
Google, Mozilla are working on letting web apps edit local user files despite warning it could be really dangerous. https://www.techrepublic.com/article/google-mozilla-working-on-letting-web-apps-edit-files-despite-warning-it-could-be-abused-in-terrible/
The German Federal Office for Information Security, BSI, publishes Microsoft Windows 10 telemetry analysis. https://www.ghacks.net/2018/11/23/german-federal-office-bsi-publishes-telemetry-analysis/
BlackBerry purchased Cylance, the machine-learning based anti-malware company for $1.4 billion dollars. They plans to integrate Cylance's anti-malware solution into the BlackBerry Spark platform. https://www.csoonline.com/article/3321746/security/blackberrys-acquisition-of-cylance-raises-eyebrows-in-the-security-community.html
The Sequoia team introduced the first release of a new Rust implementation of the OpenPGP licensed under GPL 3.0. https://sequoia-pgp.org/blog/2018/11/26/initial-release/

Source: malgregator.com
submitted by undercomm to security [link] [comments]

Week 48 in Information Security, 2018

Sennheiser's HeadSetup software is installing a root certificate into the OS Trusted CA Certificate store. They have also put a private key on a device, the same one for all users, which allows any user to perform a man-in-the-middle SSL attacks against SSL communication. https://www.bleepingcomputer.com/news/security/sennheiser-headset-software-could-allow-man-in-the-middle-ssl-attacks/
German chat platform Knuddels.de (Cuddles) has been fined 20k€ for storing user passwords in plain text. What is interesting is that the regional GDPR data watchdog wanted to avoid bankrupting the company. "The overall financial burden on the company was taken into account in addition to other circumstances". https://www.theregister.co.uk/2018/11/23/knuddels_fined_for_plain_text_passwords/
Crooks are using new attack vector to spread malware, they are requesting maintainer access to a widely-used open source projects on github, then pushing compromised version to millions of people. https://github.com/dominictarevent-stream/issues/116
Two international cybercriminal Rings dismantled and eight defendants indicted for causing tens of millions of dollars in losses in the digital advertising fraud. They have produced Boaxxe/Miuref & Kovter malware. https://www.us-cert.gov/ncas/alerts/TA18-331A
Cisco Talos has discovered DNSpionage malware targeting governments and companies in the Middle East using phishing attack. https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
The U.S. Treasury Department has sanctioned two Iranians allegedly involved in Bitcoin ransomware scheme SamSam. They have basically put Bitcoin addresses on the Office of Foreign Assets Control’s (OFAC) sanctions list. https://home.treasury.gov/news/press-releases/sm556
Scammers are changing the contact details for banks on Google Maps. http://blog.abhijittomar.com/2018/10/19/google-business-claim-scam/
Almost all VPN browser extensions are in fact just a proxy and are vulnerable to a different level of IP leaks and DNS leaks. https://blog.innerht.ml/vpn-extensions-are-not-for-privacy/
Google, Mozilla are working on letting web apps edit local user files despite warning it could be really dangerous. https://www.techrepublic.com/article/google-mozilla-working-on-letting-web-apps-edit-files-despite-warning-it-could-be-abused-in-terrible/
The German Federal Office for Information Security, BSI, publishes Microsoft Windows 10 telemetry analysis. https://www.ghacks.net/2018/11/23/german-federal-office-bsi-publishes-telemetry-analysis/
BlackBerry purchased Cylance, the machine-learning based anti-malware company for $1.4 billion dollars. They plans to integrate Cylance's anti-malware solution into the BlackBerry Spark platform. https://www.csoonline.com/article/3321746/security/blackberrys-acquisition-of-cylance-raises-eyebrows-in-the-security-community.html
The Sequoia team introduced the first release of a new Rust implementation of the OpenPGP licensed under GPL 3.0. https://sequoia-pgp.org/blog/2018/11/26/initial-release/
Source: malgregator.com
submitted by undercomm to malgregator [link] [comments]

Week 48 in Information Security, 2018

Sennheiser's HeadSetup software is installing a root certificate into the OS Trusted CA Certificate store. They have also put a private key on a device, the same one for all users, which allows any user to perform a man-in-the-middle SSL attacks against SSL communication. https://www.bleepingcomputer.com/news/security/sennheiser-headset-software-could-allow-man-in-the-middle-ssl-attacks/
German chat platform Knuddels.de (Cuddles) has been fined 20k€ for storing user passwords in plain text. What is interesting is that the regional GDPR data watchdog wanted to avoid bankrupting the company. "The overall financial burden on the company was taken into account in addition to other circumstances". https://www.theregister.co.uk/2018/11/23/knuddels_fined_for_plain_text_passwords/
Crooks are using new attack vector to spread malware, they are requesting maintainer access to a widely-used open source projects on github, then pushing compromised version to millions of people. https://github.com/dominictarevent-stream/issues/116
Two international cybercriminal Rings dismantled and eight defendants indicted for causing tens of millions of dollars in losses in the digital advertising fraud. They have produced Boaxxe/Miuref & Kovter malware. https://www.us-cert.gov/ncas/alerts/TA18-331A
Cisco Talos has discovered DNSpionage malware targeting governments and companies in the Middle East using phishing attack. https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
The U.S. Treasury Department has sanctioned two Iranians allegedly involved in Bitcoin ransomware scheme SamSam. They have basically put Bitcoin addresses on the Office of Foreign Assets Control’s (OFAC) sanctions list. https://home.treasury.gov/news/press-releases/sm556
Scammers are changing the contact details for banks on Google Maps. http://blog.abhijittomar.com/2018/10/19/google-business-claim-scam/
Almost all VPN browser extensions are in fact just a proxy and are vulnerable to a different level of IP leaks and DNS leaks. https://blog.innerht.ml/vpn-extensions-are-not-for-privacy/
Google, Mozilla are working on letting web apps edit local user files despite warning it could be really dangerous. https://www.techrepublic.com/article/google-mozilla-working-on-letting-web-apps-edit-files-despite-warning-it-could-be-abused-in-terrible/
The German Federal Office for Information Security, BSI, publishes Microsoft Windows 10 telemetry analysis. https://www.ghacks.net/2018/11/23/german-federal-office-bsi-publishes-telemetry-analysis/
BlackBerry purchased Cylance, the machine-learning based anti-malware company for $1.4 billion dollars. They plans to integrate Cylance's anti-malware solution into the BlackBerry Spark platform. https://www.csoonline.com/article/3321746/security/blackberrys-acquisition-of-cylance-raises-eyebrows-in-the-security-community.html
The Sequoia team introduced the first release of a new Rust implementation of the OpenPGP licensed under GPL 3.0. https://sequoia-pgp.org/blog/2018/11/26/initial-release/

Source: malgregator.com
submitted by undercomm to cybersecurity [link] [comments]

Bitcoin. This page is community maintained. The information is intended for PC simulator navigation or reference. Always use approved charts for navigation. TA18 Sunset. Private use. Permission required prior to landing. Forney, Texas, United States (75126) Runways. Lat/Lng: 32° 42' 25.47" N / 96° 28' 45.95" W 32.707075 / -96.479431: Elevation: 444'ft / 135mMSL: Declination: E006° ID / ICAO ... TA18-331A: 3ve – Major Online Ad Fraud Operation. Home. 2018. November. 28. TA18-331A: 3ve – Major Online Ad Fraud Operation. John Jason Fallows ... After paying the ransom in Bitcoin and establishing contact, victims usually receive links to download cryptographic keys and tools to decrypt their network. Technical Details . NCCIC recommends organizations review the following SamSam Malware Analysis Reports. The reports represent four SamSam malware variants. This is not an exhaustive list. MAR-10219351.r1.v2 – SamSam1; MAR-10166283.r1 ... Sherstobitoff, R. (2018, February 12). Lazarus Resurfaces, Targets Global Banks and Bitcoin Users. Retrieved February 19, 2018. US-CERT. (2018, March 16). Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved June 6, 2018. Kaspersky Lab's Global Research & Analysis Team. (2015 ... TA18-086A: Brute Force Attacks Conducted by Cyber Actors. 28 March 2018. Original release date: March 27, 2018 Systems Affected Networked systems Overview According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and abroad. Read full news article on ...

[index] [43403] [42981] [51305] [3635] [8714] [8937] [29258] [47080] [32068] [5545]

#