Cyber Security Headlines November 23, 2020

GoDaddy employees duped in cryptocurrency hack

Social engineering was used to trick GoDaddy employees into transferring ownership and control over several cryptocurrency domains. This attack, which, according to Krebs on Security, happened on November 13, is the latest in a series of security incidents to hit the company. The attack was intended to change settings belonging to trading platform liquid.com and mining service NiceHash and others, including redirecting email and web traffic, performing password resets on Slack and GitHub, and modifying domain registrations.

(Krebs On Security)

Global financial industry facing fresh round of cyberthreats

A report published by the Carnegie Endowment for International Peace warns that despite aggressive efforts by financial institutions to bolster security and agility, more opportunities for attacks against networks and infrastructure are emerging, specifically through network intrusion, penetration testing tools such as Cobalt Strike and PowerShell Empire, fileless malware, domain name system command-and-control modules, ransomware and DDoS extortion. The report also highlights the increasing sophistication and profitability of the big name gangs including the Lazarus Group, TA505 and REvil Group who claims to have earned $100 million in profits in one year.

(BankInfoSecurity.com)

Egregor ransomware prints its own ransom notes

Pulling back the cloak of secrecy that many companies throw over ransomware attacks, the Egregor operation now includes a command that prints ransom notes from every available network and local printer connected to the victim company to notify everyone of the attack and embarrass the company into paying. In the case of Chilean retail giant Cencosud, this included receipt printers. Bleeping Computer points out it is not the ransomware executable performing the printing of ransom notes, but it is believed a separate script deployed later.

(BleepingComputer)

Twitter fleets aren’t that fleeting

Twitter’s new Fleet product allows mobile users to post photos or videos with overlaying text, that should vanish after 24 hours. But a recently discovered bug means that fleets aren’t deleting properly and could still be accessed long after 24 hours had expired. Details of the bug were posted in a series of tweets on Saturday, less than a week after the feature launched. The bug also allowed anyone to access and download a user’s fleets without sending a notification. A Twitter spokesperson says a fix was on the way.

(TechCrunch)

Thanks to our sponsor, Dtex

Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence.
Learn more and start a free 30-day trial at
dtexsystems.com.

Facebook Messenger bug allowed Android users to spy on each other

Facebook has fixed the flaw that allowed Android callers to listen to other users’ surroundings without permission before the person on the other end picked up the call. Attackers were able to send a special type of message known as SdpUpdate which would cause the call to connect to the callee’s device and start transmitting audio before it was answered. Facebook Messenger for Android has been installed on more than 1 billion Android devices according to the app’s official Play Store page.

(Threatpost)

Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs

The list contains one-line exploits to steal VPN credentials from VPN devices belonging to high profile banks and government organizations around the world. The exploit means unauthenticated remote attackers can access system files via specially crafted HTTP requests, allowing them to steal credentials that can then be used to compromise a network and deploy ransomware. This bug was publicly disclosed over a year ago, yet 49,000 vulnerable VPN devices remain findable.

(Bleeping Computer

Google adds end-to-end encryption to its Rich Communication Service for Android

Rich Communication Service for Android is being pushed by Google as an alternative to SMS, featuring typing indicators, presence information, location sharing, longer messages, better-quality photos and videos, chat over Wi-Fi, knowing when a message is read, sharing reactions, and better capabilities for group chats. The encryption rollout is currently available only in the beta version of the Android Messages app, and works only for one-to-one messages between people using the Google app. Technical specs reveal that it will be based on the Signal protocol.

(Wired)

Your smart vacuum can pick up dirt, pet hair, and your conversations 

Researchers from the University of Maryland and the National University of Singapore have revealed technique that converts the LiDAR navigation technology of a home vacuum cleaner robot into a microphone capable of recording nearby conversations. LiDAR is a laser-based navigation technology, basically radar using light. Although the technique is experimental and would need malware uploaded to the vacuum and a method to re-send the recordings back to a server, researchers said they have been successful in recording and obtaining audio data from their test appliance. 

(ZDNet)


Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.