Weekly Cybersecurity Roundup #2
Remote work, 5th week!
Microsoft: Emotet Took Down a Network by Overheating All Computers
Microsoft says that an Emotet infection was able to take down an organization’s entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to a crawl after one employee was tricked to open a phishing email attachment.
“After a phishing email delivered Emotet, a polymorphic virus that propagates via network shares and legacy protocols, the virus shut down the organization’s core services,” DART said.
“The virus avoided detection by antivirus solutions through regular updates from an attacker-controlled command-and-control (C2) infrastructure, and spread through the company’s systems, causing network outages and shutting down essential services for nearly a week.”BleepingComputer
GSMA Condemns Attacks Against Mobile Phone Masts
Police and counter-terrorism authorities are investigating acts of arson against mobile phone masts in the UK. The GSMA condemns these acts of violence designed to weaken our communications networks in a time of crisis.
Our vision at the GSMA is to unlock the power of connectivity so that people, industry and society thrive. We must unite in the global fight against COVID-19 and combat the fake news and violent actions linking 5G communications technology to the spread of the virus. This disinformation campaign is inciting fear, aggression, and vandalism against the critical infrastructure and essential maintenance workers who are keeping our public services connected, as well as our economy running.
England’s National Medical Director Stephen Powis has been widely reported in the media as saying, “The 5G story is complete and utter rubbish, it’s nonsense, it’s the worst kind of fake news.”GSMA
Pioneering deep learning in the cyber security space: the new standard?
The use of deep learning in the cyber security space is an emerging trend. But, it has the potential to transform a security model that is currently broken, by predicting new attacks before they’ve breached an organisation’s network or device.
Deep learning neural models can predict new variations of existing cyber attacks that occur daily, while the majority of current solutions in the market can only detect infected systems or anomalies, contain and remediate them — this is costly and unsustainable.InformationAge
Web skimming attacks not expected to intensify during COVID-19 quarantines
The current coronavirus (COVID-19) quarantine periods imposed all over the globe have forced a large portion of the world’s population towards online shopping.
But despite amid a dramatic rise in the number of people using online stores to buy food and supplies during this outbreak, security researchers don’t expect to see a sudden spike in web skimming attacks.
Web skimming, also known as e-skimming or Magecart attacks, is a type of security incident where hackers breach online stores to plant malicious code that steals a user’s payment card details while the data is entered in checkout forms.ZDNet
Does Zoom use end-to-end encryption?
This situation leaves Zoom users with a bit of a conundrum: now that everyone in the world is relying on this software for so many critical purposes, should we trust it? In this mostly non-technical post I’m going to talk about what we know, what we don’t know, and why it matters.A Few Thoughts on Cryptographic Engineering
How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera
If you use Apple iPhone or MacBook, here we have a piece of alarming news for you.The Hacker News
Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari browser could have let remote attackers secretly access your device’s camera, microphone, or location, and in some cases, saved passwords as well.
Apple recently paid a $75,000 bounty reward to an ethical hacker, Ryan Pickren, who practically demonstrated the hack and helped the company patch a total of seven new vulnerabilities before any real attacker could take advantage of them.
The fixes were issued in a series of updates to Safari spanning versions 13.0.5 (released January 28, 2020) and Safari 13.1 (published March 24, 2020).
Hacking the iOS/macOS webcam – Apple pays out $75,000 to bug hunter
A vulnerability researcher has received a bug bounty after discovering security holes in Apple’s software that could allow malicious parties to hijack an iPhone or Mac user’s camera and spy upon them.
Bug hunter Ryan Pickren is richer to the tune of $75,000 after responsibly disclosing seven zero-day vulnerabilities in the Apple Safari browser for macOS and iOS, three of which could be combined into a camera-hijacking kill chain.HOTforSecurity
OGUsers hacking forum hacked; entire database dumped on rival forum
The infamous hacking forum OGUsers has been hacked AGAIN and this time, hackers have not only stole its database but also dumped it on a rival hacking forum for free download.HackRead
Twitter Data Cache on Firefox May Have Left Your Personal Data Visible on Shared Computers
Twitter recently revealed a data privacy issue caused by the way in which Mozilla Firefox cached data, meaning that the personal information of Twitter users may have been stored in Firefox’s cache. More specifically, private files shared via direct messages and data downloads could have been saved unintentionally in the browser’s cache, even if you signed out of Twitter. This issue did not affect other browsers.HeimdalSecurity