Cybersecurity Digest #11: 24/08/2020 – 04/09/2020

Cybersecurity News

• Cisco reported multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software which are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities (CVE-2020-3566) by sending crafted IGMP traffic to an affected device.
• A vulnerability being actively exploited in File Manager, a WordPress plugin with over 700,000 active installations was reported. This vulnerability allowed unauthenticated users to execute commands and upload malicious files on a target site. A patch is already available.
• A security researcher revealed that specially crafted Windows 10 themes could be used to perform Pass-the-Hash attacks. These attacks are used to steal Windows login names and password hashes by tricking a user into accessing a remote SMB share that requires authentication.
• Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. During their experiment they found over 800,000 printers that had network printing features enabled and were accessible over the internet.
• The U.S. government’s cybersecurity agency is now requiring federal agencies to implement vulnerability-disclosure policies (VDPs), which would give ethical hackers clear guidelines for submitting bugs found in government systems, by March 2021. Currently, most federal agencies lack a formal mechanism to receive information from white-hat hackers about potential security vulnerabilities on their systems.
• Vangelis Stykas, a researcher at security firm Pen Test Partners, found the new bug in SonicWall’s Global Management System (GMS), a web app that lets IT departments remotely configure their SonicWall devices across the network. The vulnerability could allow hackers to break into thousands of corporate networks.

Cybersecurity Blog Posts

• Security configuration management (SCM) involves maintaining a secure baseline configuration for an organization’s systems and monitoring those assets for deviations from that baseline. David Bisson explained how security teams could best implement SCM in practice.
• Anton Chuvakin shared some quotes from a series of papers on the future of SOC which he is working on.
• Cynthia Brumfield analyzed a new report from the Carnegie Endowment which seeks to give law and policy makers a better understanding of cloud security risks. According to the report the benefits of cloud security are linked to systemic risks.

Research & Analytics

• According to new survey 2020 Phishing Attack Landscape Report by Cybersecurity Insiders, the frequency of phishing threats has risen considerably throughout the last few months, with companies experiencing an average of 1,185 attacks every month. Additionally, 38% of respondents report that an employee fell victim to an attack within the last year. As a result, 15% of organizations are now left spending anywhere from one to four days remediating malicious attacks during what is already a precarious and strenuous time for many.
• In 2020 an estimated 2 billion breached records have gone up for sale on various darkweb markets. What happens to those records? Where do they end up, and how does it impact consumers? Report The Fortnite Underground Cybercrime Economy report  provides an inside look at the lucrative billion dollar a year economy of hacked consumer gaming accounts, where cyber criminals are earning upwards of $40,000 per week in profits.
• RiskIQ released its annual Evil Internet Minute report. The company analyzed the volume of malicious activity on the internet, revealing that cybercrime costs organizations $24.7 per minute, a year-over-year increase of more than $2 every minute. The research projects that it will have a per-minute global cost of $11.4 million by 2021, a 100% increase over 2015.
• Researchers from the International Digital Accountability Council (IDAC) analyzed 496 educational apps in 22 countries and found privacy issues in many programs. Some apps provided user location data to third-party advertisers and also collected device identifiers.
• The report Phishing Activity Trends Report: 2nd Quarter 2020 by APWG revealed that scammers requested funds in the form of gift cards in two-thirds of business email compromise (BEC) attacks. APWG member examined thousands of BEC attacks that occurred in the second half of 2020. It found that 66% of them involved gift cards. By contrast, direct bank transfers factored in just 18% of attacks, followed close behind by payroll diversions at 16%.
• Mozilla has conducted new research conforming that browser history can be used to identify users. They found that most users follow familiar web browsing patterns, and this allows online advertisers to create their accurate profiles.
• Group-IB published a report about Russian-speaking group UltraRank, which has attacked about 700 online stores in Europe, Asia, North and Latin America in five years. Cybercriminals has conducted campaigns using JS-sniffers, improved their infrastructure, created monetization instruments, and modified malicious code.
• Kaspersky published a report describing cyber espionage campaigns organized by DeathStalker group which attacks financial and legal SMB enterprises around the world. Infection occurs through phishing emails containing archives with malicious files.

Major Cyber Incidents

• Unidentified hackers successfully infiltrated and deleted the entire database of Bykea, Pakistan-based company offering vehicles for hire and delivery. The company remained unaffected because they already had backups in place to counter any such situation.
• The CyberNews research team discovered an unsecured data bucket that belongs to View Media, an online marketing company. The bucket contains close to 39 million US user records, including their full names, email and street addresses, phone numbers and ZIP codes.
• The Twitter handle of Indian Prime Minister Narendra personal website was hacked. The person behind the PM Modi’s account was asking users to donate cryptocurrency.
• Scans of 54,000 Australian driver’s licenses were exposed in an open Amazon Simple Storage Service, or S3, bucket. The exposed data includes 108,535 scans of the fronts and backs of New South Wales driver’s licenses, which list birth dates, physical addresses and driver’s license numbers.
• Around 900 items of authentication data for access to VPN servers, provided by Pulse Secure LLC of the United States, were found to have been stolen and leaked online, of which 90 were linked to Japan, according to an expert and others familiar with the matter.
• The company behind one of India’s most popular travel booking sites exposed 43GB of customer and corporate data which were deleted by “Meow” attacker. The RailYatri’s server stored 37 million records linked to around 700,000 unique users of the popular site, a mobile app version of which has been downloaded over 10 million times on Google Play.
• Freepik, a popular platform for designers offering free graphic resources has announced that it has suffered a massive data breach affecting users on Freepik.com and Flaticon.com. A hacker managed to exploit an SQL vulnerability stealing 8.3 million records from both platforms collectively.