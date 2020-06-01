Security Leftovers
-
Another Intel Speculative Execution Vulnerability
That has turned out to be true. Here's a new vulnerability:
On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel's Software Guard eXtension, by far the most sensitive region of the company's processors.
-
Honda Ransomware Confirms Findings of Industrial Honeypot Research [iophk: Windows TCO]
Through this account, the attackers uploaded a PowerShell script that created a backdoor user account called 'Admin'. This ensured future access and created persistence that allowed the attackers to upload additional attack tools. One of these was Mimikatz, which was used to steal user credentials for lateral movement beyond the initial compromised server. In this instance, it failed because none of the credentials obtained could access the domain controllers. Instead, the attackers used a network scanner to discover additional endpoints. Only after as many endpoints as possible were detected and compromised was the ransomware simultaneously detonated.
-
Job application-themed malspam pushes ZLoader [iophk: Windows TCO]
Last week, I published a diary about ZLoader malware spread through Polish malspam. Today's diary reviews more ZLoader spread through a different malspam campaign. Two interesting points about this campaign: [...]
-
This was inevitable: 'Thanos' ransomware weaponizes research tool against Microsoft Windows users
Scammers on cybercriminal forums are marketing a new strain of ransomware, dubbed “Thanos,” to other attackers aiming to infiltrate computers running Microsoft Windows, according to research published Wednesday by threat intelligence firm Recorded Future. Thanos operates much like similar [cracking] tools — encrypting victims’ files until they pay a shakedown fee — except that it’s the first ransomware built, in part, based on a proof-of-concept from security researchers who previously marketed their computer code as a way to bypass Windows 10 security protocols as part of otherwise legitimate tests.
-
[Attackers] use fake contact tracing apps in attempt to install banking malware on Android phones
Twelve applications posing as coronavirus contact tracing apps available outside mainstream marketplaces are designed to steal personal and financial information from unwitting Android users.
Apps meant to impersonate official government tracing apps from countries including Italy, Russia and Singapore trigger malicious software capable of collecting a range of data from user’s devices, the threat intelligence firm Anomali found in research shared with CyberScoop prior to its publication. It’s the latest example of [attackers] and scammers exploiting global events to try stealing from anxious smartphone users who, in this case, would have believed they were downloading an app designed to measure the prevalence of COVID-19 in their community.
-
U.S. Officials Ask Juniper Networks About Investigation Into 2015 Backdoor
More than a dozen U.S. officials have sent a letter to California-based networking and cybersecurity solutions provider Juniper Networks to ask the company about the results of the investigation launched in 2015 following the discovery of a backdoor in its products.
-
Google Researcher Finds Vulnerability in VMware Virtualization Products
The flaw, tracked as CVE-2020-3960, was reported to VMware by Cfir Cohen, a researcher from Google's cloud security team.
According to VMware, Cohen discovered that ESXi, Workstation and Fusion are affected by an out-of-bounds read vulnerability that can allow an attacker with non-admin access to a virtual machine to read privileged information from memory.
-
Senate Intelligence Committee wants DNI to investigate commercial spyware threats
The Senate Intelligence Committee quietly approved a measure last week that would require the Director of National Intelligence to submit a report to Congress on the threats posed by foreign governments’ and entities’ use of commercially available surveillance software.
The DNI’s report, which would be sent to Congress 180 days after the Intelligence Authorization Act for 2021 passes, would include information on how the U.S. — and other countries — can work to reduce the threats of commercial spyware, including through export controls, diplomatic pressure, trade agreements, and work with the technology and telecommunications sectors to better secure consumers’ software.
-
