[German]At the end of the week a collection of security topics that have come to my attention over the last days and for which I do not want to create a separate blog post.
Advertising
Brit Cybercrime Vigilante hacks Microsoft Scammer
Many know that fraudulent phone calls of alleged Microsoft employees from India, who only want one thing: Access to the victims' PCs and then make some money. These is organized from call centers located in India or neighboring countries.
A UK cybercrime vigilante was so incensed by tech support scammers he reverse-hacked the call centre in India to reveal CCTV footage of perpetrators as they ripped off their victims in real-life calls. ☎️ pic.twitter.com/yr1Ux7IUPL
— Naked Security (@NakedSecurity) March 4, 2020
A cybercrime vigilante from Great Britain hacked into the computer and video surveillance system of such a call center in India and was able to record 70,000 conversations, some of them on video, of such fraudsters. The BBC has published an article (with video) about this. Another article may be read at Sophos naked security.
Xencrypt: A PowerShell Script Antivirus Evasion Tool
Cyber criminals try to hide their damaging routines by encryption. The detection of harmful content by virus scanners is likely to become even more difficult in the future.
Xencrypt – A PowerShell Script Anti-Virus Evasion Tool https://t.co/esTelyVx1n
— Nicolas Krassas (@Dinosn) March 2, 2020
Security researcher Nicolas Krassas refers in the above tweet to a new tool called Xencrypt. The tool is free and is designed to protect harmful PowerShell scripts against detection by anti-virus software by using AES encryption.
Advertising
Overview of Malware Evasion techniques
Malware attempts to evade analysis in sandboxes and virtual machines. To do this, the Malware must recognize whether it is currently running in such an environment. The Malware Evasion Encyclopedia lists over 50 techniques used by various malware to detect virtualized and sandbox environments. The following Tweet points this out.
Evasion techniques – Malware Evasion Encyclopedia, which contains over 50 techniques used by various malwares to detect virtualized and sandboxed environments. https://t.co/JQUeP4YPcn
— /r/netsec (@_r_netsec) March 1, 2020
This knowledge collection on malware evasion techniques is intended to support IT security departments in their work.
The crux of the browser extensions
Some users enrich their browser with numerous extensions that provide additional functionalities – and also additional vulnerabilities.
Last week I notified Blue Shield of Calif. that its site was flagged by antivirus products as serving malicious content. Turns out a browser extension (Page Ruler) used by someone editing the site was sold to shady marketers and inserted javascript calls. https://t.co/DM3nqR6m8i pic.twitter.com/Ii4abGP9Zw
— briankrebs (@briankrebs) March 3, 2020
In the above tweet, US security blogger Brian Krebs reports that he contacted Blue Shield of Calif (a non-profit organization in the medical field) because their website was distributing harmful content. The reason was a browser extension installed by the employee who maintained the websites. The extension had been sold to a dubious marketing company, and now injected JavaScript calls to the web pages.
Talkative browsers
Pay attention to which browser you use if you value privacy. A recently published academic study examined six of the most popular browsers for data sent by surfers to the browser providers' servers. They found that the Brave browser sent the least amount of data about its users back to the browser manufacturer's servers.
Brave deemed most private browser in terms of 'phoning home' to its backend servers
Chrome, Firefox, Safari also tested. Ranked in the middle.
New Edge and Yandex found to track users via a hardware identifier. Also tracked users' browsing history.https://t.co/yBCJsCxZoG pic.twitter.com/AeJM9LciaB
— Catalin Cimpanu (@campuscodi) March 2, 2020
The new Chromium Edge browser as well as the Yandex browser track the user via a hardware ID, which is transmitted and send the surfing history to the developers' servers. Details can be found in the ZDNet article linked via the above tweet.
DuckDuckGo Tracker Radar
The search engine provider DuckDuckGo makes the Tracker Radar publicly available. This is a tool that reveals 5,326 domains used by 1,727 companies and organizations to track users online. DuckDuckGo has published an article about it here.
Password for secret CIA hacking tools: 123ABCdef
Joshua Schulte is accused of capturing top secret CIA hacking tools and then posting them on WikiLeaks, where they were then published. This was part of the Vault 7 Leaks that shook the USA some time ago. With the CIA hacking tools from the Vault 7 Leaks, the American espionage agency was able to gain access to the phones and computers of target persons worldwide.
But Schulte's lawyer Sabrina Shroff has pointed out countless times in this case that the evidence against her client is dangerously thin. In the course of the trial, it also came to light how badly security is at the CIA. The password for Confluence's virtual machine, which contained all the stolen and leaked hacking tools, was 123ABCdef, and the password for the root login to the main DevLAN server was mysweetsummer. These passwords were shared by the entire team and published on the group's intranet. The Register has published an article with more information.
US defense contractor CPI hit by Ransomware
The US defense contractor CPI has fallen victim to a ransomware attack. People may have paid a ransom in January 2020, but the IT systems are still not working properly. So it's not always a good idea to pay in the hope to overcome the mess.
US defense contractor hit by ransomware.
– a standard user was domain admin and opened a malicious link.
– they paid large ransom in January.
– they still haven't been able to recover their systems.Stop paying the ransoms. Also.. be more secure. https://t.co/7zHl3a3kew
— Kevin Beaumont (@GossiTheDog) March 5, 2020
Kevin Beaumont, who is now hired by Microsoft, has mentioned within the above tweet. The path of infection is also interesting: a standard user was a domain administrator and opened a malicious link.
Virgin Media data leak
There have been a data breach at Virgin Media affecting 900,000 people – the reason was an unsecured data base without a password protection. More to find via the tweet below.
The Beeb confirm the Virgin Media incident was a database without a password. Can't be hacked if you didn't try to secure it in the first place. https://t.co/Qfcpy4zozV
— Kevin Beaumont (@GossiTheDog) March 5, 2020
Data leakage costs Cathay Pacific £500,000
In 2018, the airline Cathay Pacific had a hack that captured 9.4 million passenger data. I had reported in the German article Datenleaks und Sicherheit (26.10.2018). Now the British data protection authority ICO has issued a fine of 500,000 British pounds to Cathay Pacific.
UK's ICO Fines Cathay Pacific £500,000 for 2018 Breach https://t.co/Dn7NYFLif2 pic.twitter.com/Nw1NkkClm5
— Infosecurity Mag (@InfosecurityMag) March 5, 2020
China, IoT and data protection
At the last RSAC Security Conference, the security of IoT devices was also discussed. Security experts warned consumers to reconsider buying smart home devices. From vacuum cleaners to baby phones, IoT devices are hackable.
From vacuum cleaners to baby monitors, hackable #IoT devices were on full display at #RSAC last week. @ErezYalon with @Checkmarx warned that consumers should re-think buying smart home devices with potentially invasive cameras. https://t.co/ZYJCuOHbLB
— Threatpost (@threatpost) March 2, 2020
More may be read in the article linked in the tweet above.
Advertising
