Table of Contents
India says Zoom 'not a safe platform' for video conferencing
India said on Thursday videoconferencing software Zoom is "not a safe platform", joining other countries that have expressed concern about the security of an application that has become hugely popular worldwide during the coronavirus lockdown.
Zoom to let you report Zoom-bombing attackers crashing meetings
Zoom's efforts to improve the video conferencing platform's privacy and security will continue next week with the introduction of a user report feature aimed at helping prevent future zoom-bombing attacks. The highlight of next week's incoming improvements is the addition of a new 'Report a User' feature to Zoom's video conferencing platform, accessible via the newly introduced Security icon added to the lower toolbar.
Fake Valorant beta key generators are stealing gamers' passwords
With Riot Game's new eagerly anticipated tactical FPS game Valorant reaching closed beta, gamers around the world have been scrambling to get an invite so that they can start playing the game before its released. As always, when something becomes popular or newsworthy, threat actors try to capitalize on it. Soon after Valorant entered closed beta on April 7th, malware samples began to be released that targets users who are trying to play the game or get beta keys. Most of the malware BleepingComputer has seen being installed are information-stealing trojans that will steal a victim's browser history, saved logins and passwords in browsers, SSH keys, and FTP accounts.
Hackers steal WiFi passwords using upgraded Agent Tesla malware
Some new variants of the Agent Tesla info-stealer malware now come with a dedicated module for stealing WiFi passwords from infected devices, credentials that might be used in future attacks to spread to and compromise other systems on the same wireless network. The new samples are heavily obfuscated and are designed by the malware's author to collect wireless profile credentials from compromised computers by issuing a netsh command with a wlan show profile argument for listing all available WiFi profiles. To get the WiFi passwords from the discovered SSIDs, the Agent Tesla info-stealer issues a new netsh command adding the SSID and a key=clear argument to show and extract the password in plain text for each profile as Malwarebytes' Threat Intelligence team found.
PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
Cisco Talos has discovered a new malware campaign based on a previously unknown family they're calling "PoetRAT." At this time, they do not believe this attack is associated with an already known threat actor. Research shows the malware was distributed using URLs that mimic some Azerbaijan government domains, thus they believe the adversaries in this case want to target citizens of the country Azerbaijan, including private companies in the SCADA sector like wind turbine systems. The droppers are Microsoft Word documents that deploy a Python-based remote access trojan (RAT). The RAT has all the standard features of this kind of malware, providing full control of the compromised system to the operation. For exfiltration, it uses FTP, which denotes an intention to transfer large amounts of data.
Security lapse exposed Clearview AI source code
The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles. But for a time, a misconfigured server exposed the company's internal files, apps and source code for anyone on the internet to find. Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview's source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code.
Wappalyzer reveals data breach after hacker disclosed incident to customers
Wappalyzer, a company that specializes in software that uncovers technologies used on websites by detecting ecommerce platforms, web frameworks, server software and analytics tools, reported a security breach earlier this week after a cyber-thief sent emails to users. It appears that the company became aware of the incident in January 2020, but it chose not to disclose it. Shortly after Wappalyzer customers received an email from the bad actor responsible for the breach, the company confirmed the incident to its clients in an email notification.
Gmail blocked 18M COVID-19-themed phishing emails in a week
Google says that the malware scanners built within the Gmail free email service blocked around 18 million phishing and malware emails using COVID-19 lures within the last week. "Every day, Gmail blocks more than 100 million phishing emails," Gmail Security PM Neil Kumaran and G Suite & GCP Lead Security PM Sam Lugani explain. "During the last week, we saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages."
Sipping from the Coronavirus Domain Firehose
Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic. By most measures, the volume of new domain registrations that include the words "Coronavirus" or "Covid" has closely tracked the spread of the deadly virus. The Cyber Threat Coalition (CTC), a group of several thousand security experts volunteering their time to fight COVID-related criminal activity online, recently published data showing the rapid rise in new domains began in the last week of February, around the same time the Centers for Disease Control began publicly warning that a severe global pandemic was probably inevitable.
Slack phishing attacks using webhooks
Slack Incoming Webhooks allow you to post messages from your applications to Slack. By specifying a unique URL, your message body, and a destination channel, you can send a message to any webhook that you know the URL for in any workspace, regardless of membership. AT&T security has written a post on how Slack Webhooks can be abused for "phishing attacks".
Auth0 JWT Auth Bypass: Case-Sensitive Blacklisting Is Harmful
CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification
California Needlessly Reduces Privacy During COVID-19 Pandemic
On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal information through telehealth mediums.
Romance Scams and Business Email Compromise in the Time of Coronavirus
Law enforcement agencies around the world are reporting a surge in romance scams as fraudsters seek to cash in on the profound loneliness many people are feeling due to social distancing amid the coronavirus pandemic. Those who fall prey could face financial ruin or get conned into criminal acts. But banks and other businesses could lose millions in the process. According to data from the Federal Trade Commission, consumers in the US alone lost $201 million to romance scams in 2019. That's a 40% increase from the previous year. It's also six times higher than the $33 million lost to such crimes in 2015. Factor in the volatile mix of stress, economic anxiety, and social isolation so many are experiencing thanks to the COVID-19 outbreak, and those figures may be about to hit the stratosphere. If they do, it'll also be just the start of it.
Pastebin Made It Harder To Scrape Its Site And Researchers Are Pissed Off
The most famous paste site, used by hackers of all stripes to host lists of stolen passwords, announcements of data breaches, and malware has made it harder for security researchers to scrape it looking for that kind of information. And security researchers are pissed off. Pastebin is one of the most famous websites that allows anyone, even without being registered, to "paste" any kind of text and make it public. Over the years, it became a repository for all kinds of unsavory data, such as the personal details of people who got doxed by hackers, leaked passwords, hacker manifestos, and even malware payloads. Naturally, this meant it was a treasure trove for security researchers investigating data breaches or hunting hackers.