• Microsoft Adds Live Response Capabilities to Defender ATP
    In an effort to to help security teams more easily investigate incidents on remote machines, Microsoft has added live response capabilities to its Microsoft Defender ATP offering. Now available in public preview, the live response capabilities can provide instantaneous access to a compromised machine regardless of where it is located and enabling security teams to quickly gather forensic information. “Live response is a capability that gives you instantaneous access to a machine using a remote shell connection. “There are two roles that can be granted access to live response using RBAC, allowing users to run basic commands, or advanced commands like PowerShell scripts or binary tools, download files, etc.,” the Microsoft Defender ATP team notes in a blog post. To enable the live response capability, one should access the Advanced features settings page (only editable by users who manage security or global admin roles). A list of supported commands, along with additional information on how to use the live response capability, can be found in this Microsoft article.Read More
  • Crypto-currency investment scams triple in the UK, bagging £28 million
    Scams that offer the promise of getting rich quick though crypto-currency investments have tripled in the UK, swindling close to £28 million in the past twelve months, observed the Financial Conduct Authority and Action Fraud, a cyber-crime reporting service run by City of London Police. According to US prosecutors, the scheme has amassed US$ 4 billion (£3.13 billion) worldwide from victims.   "Fraudsters often use social media to promote their ‘get rich quick’ online trading platforms," said the FCA announcement. These then link to professional-looking websites where consumers are persuaded to invest." Each victim lost £14,600 on an average, taking up the total amount stolen through bogus foreign exchange and crypto-trading offers to £27.3 million.   Nir Kshetri, professor of management at University of North Carolina, noted earlier that swindlers use a mix of old-fashioned and new-technology tactics to trap prospective victims.   He says that once started, the scheme stays alive through social media and spreads through the personal network of the victims.Read More
  • Skimmer acts as payment service provider via rogue iframe
    Since some stores will not process payments on their own site, one might think that even if they were compromised, attackers wouldn’t be able to steal customers’ credit card data. Skimmer injects its own credit card fields Small and large online retailers must adhere to security requirements from Payment Card Industry Data Security (PCI-DSS) that go well beyond using SSL for their payment forms. For example, right below the credit card field is text that says, “Then you will be redirected to PayuCheckout website when you place an order.” Why would a merchant want to get their customers to type in their credit card again and hurt their conversion rate? Traffic capture showing the steps involved in credit card theft As we mentioned, injected code is present in all the PHP pages of that site, but it will only trigger if the current URL in the address bar is the shopping cart checkout page (onestepcheckout). The rogue, previously non-existent credit card fields It also loads another long and yet again obfuscated script ([hackedsite]_iframe.js) where “hackedsite” is the name of the e-commerce site that was hacked.Read More
  • UK warns over online trading scams
    "It's vital that people carry out the necessary checks to ensure that an investment they're considering is legitimate," Pauline Smith, director of Action Fraud, Britain's national centre for reporting fraud and cybercrime, said of cryptocurrencies The number of cryptocurrency and foreign exchange-based "get rich quick" scams is booming in Britain, authorities warned on Tuesday. Reported cases of the bogus online investment surged to more than 1,800 in 2018/2019. The data was collated by the Financial Conduct Authority regulator and Action Fraud UK, which is Britain's national centre for reporting fraud and cybercrime. Criminals promote "get rich quick" schemes on social media, urging people to invest cash on fraudulent online trading platforms. "These figures are startling and provide a stark warning that people need to be wary of fake investments on online trading platforms," said Action Fraud director Pauline Smith.Read More
  • Satan Ransomware Expands Portfolio of Exploits
    A recently observed Satan ransomware variant has added exploits to its portfolio and is looking to compromise more machines by targeting additional vulnerabilities. Satan is targeting both Linux and Windows machines and attempts to propagate by exploiting a large number of vulnerabilities. The malware continues to exploit vulnerabilities previously targeted, including JBoss default configuration vulnerability (CVE-2010-0738), Tomcat arbitrary file upload vulnerability (CVE-2017-12615), WebLogic arbitrary file upload vulnerability (CVE-2018-2894), WebLogic WLS component vulnerability (CVE-2017-10271), Windows SMB remote code execution vulnerability (MS17-010), and Spring Data Commons remote code execution vulnerability (CVE-2018-1273). The ransomware developers decided to remove Apache Struts 2 remote code execution vulnerabilities from the list of exploits, for unknown reasons. However, several web application remote code execution exploits were added to the list, and were implemented in both the Linux and Windows versions.Read More
  • Millions of Golfers Land in Privacy Hazard After Cloud Misconfig
    A database with millions of data points on games played plus sensitive information was left right in the middle of the internet fairway for all to see. Finding cloud databases with sensitive information left open to the internet has become par for the course these days – as a new exposure of millions of sensitive data points for the users of a golf app demonstrates. Millions of golfer records from the Game Golf app, including GPS details from courses played, usernames and passwords, and even Facebook login data, were all exposed for anyone with an internet browser to see — a veritable hole-in-one for a cyberattacker looking to build profiles for potential victims, to be used in follow-on social-engineering attacks. Further inspection showed that it belongs to Game Golf, which is a family of apps developed by San Francisco-based Game Your Game Inc. Game Golf comes as a free app, as a paid pro version with coaching tools and also bundled with a wearable.Read More
  • AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach
    On late Monday, AT&T warned visitors on its website of a “data incident” with an ominous banner at the top of the company’s homepage, according to people who visited the page at the time. The banner linked to a confusing and incomplete FAQ, which also contained a link to a site where users could enter their number to check if they were affected. The page contained a lot of the usual boilerplate language companies use when a data breach happens, but it didn’t actually contain any details. Regardless, the boilerplate FAQ is an interesting peek behind the curtain at how companies prepare for data breaches, and at how they pre-plan their apologies: "We apologized to all who were affected, and we've taken appropriate steps to help prevent this from happening again," the page said. On one hand, AT&T deserves praise for having a placeholder data breach page ready to go in case of a data breach. On the other, it’s embarrassing that the test page and banner went live by mistake, alarming some users.Read More
  • Phishing Kit 16Shop Targets Apple Users
    “It's a true multi-level kit, running different stages for different brands, depending on the information the victim provides. While 16Shop is sold to criminals looking to collect sensitive information from a targeted subset of the Internet community, at least one pirated version circulating online houses a backdoor that siphons off the data harvested and delivers it to a Telegram channel – proving once more that there is no honor among thieves," wrote Akamai researcher Amiram Cohen. The phishing kit was allegedly developed by an Indonesian whom Cohen said “has the skill to be a legitimate security community member, as well as the skills to maintain a healthy career in development. However, some users of the phishing kit have been sharing their criminally obtained information without their knowledge through a backdoor that makes a copy of the victim's information and secrets it over to a bot waiting in a room on Telegram, according to Cohen.Read More
  • Nearly 20% of top 1000 most popular Docker containers found using NULL password
    Nearly 20% of the top 1000 most popular Docker containers were found using a NULL password. Researcher Jerry Gamblin found 194 Docker images for which root accounts were set up with blank passwords. This can expose users' systems to attacks under certain conditions.Read More
  • Permission to intrude: hiring hackers to bolster cyber defences
    In fact, large corporations such as Airbnb, PayPal and Spotify, recently revealed that they have willingly spent over £38M on ethical hackers to tighten their cyber defences and avoid crippling data breaches. Ethical hackers can play a fundamental role in helping security teams consider every single possible attack vector when protecting applications. Whilst security architects have a wealth of knowledge on industry best practise, they often lack first-hand experience of how attackers perform reconnaissance, chain together multiple attacks or gain access to corporate networks. Equipped with – one hopes – all the skills and cunning of their adversaries, the ethical hacker is legally permitted to exploit security networks and improve systems by fixing vulnerabilities found during the testing. While it may sound counter-intuitive to make use of hackers to help plan and test our cyber defences, the one thing they have in abundance is valuable, hands-on experience.According to the 2019 Hacker Report, the white hat hacker community has doubled year over year. At the end of the day, a hacker is a hacker.Read More