This Week in Security News: More Than 8,000 Unsecured Redis Instances Found in the Cloud and Wiper Malware Called “Coronavirus” Spreads Among Windows Victims
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about 8,000 Redis instances running unsecured in different parts of the world, even deployed in public clouds. Also, read about a new Windows malware, called “Coronavirus,” that makes disks unusable by overwriting the master boot record (MBR).
Read on:
COVID-19: How Do I Work from Home Securely?
In light of the current COVID-19 crisis, shelter-in-place orders have forced many companies to support remote work. However, hackers are primed and ready to take advantage of home workers, whose machines and devices may not be as secure as those in the office. In this blog, learn about some of the major threats to home workers and their organizations, and what can be done to keep hackers at bay.
Vulnerability Researchers Focus on Zoom App’s Security
Researchers have turned up security and privacy flaws in Zoom, which has had success during the pandemic. In late March, one red-team member found that Zoom would display universal naming convention (UNC) paths as links, which, if clicked, would send a username and password hash to an attacker-controlled system. In this article, Brian Gorenc of Trend Micro’s ZDI program shares insight into Zoom vulnerabilities.
More Than 8,000 Unsecured Redis Instances Found in the Cloud
Trend Micro discovered 8,000 Redis instances running unsecured across the globe, even deployed in public clouds. The instances have been found without Transport Layer Security (TLS) encryption and are not password protected. When left unsecured and allowed to be internet-facing or integrated into IoT devices, cybercriminals can find and abuse Redis servers to launch attacks such as SQL injections, cross-site scripting, malicious file uploads, and even remote code execution, among others.
Vulnerable VPN Appliances at Healthcare Organizations Open Doors for Ransomware Gangs
The increased enterprise VPN use due to the COVID-19 pandemic and the work-from-home shift has not gone unnoticed by ransomware gangs, Microsoft warns. Microsoft has pinpointed several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure and decided to notify them directly about it and offer advice on how to keep safe.
Cloud-First but Not Cloud-Only: Why Organizations Need to Simplify Cybersecurity
The global public cloud services market is on track to grow 17% this year, topping $266 billion. However, while many organizations may describe themselves as “cloud-first”, they’re certainly not “cloud-only.” Hybrid cloud is the name of the game today: a blend of multiple cloud providers and multiple datacenters. While driving agility, differentiation and growth, this new reality also creates cyber risk.
Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data
Cybersecurity researchers have uncovered an ongoing new Magecart skimmer campaign that has successfully compromised at least 19 different e-commerce websites to steal payment card details. According to a recent report, RiskIQ researchers spotted a new digital skimmer, dubbed “MakeFrame,” that injects HTML iframes into webpages to phish payment data.
The AWS Service to Focus On – Amazon EC2
Trend Micro recently analyzed the most affected AWS Services, finding that EC2-related issues topped the list with 32% of all issues and S3 contributed to 12% of all issues. While cloud providers offer a secure infrastructure and best practices, many customers are unaware of their role in the shared responsibility model. In this blog, learn how to secure data and configure environments with AWS best practices.
Wiper Malware Called “Coronavirus” Spreads Among Windows Victims
A new Windows malware has emerged that makes disks unusable by overwriting the master boot record (MBR). It takes its cue from the COVID-19 pandemic, calling itself simply “Coronavirus.” Overwriting the MBR is the same trick that the infamous NotPetya wiper malware used in 2017 in a campaign that caused widespread, global financial damage.
Raccoon Stealer’s Abuse of Google Cloud Services and Multiple Delivery Techniques
Raccoon Malware as a Service (MaaS) can steal login credentials, credit card information, cryptocurrency wallets and browser information. It can arrive on a system through delivery techniques such as exploit kits, phishing and bundled with other malware. In this blog, Trend Micro investigates campaigns that used exploit kits Fallout and Rig, and observes its use of Google Drive as part of its evasion tactics.
Developing Story: COVID-19 Used in Malicious Campaigns
The COVID-19 pandemic is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware and malicious domains. As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure also increase. Trend Micro researchers are periodically sourcing for samples on COVID-19-related malicious campaigns.
Threat Actors Abuse Evernote, Other Shared Platforms for Credential Phishing
Trend Micro researchers found campaigns that abuse the note-taking platform Evernote to host credential-phishing pages. The campaigns also exploit other shared platforms for editing images, making infographics and charts, and creating brand templates. Evernote’s notebook sharing functionality that uses public links is what threat actors exploited to spread malicious PDF files via phishing emails.
Malicious Domains and Files Related to Zoom Increase, ‘Zoom Bombing’ on the Rise
As the use of video conferencing platforms has increased with many people working from home due to the COVID-19 outbreak, cases of “Zoom Bombing” and malicious domains and files related to Zoom have also been on the rise. Registrations of domains that reference the name of Zoom has significantly increased, and other communication apps such as Google Classroom have been targeted as well.
Russian Investigators Bust Credit Card Fraud Ring
Russian federal investigators have arrested at least 25 people accused of operating a credit card fraud ring, according to a statement released by the Russian Federal Security Service (FSB). Those charged allegedly included a card fraud kingpin and two dozen associates linked to more than 90 websites that sold stolen credit card data and operated internationally.
A recent Microsoft blog reported the tech giant had seen a “775 percent increase of our cloud services in regions that have enforced social distancing or shelter in place orders.” That line was wrong: the almost 8x increase only pertained to monthly users of the Microsoft’s Teams collaboration platform, and only in a one-month period in Italy, a region of the world particularly impacted by the virus.
Using Zoom? Here’s How to Keep Your Business and Employees Safe
The COVID-19 crisis has sparked a new wave of phishing, BEC, extortion, ransomware and data breach attempts, and although it’s not the only platform being targeted, Zoom has been the subject of some of the highest-profile incidents so far. Fortunately, there are things organizations can do to protect their business and their employees. In this blog, learn about best practices you can use to help secure your Zoom conferences.
Have you or your organization been a victim of “Zoom Bombing”? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
Read More HERE