new Russian IT Security updates:
SecurityLab, [06.11.19 16:12]
The Libarchive compression library, which is included by default in Debian, Ubuntu, Gentoo, Arch Linux, FreeBSD, and NetBSD distributions, contains a vulnerability that allows an attacker to execute arbitrary code on an attacked system.
The problem does not affect macOS and Windows, where Libarchive plays the role of a utility to decompress data.
Critical vulnerability fixed in Libarchive (https://www.securitylab.ru/news/502361.php)
SecurityLab, [07.11.19 04:34]
Much has been said about the weakness of the „perimeter“ approach.
A year ago, there was a revealing story with cyber-robbers of Eastern European banks using the DarkVishnya technique.
Someone disguised as a courier or a job seeker would sneak into the office, find power outlets or a PC in the conference room, and plug in a miniature laptop, a Raspberry Pi, or A hundred-dollar bash Bunny USB stick.
Further penetration into the network and the search for systems that control ATMs were conducted through modems over cellular communications.
Banks have suffered hundreds of millions of dollars in damage.
SecurityLab, [07.11.19 08:12]
Chinese law enforcement officials stopped the activities and arrested members of a cybercrime group that manages a DDoS botnet of 200 thousand infected sites.
The operation is the first serious step of the Chinese authorities in the fight against the impressive local market of DDoS services, writes ZDNet.
Chinese market DDoS services lost the largest botnet (https://www.securitylab.ru/news/502365.php)
SecurityLab, [07.11.19 08:22]
Security experts do not recommend that users restart their computers after being infected with ransomware, as the situation can only get worse in certain circumstances.
This can lead to restart the interrupted process of encryption of files and the potential loss of encryption keys stored in memory.
Experts advise not to restart your computer after being infected with ransomware (https://www.securitylab.ru/news/502366.php)
SecurityLab, [07.11.19 08:42]
Positive Technologies invites you to participate in the webinar „What’s new in MaxPatrol 8“, which will be held on November 14 from 14: 00 to 15: 00 (Moscow time).
Positive Technologies invites you to the webinar „what’s new in MaxPatrol 8“
SecurityLab, [07.11.19 09:02]
Posing as technical support scammers actively exploit a bug in the Firefox browser in order to force victims to turn to them for“help“.
Fraudulent ‚tech support‘ takes advantage of new Firefox blocking bug (https://www.securitylab.ru/news/502368.php)
SecurityLab, [07.11.19 09:52]
Facebook said in an official blog post that even after restricting access to the Groups system last year, some app developers have retained access to member information.
Since April 2018, approximately 100 developers have retained access to user information, and at least 11 of them have taken advantage of the opportunity in the last 60 days.
About 100 developers could keep unauthorized access to Facebook Groups data (https://www.securitylab.ru/news/502370.php)
SecurityLab, [07.11.19 10:02]
Following the meeting held on 1 November this year, a Panel of the interior Ministry has instructed relevant agencies to develop legal mechanism seizure of virtual assets, in particular cryptocurrency for their confiscation.
Until December 31, 2021, the interior Ministry, Rosfinmonitoring, the Prosecutor General’s office, the Investigative Committee, the Ministry of justice, the FSB, the FCS and the FSSP with the participation of the Supreme court should submit their proposals, writes „RBC“.
In Russia there will be a mechanism of confiscation of cryptocurrencies (https://www.securitylab.ru/news/502371.php)
SecurityLab, [07.11.19 11:02]
A former employee of Trend Micro stole the personal data of about 70.000 customers of the company.
The stolen information was used to conduct fraudulent attacks.
Trend Micro announced this in its official blog. An employee of Trend Micro sold data to about 70 thousand customers of the company (https://www.securitylab.ru/news/502373.php)
SecurityLab, [07.11.19 13:32]
Positive Technologies summed up the results of the survey „Labor costs of is specialists to work with SIEM-systems“.
The study showed that the labor costs of working with SIEM-system-a sore point for most companies.
The size of SIEM-team almost in half of cases does not exceed two people, and their time of work with system grows.
Working time at SIEM increased for 62% of is specialists (https://www.securitylab.ru/news/502378.php)
SecurityLab, [07.11.19 14:02]
Security researchers have warned the Indian space research organization (ISRO) of a cyberattack allegedly by North Korean criminals that is part of a large scale malware campaign.
The warning came during the chandrayan-2 lunar mission, the Financial Times reported, citing sources familiar with the situation.
North Korean cyber criminals are targeting the Indian space Agency (https://www.securitylab.ru/news/502380.php)
SecurityLab, [07.11.19 15:12]
The Russian Federation may soon introduce liability not only for the sale of personal data, but also for their purchase.
On Thursday, November 7, at the conference „protection of personal data“ said the head of Roskomnadzor Alexander Zharov.
In Russia, can be imposed the responsibility for the purchase of personal data (https://www.securitylab.ru/news/502379.php)
SecurityLab, [07.11.19 15:12]
Researchers from the Ruhr University in Bochum (Germany) discovered a vulnerability in some new models of programmable logic controllers (PLCs) from Siemens, associated with the presence of a hidden access function.
The problem can be used both by attackers to conduct cyberattacks and become a useful tool for security researchers.
Siemens PLC detected hidden access function (https://www.securitylab.ru/news/502383.php)
SecurityLab, [07.11.19 15:42]
VpnMentor experts have discovered a vulnerability in AsusWRT SOFTWARE that allows attackers to gain access to the victim’s Wi-Fi network and connected smart devices like Amazon Alexa.
Vulnerability in AsusWRT puts housing at risk of burglary (https://www.securitylab.ru/news/502384.php)
SecurityLab, [08.11.19 08:12]
A total of $315.000 earned participants hacking competition Pwn2Own 2019, held November 6-7 in Tokyo.
During the competition, participants discovered 18 previously unknown vulnerabilities, which the manufacturers of the affected products were immediately notified of.
Manufacturers have a period of 90 days to fix problems.
Pwn2Own 2019 in Tokyo: Results of two days of competitions (https://www.securitylab.ru/news/502389.php)
SecurityLab, [08.11.19 08:32]
Security researchers have discovered a number of vulnerabilities in the firmware of several Cisco small business routers.
Issues affecting the Cisco rv320 and RV325 dual-Gigabit WAN VPN routers involve the presence of embedded password hashes, as well as X. 509 static certificates with matching public and private key pairs and a single static Secure Shell (SSH) key.
Cisco accidentally left encryption keys in the firmware of its routers
SecurityLab, [08.11.19 08:52]
The New York Prosecutor’s office asks for a citizen of the Russian Federation Stanislav Lisov, who participated in cyber attacks using the Trojan NeverQuest, a sentence of five years in prison.
The petition was entered into the database of the Federal court of the southern district of new York on Thursday, November 7, writes TASS.
Russian botnet operator NeverQuest could be jailed for 5 years (https://www.securitylab.ru/news/502391.php)
SecurityLab, [08.11.19 09:52]
A judge in Georgia (USA) is accused of hacking for trying to clean his working computer from spyware.
According to the daily Report, against Kathryn Schrader (Kathryn Schrader) and three hired her researchers charged with three counts of unlawful entry.
Judge charged with hacking for trying to find spyware on his PC (https://www.securitylab.ru/news/502392.php)
SecurityLab, [08.11.19 10:12]
Network storage maker QNAP has warned its customers against an ongoing malware campaign in which cybercriminals infect NAS devices with QSnatch malware capable of stealing user credentials.
Qsnatch malware attacks QNAP network drives (https://www.securitylab.ru/news/502394.php)
SecurityLab, [08.11.19 11:12]
Zalishchyky district court of Ternopil region (Ukraine) sentenced him to a fine in the amount of 8.5 thousand UAH. (approximately 22 thousand rubles) storekeeper store, who sold credentials 386 to log into accounts online – service digital distribution of computer games Steam.
The attacker was charged under article 361-2 part 1 of the criminal code of Ukraine (unauthorized sale of information with limited access stored in automated systems, computer networks, created and protected in accordance with current legislation).
The Ukrainian was fined for selling credentials 386 account in Steam (https://www.securitylab.ru/news/502395.php)
SecurityLab, [08.11.19 12:42]
Jetico has unveiled a Mac version of its BestCrypt Volume Encryption Enterprise Edition solution designed to encrypt hard drives.
The product provides the ability to encrypt disks both on-premises and in cloud environments.
The tool can also run in the cloud, allowing administrators to manage encryption processes without the need to configure and maintain a dedicated server for these tasks.
New IB solutions of the week: November 8, 2019 (https://www.securitylab.ru/news/502396.php)
SecurityLab, [08.11.19 13:52]
A team of researchers from Microsoft Defender ATP has identified a link between the BlueKeep attacks in November and a malicious cryptocurrency mining campaign in September this year that used the same C&C server infrastructure.
SecurityLab, [21.11.19 08:13]
Microsoft has denied rumors that its Microsoft Teams platform was used by cybercriminals to infect corporate networks with ransomware.
Microsoft: Microsoft Teams and BlueKeep were not used in the DoppelPaymer attacks (https://www.securitylab.ru/news/502752.php)
SecurityLab, [21.11.19 08:43]
Iranian cybercriminals have carried out some of the most devastating cyber attacks in the past decade, destroying entire computer networks across the Middle East and the US.
Now, however, one of the most active cybercrime groups in Iran seems to have changed its targets and instead of standard IT networks, has targeted physical control systems used in electricity, manufacturing and oil refineries.
Iranian group APT33 targets industrial control systems (https://www.securitylab.ru/news/502755.php)
SecurityLab, [21.11.19 09:13]
The winter holiday season is about to begin – a time for exchanging gifts and … personal data, experts warn.
Mozilla has published a new edition of the guide to choosing gifts (https://www.securitylab.ru/news/502760.php)
SecurityLab, [21.11.19 10:23]
The French hospital Claire de Rouen (Hôpital Charles-Nicolle de Rouen) was the victim of an attack using ransomware, the consequences of which are comparable to WannaCry, which struck the hospitals of the national health service of the UK in 2017.
French hospital suffered ransomware damage comparable to WannaCry attack (https://www.securitylab.ru/news/502769.php)
SecurityLab, [21.11.19 10:23]
In Stavropol, a verdict was passed on a Bank employee who used his official position to sell personal data of clients.
In Stavropol, a Bank employee photographed the monitor and sold customer data (https://www.securitylab.ru/news/502772.php)
SecurityLab, [21.11.19 11:23]
Amnesty International, a nonprofit organization, published a report suggesting that tech giants Facebook and Google change their business model and stop relying on user data. The constant surveillance of billions of people around the world by companies threatens human rights and freedom of speech, according to the report.
Facebook and Google surveillance practices threaten human rights (https://www.securitylab.ru/news/502774.php)
SecurityLab, [21.11.19 13:46]
Implementing changes in a particular technology or a particular function today, we have a clear idea of the direction in which we want to develop and improve it tomorrow. https://www.securitylab.ru/analytics/502778.php
SecurityLab, [21.11.19 14:03]
Linux servers running vulnerable Webmin software are subject to cyberattacks and fall under the control of a new peer-to-peer (p2p) botnet called Roboto.
Webmin Linux servers attacked by Roboto botnet (https://www.securitylab.ru/news/502779.php)
SecurityLab, [21.11.19 14:26]
Security? Pentest? The reverse? Hacking? Participate in the online competition from Otus and VolgaCTF + CTF.Moscow
The open University Online education, „VolgaCTF“ and СTF.Moscow invites all interested to try their hand in any of the three areas of our online CTF. Learn more about the competition, directions and awards at the open webinar “all about CTF online “ on December 4 at 20.00 (Moscow time). Register now – and take part! https://otus.pw/bNi4/
We are waiting for everyone who has experience and who is professionally interested:
Linux security + Secure development
Come! The tasks will not be easy, and the rewards will be worthy.
SecurityLab, [21.11.19 14:43]
Thursday, November 21, the state Duma adopted in the third final reading the law on mandatory pre-installation of domestic for smart device, as well as the law introducing heavy fines for non-compliance on the storage in Russia of personal data of Russians.
The state Duma adopted a law on the pre-installation of Russian SOFTWARE (https://www.securitylab.ru/news/502786.php)
SecurityLab, [21.11.19 15:03]
A resident of Primorye used a mining farm to mine cryptocurrency and accidentally caused fires in the apartments of neighbors. The cause of the fire was a strong load on power supplies caused by the work of the mining farm.
The owner of a mining farm in Primorye burned the apartment of neighbors (https://www.securitylab.ru/news/502787.php)
SecurityLab, [21.11.19 15:33]
Even after the release of updates, popular applications remain uncorrected in the Internet catalog of the Google Play Store, Check Point specialists found in the framework of the study. Instagram Facebook posts, and wechat posts can be accessed by attackers, they say, in particular, and location data can be retrieved from Instagram, altered, and read.
Facebook instagram and WeChat apps are not updated in the Google Play Store (https://www.securitylab.ru/news/502788.php)
SecurityLab, [21.11.19 15:43]
Google has made a belated attempt to justify its“ Project Nightingale “ (Project Nightingale), in which it collected medical data of patients in the US. According to Google, the collection of patient data of the Ascension hospital network was carried out legally within the framework of a business cooperation agreement. The agreement allows the exchange of certain patient data in accordance with applicable law.
Google has tried to justify its program to collect patient data