SecurityLab, [24.03.20 08: 05]
Cybercriminals hack Windows PCs through a previously unknown vulnerability in the Adobe Type Manager library (atmfd.dll) used by the operating system to process PostScript type 1 fonts. Microsoft described attacks exploiting this vulnerability as „targeted“ and „limited“.
Microsoft has warned of a zero-day vulnerability in Windows (https://www.securitylab.ru/news/506107.php)

SecurityLab, [24.03.20 08: 20]
The Central Bank of the Russian Federation has developed and recommended measures for financial companies and organizations to ensure the cybersecurity of employees in the context of the coronavirus pandemic (COVID-2019).

These measures will help minimize the risk of errors during money transfers, transactions, maintaining Bank accounts of individuals and legal entities, withdrawing cash from ATMs, and so on.
The Bank of Russia has issued recommendations on cybersecurity in the context of coronavirus (https://www.securitylab.ru/news/506108.php)

SecurityLab, [24.03.20 09: 15]
Due to the change in the release schedule for Chrome, Google decided to skip Chrome 81, abandon Chrome 82 and „jump“ immediately to Chrome 83. Earlier, the manufacturer temporarily suspended the release of new versions of Chrome and Chrome OS, because of the coronavirus pandemic, developers are forced to work at home.
Google will skip Chrome 82 and release Chrome 83 immediately (https://www.securitylab.ru/news/506113.php)

SecurityLab, [24.03.20 10:25]

The Federal security service of the Russian Federation stopped the activities of a cybercrime group engaged in the sale of stolen Bank card data.

The FSB suppressed the activities of the carder group (https://www.securitylab.ru/news/506120.php)

SecurityLab, [24.03.20 10: 35]

Cybercriminals tried to get into the computer systems of the world health organization (WHO) in early March this year.

According to who Director of information security Flavio Aggio, the identity could not be established, and their attempt was unsuccessful.

Hacking attempts against the organization and its partners have increased sharply as they fight the coronavirus pandemic, the Reuters news Agency reported.

Cyber criminals are trying to hack into the system who (https://www.securitylab.ru/news/506121.php)

SecurityLab, [24.03.20 10: 40]

Due to the possibility of spreading the COVID-19 coronavirus pandemic, with care for the speakers and participants, the organizers decided to hold an intensive online event, which will allow everyone involved in the event to remain safe, while attending each report and master class.

There will be 6 days, 6 thematic streams and as many as 24 master classes with well-known experts.

You can register at the link: https://clck.ru/MdcEK

For the first time, a training intensive for CISO on managing IB CODE IB PROFI will be held in an online format (https://www.securitylab.ru/news/506122.php)

SecurityLab, [24.03.20 12:10]

Specialists from FireEye warned about the spread of malicious tools with the ability to target automated control systems (ACS).

https://www.cybersicherheit.fraunhofer.de/

Gezielte Weiterbildung: IT-Security in der Wasser- und Stromversorgung

Experts analyzed all the malicious tools for hacking the automated control system released in recent years.

Experts have warned about the spread of tools for hacking automated control systems (https://www.securitylab.ru/news/506127.php)

Abstract: 2010

Automated control systems (ACSs) lie at the heart of industrial and infrastructure systems and, as such, are one of the most critical parts of critical infrastructures. Yet the information security world has largely ignored these systems, and most information security folks seem to think that the protective processes, measures, and mechanisms that apply to general-purpose enterprise computers also apply to ACSs. At the same time, most control systems engineers know almost nothing about information protection and don’t recognize even the potential for the sorts of things that information security professionals consider standard. This mismatch must be addressed, or we’ll be paying the price for it for at least one generation.
Published in: IEEE Security & Privacy ( Volume: 8 , Issue: 5, Sept.-Oct. 2010)

What Acss Do

ACSs run the low-level controls that assure:

  • power grid stability
  • water quality
  • telecommunications system continuity and
  • manufacturing machine tools
  • Programmable logic controllers (PLCs) and other sorts of low-level control systems and
  • circuits provide safety lockouts
  • control pressure and temperature, limit valve settings and
  • slew rates, and
  • manage any number of other critical mechanisms that must remain within engineered parameters to keep things from breaking, exploding, burning, freezing, overflowing, running dry, and you name it.
  • Supervisory control and data acquisition (SCADA) systems typically send commands to and set parameters on other ACSs to provide higher-level control over sets of systems, such as
  • assembly lines
  • power grids
  • water systems, and
  • pipelines
  • These systems both control overall operations and stability and assure that components that operate incorrectly don’t create cascade failures that cause wider-scale outages, damage, or bad output.
src: https://ieeexplore.ieee.org/abstract/document/5601490
in this context.

one will say it again (just in case): NO INTERNET FOR NUCLEAR POWER PLANTS! (EVER!)

SecurityLab, [24.03.20 13: 00]

Cybercriminals hack routers in order to distribute a fake application from the world health organization (WHO), allegedly providing up-to-date information about COVID-19.

Hackers change the DNS settings of the router (D-Link (dlink) and Linksys) so that the user’s browser displays a notification suggesting that they download an application from who, which is actually a Vidar infostiler.

Hackers hack routers and distribute fake COVID-19 Inform app (https://www.securitylab.ru/news/506128.php)

SecurityLab, [24.03.20 14: 55]

While coronavirus infection is spreading rapidly around the world, most countries are taking strict, if necessary, measures to prevent further spread of the infection.

Small and large businesses are looking to move into the digital space, transferring their sales to the online environment and digitizing the workflow with customers.

However, only a few of them are sufficiently prepared to properly address the wide range of cybersecurity and privacy issues.

IB companies will help businesses in the context of the COVID-2019 pandemic (https://www.securitylab.ru/news/506135.php)

SecurityLab, [24.03.20 15:25]

In memcached SOFTWARE, which implements a service for caching data in RAM, a buffer overflow vulnerability was discovered and quickly fixed, allowing the SOFTWARE to fail.

Fixed a buffer overflow vulnerability in memcached (https://www.securitylab.ru/news/506136.php)

SecurityLab, [24.03.20 15: 50]

Tesla car hacked AGAIN: less software is more security

A security researcher under the alias Nullze discovered a vulnerability (CVE-2020-10558) in the Central touch screen of a Tesla Model 3 car.

Exploiting the vulnerability allows an attacker to cause a denial of service state. (DoS)

A vulnerability in Tesla allows you to disable the Central touch screen (https://www.securitylab.ru/news/506137.php)

SecurityLab, [25.03.20 08:05]

Project abuse.ch launched a new service that allows security researchers to share malware samples and additional information about them.

MalwareBazaar allows you to publish only verified samples of known malware, advertising and potentially unwanted SOFTWARE are not allowed to publish.

A new free malware repository has been added to the Network (https://www.securitylab.ru/news/506144.php)

SecurityLab, [25.03.20 08:25]

Kaspersky Lab specialists have discovered a new, previously unknown cybercrime group that is currently targeting industrial facilities in the middle East.

The new APT group is targeting the industrial sector in the middle East (https://www.securitylab.ru/news/506145.php)

SecurityLab, [25.03.20 09: 00]

Back in 2017, WhatsApp received a two-factor authentication mechanism designed to provide an additional level of security for millions of messenger users.

However, as recently discovered, there is a serious flaw in the implementation of this mechanism.

WhatsApp stores codes for 2FA in plain text (https://www.securitylab.ru/news/506148.php)

SecurityLab, [25.03.20 09: 50]

tor: javascript is bad for privacy! (please completely disable it per default)

The developers of the Tor browser have again fixed a vulnerability that allowed JavaScript scripts to run on websites, even if the program was running in the safest mode.

Tor again fixes a vulnerability that deanonymizes users (https://www.securitylab.ru/news/506149.php)

SecurityLab, [25.03.20 10: 15]

Microsoft has announced that it will stop releasing optional updates for Windows 10 starting in may 2020.

This step is dictated by Microsoft’s desire to avoid problems that may occur after installing updates, and to protect system administrators from additional workload, forced to work in quarantine due to the coronavirus pandemic.

Microsoft will suspend the release of optional updates for Windows 10 (https://www.securitylab.ru/news/506153.php)

SecurityLab, [25.03.20 11: 40]

The Federal service for technical and export control (FSTEC) of Russia has issued recommendations for operators of critical information infrastructure (CII) facilities to ensure remote operation in the context of a coronavirus pandemic.

FSTEC has developed recommendations for remote work with CII (https://www.securitylab.ru/news/506158.php)

SecurityLab, [25.03.20 13: 50]

Forallsecure specialist Guido Vranken has published details about a critical vulnerability he previously discovered in OpenWrt.

details: CVE-2020-7982 exist in the package Manager OPKG in OpenWrt.

In the process of executing the command opkg install on the victim’s system, the attacker can perform an attack „man in the middle“. An attacker can intercept the transmitted data in order to remotely execute arbitrary code, deception forcing the system to install a malicious package, or malicious updates without proper verification.

As explained by Vranken, if the test amount contains spaces, OPKG in vulnerable versions of OpenWrt do not validate the integrity of the downloaded package and immediately goes to installation.

A critical vulnerability has been fixed in OpenWrt (https://www.securitylab.ru/news/506164.php)

SecurityLab, [25.03.20 14: 35]

A team of researchers analyzed one of the features of the Android operating system that may pose a threat to user privacy.

According to the research results, a large number of popular Android apps today use Installed Application Methods (IAM)

a set of Android API calls that allow app developers to get a list of other apps installed on the device.

GNU Linux + Closed Source Google Libraries = Privacy Problem

that is why one does not have Google Play store installed AT ALL X-D

Details: Initially, these calls allow developers to detect the incompatibility of the application, or configure the interaction with other programs. But scientists said that IAM is also used to track and identify users, creating privacy risks.

A team of four scientists from universities in Switzerland, Italy and the Netherlands analyzed thousands of applications for Android-devices and their code for AIM calls. The researchers analyzed 14 342 popular Android app in the Google Play Store as well as 7 886 apps for Android, whose source code was published online. According to researchers, the use of IAM is quite common in commercial applications: of 30.29% (4 214) apps in the Play Store implement the IAM calls in your code. For open source this number amounted to only 2.89 per cent (228 applications).

Danger to user privacy stems from the fact that the advertiser may determine the interests and personal qualities (for information about the box known languages, religious beliefs and age) by analyzing the list of installed user applications. In addition, users can protect themselves from tracking the digital fingerprint of the browser-based IAM, as the application does not need to request permission from the user to implement these calls. In addition, many calls IAM also carried out without the knowledge of the application developer.

As noted by experts, almost half of all recorded IAM challenges, like in Play Store and apps open source, was associated with packageName, which retrieves a list of locally installed applications. Others were used to obtain technical information about the application, such as signatures, program version, last update time or the version numbers of the SDK.

According to experts, the majority of IAM calls came from third-party libraries that are added to applications and not from the programs themselves. More than a third of third-party libraries were used for promotional purposes.

As shown by the results of a survey of 70 app developers, many didn’t even know about the implementation of IAM challenges third-party libraries.

Research group calls for Google to limit the use of IAM challenges. According to experts, Google need to set the permission for execution of these calls.

The function in Android allows you to get a list of installed apps (https://www.securitylab.ru/news/506165.php)

SecurityLab, [25.03.20 15: 30]

Hewlett Packard Enterprise (HPE) has warned its users about a bug in the firmware of Serial-Attached SCSI (SAS SSD) solid-state drives, which causes them to stop working after 40 thousand hours (4 years, 206 days and 16 hours).

According to HPE calculations, the first failures in operation should be expected in October of this year.

SAS SSD from HPE again set a „deadline“ for themselves (https://www.securitylab.ru/news/506166.php)

(HP is not the only vendor, who put a timeout into SSDs (tries to increase sales by planned obsolescence = very very evil, boycott HP SSDs from now on))

vendors need to be forced by governments to build high quality long lasting products and abandon planned obsolescence, it’s bad for the planet and mankind (waste of resources).

another example: printer vendors like Brother and many other instead of actually measuring the amount of toner in a cartridge, they simply put „countdown 1000 pages after reinstall“ no matter the toner levels. a lot of toner goes to waste like this.

SecurityLab, [25.03.20 15:55]

Mozilla implements an additional HTTPS Only mode in Firefox 76, in which the browser will only accept encrypted connections, and all unencrypted requests will be redirected to secure pages.

The https Only mode will be added to Firefox 76 (https://www.securitylab.ru/news/506168.php)

admin