Cyber Weekly Flash Briefing for 17 April 2020 – More Top Companies Ban Zoom, Microsoft fixes 3 zero-days, 2 being actively exploited, 500,000 Zoom accounts sold online, Sinister new Botnet
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
60 second video version of this week’s flash briefing
More top companies ban Zoom following security fears
As usage of Zoom rises amidst the global pandemic, more companies are telling their staff to stay off the video conferencing service due to security concerns.
Among the latest organisations to block the use of Zoom are German industrial giant Siemens, which sent out an internal circular urging its employees to not use the tool for video conferencing, with Standard Chartered Bank also issuing a similar note to its staff.
The latter has told employees to avoid Google Hangouts, which has also emerged as another popular teleconferencing application in recent weeks.
Read more here: https://www.techradar.com/uk/news/more-top-companies-ban-zoom-following-security-fears
Over 500,000 Zoom accounts sold on hacker forums, the dark web
Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free.
These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The successful logins are then compiled into lists that are sold to other hackers.
Some of these Zoom accounts are offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities. Others are sold for less than a penny each.
Read more here: https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/
Microsoft April 2020 Patch Tuesday fixes 3 zero-days – 2 of which being actively exploited, 15 critical flaws
Microsoft's April 2020 Patch Tuesday fell this week, and with everything going on, it is going to be particularly stressful for Windows administrators.
With the release of the April 2020 security updates, Microsoft has released fixes for 113 vulnerabilities in Microsoft products. Of these vulnerabilities, 15 are classified as Critical, 93 as Important, 3 as Moderate, and 2 as Low.
Of particular interest, Microsoft patched three zero-day vulnerabilities, with two of them being seen actively exploited in attacks.
Users should install these security updates as soon as possible to protect Windows from known security risks.
Read more here: https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2020-patch-tuesday-fixes-3-zero-days-15-critical-flaws/
Hackers Are Selling a Critical Zoom Zero-Day Exploit for £400,000
Hackers are selling two critical vulnerabilities for the video conferencing software Zoom, one for Windows and one for MacOS that would allow someone to hack users and spy on their calls.
The two flaws are so-called zero-days, and are currently present in Zoom’s Windows and MacOS clients, according to three sources who are knowledgeable about the market for these kinds of hacks. The sources have not seen the actual code for these vulnerabilities, but have been contacted by brokers offering them for sale.
Zero-day exploits or just zero-days or 0days are unknown vulnerabilities in software or hardware that hackers can take advantage of to hack targets. Depending on what software they’re in, they can be sold for thousands or even millions of dollars.
Phishing kit prices skyrocketed in 2019 by 149%
The average price of a phishing kit sold on cybercrime markets has gone up in 2019 by 149% according to new findings released this week based on analysis of ads posted on known cybercrime markets and hacking forums.
The average price for phishing kits sold on the cybercrime underground in 2019 has skyrocketed to $304 on average last year, up from only $122 recorded in 2018.
Phishing kit prices rose despite an increase in the number of kit sellers (up by 120%) and the number of phishing kit ads (doubled in 2019).
Of the 16,200 phishing kits identified and tracked in 2019, the most targeted login pages were for Amazon, Google, Instagram, Office 365, and PayPal.
Amazon and PayPal are known targets of phishing operations, as access to both accounts can allow hackers to make fraudulent transactions with victims' funds.
More here: https://www.zdnet.com/article/phishing-kit-prices-skyrocketed-in-2019-by-149/
A Sinister New Botnet Could Prove Nearly Impossible To Stop
Security researchers have discovered an emerging threat that they fear could be nearly unstoppable. This growing botnet has already managed to enslave nearly 20,000 computers.
It is known as DDG, and it’s been lurking in the shadows for at least two years. DDG was first discovered in early 2018.
Back then the nascent botnet had control of just over 4,000 so-called zombies and used them to mine the Monero cryptocurrency. Much has changed since then.
Today’s incarnation of DDG isn’t just five times larger. It’s also much more sophisticated.
One of its distinguishing features is its command and control system. Most botnets are designed around a client/server model. Infected machines listen for instructions from the servers and then carry out their orders.
MSC Data Centre Closes Following Suspected Cyber-Attack
A container shipping company has said malware could be to blame for the closure of one of its data centres last week.
The Mediterranean Shipping Company (MSC) took to Twitter on Good Friday to report a network outage issue affecting the website msc.com, which was still down at time of writing.
The incident, which is thought to have occurred on Thursday, April 9, also brought down the shipping company's myMSC portal.
A message posted from the Twitter account MSC Cargo on April 10 stated: "We are sorry to inform you that http://MSC.com and myMSC are currently not available as we've experienced a network outage in one of our data centers. We are working on fixing the issue."
As a result of the outage, self-service tools for making and managing bookings on MSC ships have ceased to be operational. Alternative booking platforms are available, and customers can still book via email and over the phone.
Read the original article here: https://www.infosecurity-magazine.com/news/msc-suffers-suspected-cyberattack/