Cyber Weekly Flash Briefing for 28 February 2020 –authenticator codes nabbed on Android, Cisco and Chrome critical vulns, FCA data breach, online backups not good enough
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Android malware can steal Google Authenticator 2FA codes
A new version of the "Cerberus" Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts.
Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that's used as a two-factor authentication (2FA) layer for many online accounts.
Google launched the Authenticator mobile app in 2010. The app works by generating six to eight-digits-long unique codes that users must enter in login forms while trying to access online accounts.
Google launched Authenticator as an alternative to SMS-based one-time passcodes. Because Google Authenticator codes are generated on a user's smartphone and never travel through insecure mobile networks, online accounts who use Authenticator codes as 2FA layers are considered more secure than those protected by SMS-based codes.
Read the full article here: https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/
Cisco patches incoming to address Kr00k vulnerability impacting routers, firewall products
Cisco is working on a set of patches to address a recently-disclosed vulnerability that can be exploited to intercept Wi-Fi network traffic.
The vulnerability, tracked as CVE-2019-15126, has been nicknamed "Kr00k" and was disclosed at the by researchers on Wednesday.
Kr00k is a vulnerability that permits attackers to force Wi-Fi systems into disassociative states, granting the opportunity to decrypt packets sent over WPA2 Personal/Enterprise Wi-Fi channels.
All Wi-Fi enabled devices operating on Broadcom or Cypress Wi-Fi chipsets are impacted
Google Patches Chrome Browser Zero-Day Bug, Under Attack
Google patches zero-day bug tied to memory corruptions found inside the Chrome browser’s open-source JavaScript and Web Assembly engine, called V8.
Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild. The flaw affects versions of Chrome running on the Windows, macOS and Linux platforms.
The zero-day vulnerability, tracked as CVE-2020-6418, is a type of confusion bug and has a severity rating of high. Google said the flaw impacts versions of Chrome released before version 80.0.3987.122. The bug is tied to Chrome’s open-source JavaScript and Web Assembly engine, called V8.
Read the full article here: https://threatpost.com/google-patches-chrome-browser-zero-day-bug-under-attack/153216/
Ransomware victims thought their backups were safe. They were wrong
Ransomware victims are finding out too late that their vital backups are online and also getting encrypted by crooks, warns cyber security agency.
The UK's cyber security agency has updated its guidance on what to do after a ransomware attack, following a series of incidents where organisations were hit with ransomware, but also had their backups encrypted because they had left them connected to their networks.
Keeping a backup copy of vital data is a good way of reducing the damage of a ransomware attack: it allows companies to get systems up and running again without having to pay off the crooks. But that backup data isn't much good if it's also infected with ransomware -- and thus encrypted and unusable -- because it was still connected to the network when the attack took place.
The UK's National Cyber Security Centre (NCSC) said it has now updated its guidance by emphasising offline backups as a defence against ransomware.
Read the full article here: https://www.zdnet.com/article/ransomware-victims-thought-their-backups-were-safe-they-were-wrong/
Data breach at City watchdog FCA exposes records of thousands of complainants
The records of 1,600 people who complained to the City watchdog have been exposed following a major data breach at the regulator.
The Financial Conduct Authority (FCA) mistakenly published the personal records of complainants on its website, where anyone could access the information.
The data was visible between November 2019 and February 2020 and included the records of people who made a complaint between January 2018 and July 2019.
This leaked information included the name of the complainant, the company they represent, the status of the complaint and other information. In some instances addresses and telephone numbers were also visible.
Certain media outlets disclosed that the list contained the names of several high-profile individuals.
Read more here: https://www.telegraph.co.uk/money/consumer-affairs/data-breach-city-watchdog-exposes-records-thousands-complainants/
Hackers are getting better at tricking people into handing over passwords — here's what to look out for, according to experts
Hackers don't break in, they log in.
That mantra, often repeated by security experts, represents a rule of thumb: The vast majority of breaches are the result of stolen passwords, not high-tech hacking tools.
These break-ins are on the rise. Phishing scams — in which attackers pose as a trustworthy party to trick people into handing over personal details or account information — were the most common type of internet crime last year, according to a recent FBI report. People lost more than $57.8 million in 2019 as the result of phishing, according to the report, with over 114,000 victims targeted in the US.
And as phishing becomes more profitable, hackers are becoming increasingly sophisticated in the methods they use to steal passwords, according to Microsoft's Security Research team.
Most of the attackers have now moved to phishing because it's easy
Read the full article here: https://www.businessinsider.com/phishing-scams-getting-more-sophisticated-what-to-look-out-for-2020-2?r=US&IR=T
Government authorities fail to train employees on ransomware detection, prevention
New research suggests that the majority of state and local governments are not rising to the challenge of mitigating ransomware threats. (and it’s not just Government)
The majority of state and local government agencies are failing to prepare their employees to spot cyber attacks or teach them how to handle ransomware incidents in the workplace, new research suggests.
On Thursday, IBM Security released the results of a new study, conducted on its behalf by The Harris Poll, containing responses from close to 700 US local and state employees in IT, education, emergency services, and security departments.
The research, taking place between January and February this year, reveals that only 38% of local and state employees have received any training in general ransomware prevention, which may include learning how to spot phishing attempts, the threat of social engineering, and basic security hygiene in the workplace.