Copy

The Daily Ledger 12/03/2019 Edition:

Kali Linux Gets New Desktop Environment & Undercover Theme

By Jai Vijayan Contributing Writer on Dec 02, 2019 07:10 pm

Updates to pen-testing platform are designed to improve performance and user interface, says Offensive Security, maintainer of the open source project.

DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies

By Robert Lemos Contributing Writer on Dec 02, 2019 05:15 pm

The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.

FBI assesses Russian apps may be counterintelligence threat

By Shannon Vavra on Dec 02, 2019 05:14 pm

All mobile apps developed by Russian entities may be counterintelligence threats to the United States, the FBI has assessed in a letter sent to the Senate’s minority leader. “The FBI considers any mobile application or similar product developed in Russia … to be a potential counterintelligence threat, based on the data the product collects, its privacy and terms of use policies, and the legal mechanisms available to the Government of Russia that permit access to data within Russia’s borders,” Jill Tyson, the assistant director for the FBI’s office of congressional affairs, wrote in a letter to Sen. Chuck Schumer, D-NY, that CyberScoop obtained. The bureau’s concerns about Russian counterintelligence operations come in response to an inquiry Schumer sent to the FBI this summer about whether Americans’ data on FaceApp was being provided to the Kremlin. The FBI has assessed that the Russian photo-aging app, which became a viral sensation earlier this […]

The post FBI assesses Russian apps may be counterintelligence threat appeared first on CyberScoop.



StrandHogg Vulnerability Affects All Versions of Android

By Kelly Sheridan Staff Editor, Dark Reading on Dec 02, 2019 04:45 pm

The bug enables malware to pose as any legitimate Android app, letting attackers track messages, photos, credentials, and phone conversations.

Australian and European police shut down access to popular criminal hacking tool

By Sean Lyngaas on Dec 02, 2019 04:26 pm

Australian and European law enforcement officials say they have taken down a remote-access hacking tool that had been sold to 14,500 buyers in 124 countries. The demise of the so-called Imminent Monitor Remote Access Trojan’s (IM-RAT), which officials said had been used to steal personal data from tens of thousands of victims, is a major victory for law enforcement officials in Australia and Europol, the European Union’s law enforcement agency. The invasive RAT gave anyone willing to pay $25 full access to a victim’s machine to steal photographs, passwords, and video footage. Months of investigative work culminated last month in the dismantling of IM-RAT’s infrastructure, and the arrest of 13 of its most prolific users. Where exactly the suspects were arrested was not immediately clear. None were arrested in Australia. “The offenses enabled by IM-RAT are often a precursor to more insidious forms of data theft and victim manipulation, which […]

The post Australian and European police shut down access to popular criminal hacking tool appeared first on CyberScoop.



Microsoft OAuth Flaw Opens Azure Accounts to Takeover

By Lindsey O'Donnell on Dec 02, 2019 04:00 pm

The Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover.

Poll Results: Security Pros Make The (Hypothetically) Ultimate Data Decision

By Edge Editors Dark Reading on Dec 02, 2019 04:00 pm

What if you could protect only one category of your organization's data?

Microsoft Fixes Flaw Threatening Azure Accounts

By Dark Reading Staff on Dec 02, 2019 03:30 pm

Researchers detail a bug they found in some of Microsoft's OAuth 2.0 applications.

Authorities Break Up Imminent Monitor Spyware Organization

By Tara Seals on Dec 02, 2019 02:13 pm

The infrastructure behind a remote access tool (RAT) allowing full remote takeover of a victim machine has been dismantled.

For criminal hackers, Brazilian hotel networks appear to be easy targets

By Sean Lyngaas on Dec 02, 2019 01:14 pm

Cybercriminals have gone on a spree in Brazil’s hospitality industry, infecting the networks of hotels and tourism companies with malware that steals credit card data, according to researchers at Kaspersky. All told, the hackers have struck hospitality organizations in eight states across Brazil, and 20 hotels in that country and others around the world, Kaspersky said last week. Active since 2015, the hackers have stepped up their activity this year.  They are brazenly selling access to hotel networks they’ve breached to whoever is buying.  Some Brazilian criminals tout the extracted credit card data “as high quality and reliable” because it came from a hotel administration system, the researchers wrote in a blog post. The breaches often begin with spearphishing emails in fluent Portuguese to hotel employees. Once clicked, the emails open up malware capable of capturing data that flows downstream during the reservation process from popular sites like Booking.com. The findings underscore Brazil’s longstanding struggles […]

The post For criminal hackers, Brazilian hotel networks appear to be easy targets appeared first on CyberScoop.



Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition

By Ericka Chickowski Contributing Writer on Dec 02, 2019 01:00 pm

Make your favorite security experts laugh with these affordable holiday gifts.

Sharing Is Caring

By Edge Editors Dark Reading on Dec 02, 2019 12:45 pm

Do you do any cybersecurity-related volunteer work?

Preaching blockchain in North Korea gets an American in trouble at home

By Sean Lyngaas on Dec 02, 2019 12:43 pm

An American man has been arrested for allegedly trying to help the North Korean government evade U.S. economic sanctions by using blockchain technology. Virgil Griffith, 36, is accused of traveling to North Korea against the advice of U.S. officials to deliver a presentation on blockchain and cryptocurrency at the DPRK Cryptocurrency Conference in April. There, U.S. officials allege, Griffith interacted with attendees who apparently worked for the North Korean government. The North Koreans allegedly quizzed Griffith about the technical aspects of blockchain, the distributed ledger technology that creates a secure record of transactions and is the backbone of cryptocurrencies such as bitcoin. The American also allegedly discussed how cryptocurrencies could be used to launder money, a keen interest of the North Korean government. Griffith is accused of violating the International Emergency Economic Powers Act (IEEPA), which bars U.S. citizens from exporting goods, services, or technology to North Korea without a license from […]

The post Preaching blockchain in North Korea gets an American in trouble at home appeared first on CyberScoop.



Data from 21M Mixcloud Users Compromised in Breach

By Dark Reading Staff on Dec 02, 2019 12:40 pm

The music streaming service received reports indicating attackers gained unauthorized access to its systems.

Trend Micro finds new mobile malware masquerading as a chat app

By Shannon Vavra on Dec 02, 2019 12:36 pm

A new kind of mobile malware that can steal victim’s personal information, including files and victims’ location data is hidden under the guise of a chat app, according to new research from Trend Micro. Since May, the new mobile malware, which Trend Micro dubs CallerSpy, has appeared on multiple occasions on a phishing site http://gooogle[.]press imitating apps such as Chatrious and Apex App. All users have to do to get infected is click the download button on the site, and then the spyware monitors for commands from the attackers’ command and control server. It appears to only target Android users for now, according to Trend Micro. The company has not discovered any victims, according to its research. CallerSpy, which Trend Micro assesses is a targeted espionage campaign, can collect call logs, text messages, contacts, and files from victims. It can also take screenshots and send them back to the command […]

The post Trend Micro finds new mobile malware masquerading as a chat app appeared first on CyberScoop.



CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies

By Lindsey O'Donnell on Dec 02, 2019 11:46 am

A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems.

Smart TVs: The Cyberthreat Lurking in Your Living Room, Feds Warn

By Tara Seals on Dec 02, 2019 10:33 am

TV takeover, privacy threats, botnet concerns and Wi-Fi network compromise are all big concerns when it comes to connected TVs.

New: State of the Internet: Web Attacks and Gaming Abuse

By Akamai Staff on Dec 02, 2019 10:30 am

Attackers see credential abuse as a low-risk venture with potential for a high payout, at least for now.

3 Modern Myths of Threat Intelligence

By Anton Chuvakin Head of Security Solution Strategy, Chronicle on Dec 02, 2019 10:00 am

More intelligence does not lead to more security. Here's why.

Insecure Database Exposes Millions of Private SMS Messages

By Elizabeth Montalbano on Dec 02, 2019 08:33 am

Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.

Fake Android apps uploaded to Play store by notorious Sandworm hackers

By John E Dunn on Dec 02, 2019 06:23 am

The Russian ‘Sandworm’ hacking group has been caught repeatedly uploading fake and modified Android apps to Google’s Play Store.

Uncle Sam opens arms to friendly hackers

By Danny Bradbury on Dec 02, 2019 06:05 am

All you bug hunters out there are about to get a nice Christmas gift - the US federal government finally wants to hear from you.

Convicted murderer wins ‘right to be forgotten’ case

By Danny Bradbury on Dec 02, 2019 05:42 am

Google must remove details of a convicted murderer from its search results in Europe following a German court ruling, it emerged last week.

TikTok owner to separate company over US national security worries

By John E Dunn on Dec 02, 2019 05:30 am

Chinese-owned video-sharing app TikTok might be under fire from US politicians but it’s not going to go down without a fight.

Monday review – the hot 25 stories of the week

By Naked Security writer on Dec 02, 2019 04:47 am

From a warning from Hewlett Packard Enterprise to Russia's foreign tech anxieties. Get up to date with the top infosec stories of last week.

Recent Articles:

Netflix account freeze – don’t click, it’s a scam!
Amazon Plans Ring Facial Recognition-Based ‘Watch List’, Report
US tightens rules on drone use in policy update
Adobe’s Magento Marketplace suffers data breach
Pressure mounts for federal privacy law with second bill
Share
Tweet
Forward
Share
Copyright © 2019 Box Jump LLC/The Security ledger, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list