DDoS Attacks Skyrocket as Pandemic Bites

The Threatpost published an article on how lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers.

The first half of 2020 saw a significant uptick in the number of distributed denial-of-service (DDoS) attacks compared to the same period last year — a phenomenon that appears to be directly correlated to the global coronavirus pandemic.

Neustar’s Security Operations Center (SOC) saw a 151 percent increase in DDoS activity in the period, including one of the largest and longest attacks that Neustar has ever mitigated – that attack came in at 1.17 terabits-per-second (Tbps), and lasted five days and 18 hours.

Read more on Threatpost


QR Codes Serve Up a Menu of Security Concerns

The Threatpost reported on how QR-codes are becoming a bigger cybersecurity concern in pandemic era.

Quick Response (QR) codes are booming in popularity and hackers are flocking to exploit the trend. Worse, according to a new study, people are mostly ignorant to how QR codes can be easily abused to launch digital attacks.

The reason QR code use is skyrocketing is tied to more brick-and-mortar businesses are forgoing paper brochures, menus and leaflets that could accelerate the spread of COVID-19. Instead they are turning to QR codes as an alternative.

Read more on the Threatpost


Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems

The Threatpost reported on critical vulnerabilities in industrial component used by top ICS vendors like Rockwell Automation and Siemens.

Six critical vulnerabilities have been discovered in a third-party software component powering various industrial systems. Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks – including deploying ransomware, and shutting down or even taking over critical systems.

Read more on the Threatpost


Cryptobugs Found in 300+ Google Play Store Apps

The Threatpost reported on a new dynamic tool developed by Columbia University researchers flagged cryptography mistakes made in more than 300 popular Android apps.

Researchers have discovered more than 300 apps on the Google Play Store breaking basic cryptography code using a new tool they developed to dynamically analyze it.

Academics from Columbia University developed a custom tool, CRYLOGGER, that analyzes Android applications for unsafe use of cryptographic code according to 26 basic cryptography rules. Those rules include avoiding the use of: broken hash functions, bad passwords, reusing passwords multiple times, HTTP URL connections or a “badly-derived” key for encryption.

Read more on the Threatpost


Hackers are Obsessed with Cryptocurrency and It’s Only Intensifying

Cyware Social reported on ever growing interest of hackers to cryptocurrencies

Attacks on cryptocurrency applications and platforms are spreading like wildfire. Recently, admins of Empire Market, the world’s biggest dark web marketplace that allegedly suffered a massive DDoS attack on August 23, could have exited the market pocketing $30 million. Cryptocurrency theft is growing both in terms of frequency of attacks and breadth of targets.

Read more on Cyware Social

 


Joker Spyware Plagues More Google Play Apps

The Threatpost reported on Joker spyware messing with Google Play applications.

Google has deleted six apps from its Google Play marketplace that were infecting users with the Joker malware (a.k.a. Bread).

Together, the apps – which tout functionalities ranging from text messaging to emoji wallpaper – account for nearly 200,000 installs, researchers with Pradeo said in a post this week. As of Wednesday, Google confirmed with Threatpost that all infected applications have been removed from Google Play, but researchers said that they are still installed on the devices of their users, and urged users to immediately delete the apps.

Read more on the Threatpost

 

 


Slack Bug Allows Access to Private Channels, Conversations

The Threatpost reported on a critical Slack bug.

A critical vulnerability in the popular Slack collaboration app would allow remote code-execution (RCE). Attackers could gain full remote control over the Slack desktop app with a successful exploit — and thus access to private channels, conversations, passwords, tokens and keys, and various functions. They could also potentially burrow further into an internal network, depending on the Slack configuration, according to a security report.

The bug (rated between nine and 10 on the CvSS vulnerability-severity scale), was disclosed on Friday, and involves cross-site scripting (XSS) and HTML injection. Slack for Desktop (Mac/Windows/Linux) prior to version 4.4 are vulnerable.

Read further on Threatpost


Enterprise Data Security: It’s Time to Flip the Established Approach

The Threatpost published an article on enterprise data security by Rob Junker.

There’s an old saying when it comes to big undertakings: Don’t boil the ocean. Well, there’s hardly any bigger project in information security than trying to protect corporate data. But the reality is that too many organizations today are, in fact, “boiling the ocean” when it comes to their data-security program. In fact, they have their entire data-security approach backward – especially when it comes to managing data risk within today’s highly collaborative and remote workforce.

Read more on the Threatpost...


Active Malware Campaign Using HTML Smuggling

The Threatpost reported on ongoing malware campaign based on HTML smuggling.

Krishnan Subramanian, security researcher with Menlo Security, told Threatpost that the campaign uncovered on Tuesday, dubbed “Duri,” has been ongoing since July.

It works like this: The attackers send victims a malicious link. Once they click on that link, a JavaScript blob technique is being used to smuggle malicious files via the browser to the user’s endpoint (i.e., HTML smuggling). Blobs, which mean “Binary Large Objects” and are responsible for holding data, are implemented by web browsers.

Read more on the Threatpost


Corporate VPNs in danger as vishing attacks target home workers

SC Media published a report on current situation with cyberattack on remote workers using VPNs to connect to corporate networks.

Multiple hacking gangs are preying on remote workforces and corporate VPNs through vishing attacks that are more efficient, dangerous and ubiquitous than ever, prompting the U.S. government to issue both a warning and advice on how to thwart them.

“The news has spread throughout the hacker community and multiple groups are now doing this,” said Allison Nixon, chief research officer at Unit 221b.

Read more on SC Media