Cyberspresso: Piping hot threat & attack news… grab a coffee, get updated

An astounding 200M data sets sold on the Dark Web

A Chinese-based hacker group has been selling data of approximately 200 million Japanese users.

IDs, passwords and email addresses, extruded from retail and gaming sites, were just some of the information sources up for grabs, according to FireEye iSIGHT. The fee for the entire data trove was: ¥1,000 CNY ($150.96 USD). More 

Got an insecure website? Chrome is about to alert your viewers

In a final push to cement HTTPS, Google will make Chrome show negative security indicators. Emily Schechter, Chrome Security’s Product Manager: “Users should expect that the web is safe by default, and they’ll be warned when there’s an issue.” “Since we’ll soon start marking all HTTP pages as “not secure”, we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure.” As of October 2018, Google will begin to show the red “Not secure” warning when users enter data on HTTP pages. More

Rapidly evolving Malware moves from Android to cryptocurrency mining and iOS phishing attacks

Roaming Mantis malware, began targeting South East Asia and quickly moved to attack Europe and the Mid-East.

To successfully infect multiple victims, the attackers now work with 27 different languages including Spanish, Chinese, Hebrew and Russian. The page mimics Apple’s website, claiming to be ‘security.app.com’ and asks for user ID, password, card number, card expiration date and CVV of victims. Sources say it’s likely that the attackers have a strong financial motivation and are highly likely to be well funded. More  

New Mirai variant with three exploits to target unpatched IoT devices

Appropriately dubbed “Wicked,” the variant relies on known exploits, as opposed to the previous version which used brute force techniques to compromise devices. When connected to Port 8080, the malware uses a remote code execution (RCE) Netgear exploit which works on DGN1000 and DGN2200 v1 routers. This is the same tool used by the Reaper botnet to compromise target machines. More

 

FCC investigating the LocationSmart app after leaking location permissions of mobile users

App identifies the location of the mobile  users on AT&T, Sprint, T-Mobile and Verizon. 

The company claims it provides the location under legitimate and authorized law but Krebs said the demo tool on the LocationSmart can be used to look-up anyone and track them in real time. The New York Times said the location aggregating industry works with no regulation and has been a government oversight to date. Could this be a ripple effect of GDPR? We would expect more investigations into location and hyper-location based apps that could be mishandling private user data. More 

1st-time Africa cyber security summit to be hosted in Kenya in July

Kenya will be hosting the first African Cyber Defense Summit in July this year.  The summit will be crucial for securing Africa from breaches and attacks that might compromise data, communication and technology.  The government is arranging the summit with support from the African Union and the International Telecommunication Union, in corporation with African Cyberspace Network, NASEBA. Having 78% broadband connectivity, the summit is timely.  CT Secretary Dr. Kate Getao said that Africa must have a Cyber Research institute because the continent has invested heavily in Infosecurity and the Communication and Technology sectors. More