Inside Security - November 20th, 2019

Inside Security (Nov 20th, 2019)

Subscribe | View in browser

1. A fake McDonald's advertising campaign is actually a criminal effort to infect machines with the Mispadu banking trojan and steal credit-card and online banking data from victims in Brazil and Mexico. Part of the scheme involves using bogus McDonald's coupons on Facebook, according to an analysis by security firm ESET. When victims click on the links to claim their coupons, they are taken to a fake McDonald's website with a button that, when clicked, infects the machine with malware. The Mispadu trojan includes a keystroke logger and other nefarious tools designed to collect financial information. -- THREATPOST

2. IBM has unveiled a new platform called Cloud Pak for Security to address cybersecurity threats in multicloud and hybrid cloud environments. The platform uses open-source technology that connects security tools without moving data from its original source. It can search and translate security data from different sources and bring together security insights from a corporate multicloud IT environment. "Without this capability, security teams would have to manually search for the same threat indicators (such as a malware signature or malicious IP address) within each individual environment," IBM observed. -- ZDNET

3. The National Security Agency (NSA) warns enterprises about Transport Layer Security Inspection (TLSI) risks while offering suggestions to manage them. TLSI allows enterprises to decrypt traffic, inspect decrypted content for threats, and re-encrypt the traffic before it enters or leaves the network. Some of the risks introduced by TLSI include man-in-the middle attacks, abuse of the certification authority, insider threats, and privacy law violations. Among other things, NSA recommends that breaking and inspecting TLS traffic only be conducted once within the enterprise network and that companies only use independently validated TLSI products. -- BLEEPING COMPUTER

4. The cybercriminal group Lazarus is using a new Mac backdoor variant to attack Korean users with a macro-embedded spreadsheet. The macro runs a PowerShell script that links to three command-and-control servers used by Lazarus. The attackers use an in-the-wild Mac app bundle with a legitimate Adobe Flash Player file and a malicious one. The latter uses the legitimate one to play a decoy SWF video file to hide its malicious routine to separate the entire Mac attack chain. -- TREND MICRO BLOG

5. Five security companies have teamed up with other domestic violence and privacy organizations to form a coalition tackling stalkerware, which abusive domestic partners often use to track victims. Security companies that have joined the Coalition Against Stalkerware include Avira, G Data, Kaspersky Lab, Malwarebytes, and Symantec's NortonLifeLock. The coalition will help victims and educate the public about the dangers of stalkerware, which sends the abuser updates on the victim's location, phone calls, text messages, and photos. The apps are disguised as family tracking apps to avoid detection by antivirus software and app store security review. -- CNET

6. An Illinois man has received a sentence of 13 months in jail and three years of supervised release for operating a DDoS-for-hire services business that resulted in millions of illegal attacks against computer systems in the United States and other countries. The 21-year-old man, Sergiy Usatyuk, will also be required to forfeit $542,925 in proceeds from the criminal enterprise, along with dozens of servers and other computer equipment used in the distributed denial of service (DDoS) attack scheme. Usatyuk pled guilty to one count of conspiracy to cause damage to internet-connected computers for his role in owning, administering, and supporting illegal booter services and booter-related websites that launched DDoS attacks from August 2015 to November 2017. -- KREBS ON SECURITY

7. Attackers have hacked into the Twitter account of British businessman and Brexit backer Arron Banks and downloaded his private direct messages archive and contacts list. The confidential information was uploaded onto file-sharing sites with links posted to the account. Twitter subsequently suspended the compromised account, but not fast enough for Banks. "Twitter were notified 12 hours ago, and despite repeated requests they have taken no action to deactivate the account or remove the illegal data downloads," Banks said in a message distributed by the Leave.EU campaign. -- GRAHAM CLULEY

8. Adobe is ending support for its Acrobat Reader 2015 and Acrobat 2015 software on April 7, 2020. This means that after that date the company will no longer send out security updates. Because of the vulnerabilities regularly found in this software, this could leave users vulnerable after April 7 of next year. Users have two choices: continue to use the 2015 versions of the software even after the end of support, or upgrade to the latest versions of the software. Upgrades come in two varieties: quarterly updates with few extra features or continuous updates with many new features. -- NAKED SECURITY

9. Kaspersky Lab's researchers are making a number of cybersecurity predictions for 2020 based on what they have observed in 2019. They predict false flags by criminal groups will become more sophisticated, ransomware will become more targeted, and new online banking and payment card attack methods will be developed. Meanwhile, researchers also believe attackers will increasingly target mobile devices, networking hardware and other infrastructure, attack methods will become more sophisticated, and the abuse of personal information will expand and include biometrics data and deepfakes. -- SECURELIST

10. Attackers hacked the Monero cryptocurrency website and put malicious wallet files in the place of legitimate ones in order to steal cryptocurrency. The hack was uncovered when someone posted on Github that hashes for the Linux CLI wallet did not match the software developer's hashes. Monero removed the malicious wallet files as soon as it was alerted to the issue. It instructed users to check the hashes of their CLI wallet binaries if they downloaded them on Monday and delete the files that do not match the official versions. -- SECURITYWEEK

Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.

Editor: Sheena Vasani, Inside Dev and Inside Deals writer/curator

Copyright © 2020, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security