BU-CERT – Bournemouth University Computer Emergency Response Team

Privacy concerns on COVID-19 contact tracing applications

Posted on 1 May 2020

We have recently joined over 170 UK researchers and scientists by undersigning a statement enquiring about the contact tracing app developed by NSHX in the UK. Given that UK is among the most surveilled nations, we raise our concerns on the impact such initiative will have in the long run. The European Commission has already issued a recommendation on a common Union toolbox for the use of technology and data to combat and exit from the COVID-19 crisis, in particular concerning mobile applications and the use of anonymised mobility data.

The joint statement is available here.

The mobile version of Valorant is set to release in Summer 2020, anything before that should be considered malware.

Posted on 31 May 2020

From hackread.com

In October 2019, Riot Games announced the launch of a new game named “Valorant“ for June 2020 to be available on Microsoft Windows. A 2-month beta version was also available for certain users which just came to end about a day ago. With this, the statistics reveal that it happened to be very well received with over 3 million players every day.

However, capitalizing on this opportunity, malicious actors have also kicked in their schemes, one which has been uncovered recently by researchers at Doctor Web.

An advanced and unconventional hack is targeting industrial firms

Posted on 31 May 2020

From arstechnica.com

Attackers are putting considerable skill and effort into penetrating industrial companies in multiple countries, with hacks that use multiple evasion mechanisms, an innovative encryption scheme, and exploits that are customized for each target with pinpoint accuracy.

The attacks begin with emails that are customized for each target, a researcher at security firm Kaspersky Lab reported this week. For the exploit to trigger, the language in the email must match the localization of the target’s operating system. For example, in the case of an attack on a Japanese company, the text of the email and an attached Microsoft Office document containing a malicious macro had to be written in Japanese. Also required: an encrypted malware module could be decrypted only when the OS had a Japanese localization as well.

Zoom video chat’s full encryption won’t be a free feature

Posted on 31 May 2020

From cnet.com

Zoom is working on end-to-end encryption to protect privacy on its increasingly popular video chat service, but the company will make it a premium feature not available to free accounts. Alex Stamos, a Zoom security consultant and former chief security officer for Yahoo, told Reuters the company could include exceptions like nonprofits or political dissidents, though.

Zoom encrypts connections between the company’s servers and the devices of people using its service. End-to-end encryption, though, secures connections all the way from each device to every other device on a call. It’s available in some Zoom alternatives, like Apple Facetime.

Russian hackers attacked Poland due to NATO exercises

Posted on 31 May 2020

From ehackingnews.com

The Polish government announced a large-scale information attack by Russia, which is aimed at worsening relations between Warsaw and Washington, as well as the Polish army
Poland announced about hacker attacks on Internet pages and posting false and manipulative information about the NATO exercises Defender Europe 2020 on Polish and foreign resources.
“Poland again became the target of information attacks that coincide with the Kremlin’s actions against the West, especially against NATO countries. The organizers of such actions used well-known methods: hacking, spoofing content on web pages, as well as a fake interview with an American General,” said Stanislav Zharin, the speaker of the coordinating Minister in the Government of Poland for Special Services.

ADCollector – A Lightweight Tool To Quickly Extract Valuable Information From The Active Directory Environment For Both Attacking And Defending

Posted on 31 May 2020

From kitploit.com

ADCollector is a lightweight tool that enumerates the Active Directory environment to identify possible attack vectors. It will give you a basic understanding of the configuration/deployment of the environment as a starting point.

Notes:
ADCollector is not an alternative to the powerful PowerView, it just automates enumeration to quickly identify juicy information without thinking too much at the early Recon stage. Functions implemented in ADCollector are ideal for enumeration in a large Enterprise environment with lots of users/computers, without generating lots of traffic and taking a large amount of time. It only focuses on extracting useful attributes/properties/ACLs from the most valuable targets instead of enumerating all available attributes from all the user/computer objects in the domain. You will definitely need PowerView to do more detailed enumeration later.

Snaffler: tool for pentesters to help find delicious candy needles

Posted on 31 May 2020

From securityonline.info

Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly, but it’s flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment).

It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an “audit” tool.

EvilApp : Phishing Attack Using An Android Application

Posted on 31 May 2020

From kalilinuxtutorials.com

EvilApp : Phishing Attack Using An Android Application

Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated Instagram sessions.