Cyber Bites

Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation. Researchers investigating Microsoft's Windows Hello for Business have discovered new attack vectors, including a persistent Active Directory backdoor that they say current security tools don't detect. Source: Dark Reading

Attackers are reportedly targeting an NGINX/php-fpm vulnerability to infect users of the NextCloud file sync and share service with a recently discovered ransomware called NextCry. Infecting a NextCloud instance is doubly damaging to victims because the affected service begins replacing files stored on their synced-up machines with the newly encrypted versions. Source: SC Magazine

The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords. That didn't take long: stolen user accounts for the new Disney+ streaming service began appearing on Dark Web sites just hours after it went live on November 12. Source: Dark Reading

Macy's has announced that they have suffered a data breach due to their web site being hacked with malicious scripts that steal customer's payment information. This type of compromise is called MageCart attack and consists of hackers compromising a web site so that they can inject malicious JavaScript scripts into various sections of the web site. These scripts then steal payment information that is submitted by a customer. Source: Bleeping Computer

The state government of Louisiana was hit by a ransomware attack today that impacted numerous state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development. The attack was first reported at 11am, after there was a forced shutdown of numerous web sites operated by the state as well as email and Internet services. Source: Bleeping Computer

Google has rolled back an experimental WebContent Occlusion feature that caused major disruption for enterprise users using Chrome in a multi-user terminal server environment. While the issue is now fixed, enterprise admins are furious that this feature was enabled in the first place without their knowledge or permission. For approximately 5 months, Google has been experimenting with a feature called WebContent Occlusion that hides the content of not-visible tabs so that they use less resources and cause...

A new phishing campaign is actively targeting Microsoft Office 365 administrators with the end goal of compromising their entire domain and using newly created accounts on the domain to deliver future phishing emails. The attackers use phishing emails designed to look like they are coming from Microsoft, with the Office 365 logo shown at the top, and delivered using "validated domains" "from a legitimate organization’s Office 365 infrastructure" as PhishLabs found. They also use "Services admin center" as the sender...

Microsoft has announced that they will no longer support the Cortana digital personal assistant app on Android and iOS devices starting in 2020. In support articles for the UK, Australian, and Canadian markets, Microsoft has stated that they will no longer support the Cortana digital assistant apps on iOS and Android stating on January 31st, 2020. Instead, Microsoft will be integrating Cortana into the Microsoft 365 productivity apps. At that time, any Cortana content that was created,...

FedEx says exposed driver database was a 'test system'. US parcel delivery company FedEx has acknowledged that it left an exposed database containing detailed driver and delivery information, but says the infomation was part of a test system. Security researcher Devin Stokes found and responsibly disclosed the open database to FedEx. Once it was removed (after more than a week of trying to get the company's attention), Stokes exclusively shared with El Reg the details on what was within:...

There has been a rampant growth of look-alike domains, which are often used to steal sensitive data from online shoppers. Venafi analysed suspicious domains targeting 20 major retailers in the U.S., U.K., France, Germany and Australia and found over 100,000 look-alike domains that use valid TLS certificates to appear safe and trusted. According to the research, growth in the number of look-alike domains has more than doubled since 2018, outpacing legitimate domains by nearly four...