Security daily (07-07-2021)

Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds

The office in charge of the U.S. military’s 3D printing left designs for defense technology vulnerable to theft by hackers and adversaries, according to a watchdog report made public on Wednesday. If left unfixed, the security gaps could lead to a number of nightmare scenarios, including adversaries stealing military designs, compromising Department of Defense networks or even introducing flaws into design data that could make its way into battlefield products, the report’s authors concluded. Designs included blueprints for protective body armor, tactical vehicle gear, weapons systems brackets and prosthetic body parts, according to the report. The report found that officials were unaware that the systems connected to local networks and the internet. Because the systems were miscategorized, the office failed to conduct a risk assessment required by the department altogether. Officials also failed to monitor removable media entering the systems. The security gaps would have left a plethora of entry […] The post Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds appeared first on CyberScoop. (CyberScoop)

UK judge gives US a shot to appeal denial of Julian Assange's extradition

Britain’s top court has granted the U.S. government a chance to appeal a January decision denying its request to extradite WikiLeaks founder Julian Assange to the United States to face espionage charges. The appeal process comes after a U.K. judge denied U.S. prosecutors’ original request for extradition. Judge Vanessa Baraitser ruled that U.S. prosecutors met the bar for extradition, but she sided with Assange’s lawyers that the WikiLeaks ringleader was likely to commit suicide if sent to a U.S. prison. The appeal will be limited as to whether or not the court was right to deny the extradition on the basis of Assange’s mental health, Bloomberg News reported. Assange faces 18 counts of endangering U.S. national security, including conspiring to obtain and disclose hundreds of thousands of classified and sensitive government documents. He was charged under the Espionage Act for his role in allegedly publishing classified Department of Defense documents […] The post UK judge gives US a shot to appeal denial of Julian Assange's extradition appeared first on CyberScoop. (CyberScoop)

Malware spammers aim to leverage Kaseya ransomware drama in email campaign

First came the ransomware rampage stemming from the breach of Miami-based software firm Kaseya. Now comes a wave of malicious emails seeking capitalize on the rush to find a fix. Security vendor MalwareBytes highlighted the malware spam campaign Tuesday, describing how unidentified attackers send “malspam” messages with both a URL and a file that purports to be a Microsoft update of the Kaseya VSA vulnerability. Clicking on the the link, or “SecurityUpdates.exe,” drops Cobalt Strike on a victim. Cybercriminals have increasingly leveraged that security testing tool for attacks, according to recent research. It’s another example of how cyberattacks can have long tails after their initial infections. The zero-day vulnerability that the ransomware gang REvil apparently used to infiltrate Kaseya systems turned into a way for intruders to access the systems of Kaseya’s managed service provider customers, who provide IT services to a wider range of potential victims. It has turned […] The post Malware spammers aim to leverage Kaseya ransomware drama in email campaign appeared first on CyberScoop. (CyberScoop)

25 bogus Google Play store apps promised to mine cryptocurrency for a fee, scamming wannabe investors

Scammers are pushing fake cryptomining apps in order to make a buck off of victims interested in virtual currency. Security researchers at Lookout identified more than 170 apps that advertise themselves as providing cryptocurrency-mining services on the cloud for a fee. Unlike other popular cryptocurrency scams on mobile, the criminals aren’t seeking to empty a user’s wallet or download malicious software. Instead, the apps simply charge users for a service that doesn’t exist. Similar scams have existed in desktop form for a while, but this is the first time researchers have noticed apps designed to conduct such a fraud. “The apps themselves are really essentially empty shells with what look like purchasing functionalities,” said Christoph Hebeisen, director of security intelligence research at Lookout. “There is no way to tell if there is actually mining going on in the background or not because that happens on the cloud side, that doesn’t […] The post 25 bogus Google Play store apps promised to mine cryptocurrency for a fee, scamming wannabe investors appeared first on CyberScoop. (CyberScoop)

PrintNightmare official patch is out – update now!

Patch now! This security hole could allow almost anyone to take over your whole network from almost any account on almost any computer. (Naked Security)

This Serious WiFi Bug Can Break Your iPhone

(News ≈ Packet Storm)

Russia Hacking Claims Pose Challenge For Biden

(News ≈ Packet Storm)

Hackers Scrape 90,000 GETTR User Emails, Surprising No One

(News ≈ Packet Storm)

Microsoft Releases Emergency Patch For PrintNightmare Bugs

(News ≈ Packet Storm)

Magecart Swiper Uses Unorthodox Concatenation

MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers and selling them on the black market. They remain an ever-growing threat to website owners. We’ve said many times on this blog that the attackers are constantly using new techniques to evade detection. In this post I will go over a case involving one such MageCart group. A Hacked Magento Website Some time ago a client of ours came to us with a heavily infected Magento e-commerce website from where credit card details were being stolen. Continue reading Magecart Swiper Uses Unorthodox Concatenation at Sucuri Blog. (Sucuri Blog)

Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability

Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code (The Hacker News)

[Whitepaper] XDR vs. NDR/NTA – What do Organizations Truly Need to Stay Safe?

Security teams whose organizations are outside the Fortune 500 are faced with a dilemma. Most teams will have to choose between deploying either a network traffic analysis (NTA) or network detection and response (NDR) tool or an endpoint detection and response (EDR) tool to supplement their existing stacks. On the other hand, some organizations are getting the best of both options by switching (The Hacker News)

Critical Sage X3 RCE Bug Allows Full System Takeovers

Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims' business-critical processes and to intercept data. (Threatpost)

MacOS Targeted in WildPressure APT Malware Campaign

Threat actors enlist compromised WordPress websites in campaign targeting macOS users. (Threatpost)

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers' bank-card data. (Threatpost)

Fake Kaseya VSA Security Update Drops Cobalt Strike

Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update along with a SecurityUpdates.exe. (Threatpost)

Why I Love (Breaking Into) Your Security Appliances

David "moose" Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to "pick one lock" to invade an enterprise through them. (Threatpost)

Cloud Cryptomining Swindle in Google Play Rakes in Cash

At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze. (Threatpost)

Microsoft Releases Emergency Patch for PrintNightmare Bugs

The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date. (Threatpost)


/security-daily/ 08-07-2021 23:44:22