Security daily (10-08-2021)

Chinese hackers posed as Iranians to breach Israeli targets, FireEye says

Suspected Chinese spies masqueraded as Iranian hackers in a two-year campaign to break into government and telecommunication networks in Israel, security firm FireEye said Tuesday. The alleged Chinese intruders used a hacking tool previously associated with Iranian operatives, and embedded some of their malicious code with Farsi, the predominant language in Iran. It was part of a broader campaign to gather intelligence at organizations in other Middle East and Central Asian countries that has continued this year, according to FireEye. The findings show how spies plant digital evidence in an effort to throw off investigators in the high-stakes world of espionage. The revelations come amid a period of heightened scrutiny of Chinese cyber activity: The U.S. and its European allies in July condemned China’s alleged exploitation of Microsoft software and said that it enabled ransomware attacks. John Hultquist, vice president of threat intelligence at Mandiant FireEye, said the targeting at […] The post Chinese hackers posed as Iranians to breach Israeli targets, FireEye says appeared first on CyberScoop. (CyberScoop)

COVID-19 social media disinformation campaign sought to exploit TikTok, Instagram influencers

A Russia-based disinformation push about COVID-19 vaccines wasn’t a traditional “influence” campaign, so much as it was partially a campaign on “influencers.” The subsidiary of a U.K.-registered marketing firm behind the effort, named Fazze, tried to spoon-feed popular accounts on Instagram, TikTok and YouTube a package of articles and instructions about the Pfizer vaccine, claiming that it obtained information about fatalities following a hack-and-leak operation. Instead, as Facebook outlined in a Tuesday report detailing the campaign, some of those influencers thought the offer was fishy and exposed it on social media. The campaign against Pfizer that began in May traced its beginnings back to November and December of 2020, with the first leg devoted to bashing the AstraZeneca vaccine. Its primary targets were India and Latin America, but to a smaller extent the United States, Facebook said. Facebook said it removed 243 Instagram accounts and 65 Facebook accounts from Russia […] The post COVID-19 social media disinformation campaign sought to exploit TikTok, Instagram influencers appeared first on CyberScoop. (CyberScoop)

NSA watchdog to review agency's actions following Tucker Carlson spying allegations

The National Security Agency’s inspector general said Tuesday that it would conduct a review related to allegations that the agency had improperly surveilled Fox News host Tucker Carlson — allegations the agency has denied. The review will look at NSA’s compliance with legal authorities and procedures related to data collection and analysis, including so-called “unmasking” procedures, in which U.S. officials can request the identity of an American citizen cited in an intelligence document. The probe will cover whether any actions taken by the NSA “were based upon improper considerations,” Inspector General Robert Storch said in a statement. Carlson in June accused the NSA of surveilling in him in a bid to “take this show off the air.” The NSA, whose mission is to collect foreign intelligence, flatly denied the allegation in a June 29 statement. “Tucker Carlson has never been an intelligence target of the agency and the NSA has […] The post NSA watchdog to review agency's actions following Tucker Carlson spying allegations appeared first on CyberScoop. (CyberScoop)

Senate fails to amend cryptocurrency reporting requirements, moving fight to the House

The Senate stopped short Monday of passing an amendment that would have altered language in the current $1 trillion infrastructure bill to narrow the definition of parties that will be required to report cryptocurrency sales to the Internal Revenue Service. Senators failed to reach unanimous consent because of an objection to an unrelated requested attachment to increase military spending. A group of Senate Republicans and Democrats as well as representatives of the Treasury Department had struck a compromise to narrow the language on Monday and had hoped to pass the amendment through unanimous consent. Cryptocurrency industry leaders and privacy experts say that if the current language in the bill goes through it could handicap the emerging technology in the United States and strip privacy from users. “We may very well have to go back and revisit the rules but we shouldn’t just have an overly broad mandate or reporting requirement […] The post Senate fails to amend cryptocurrency reporting requirements, moving fight to the House appeared first on CyberScoop. (CyberScoop)

Home and small business routers under attack – how to see if you are at risk

Practical advice for homes and small businesses, following news that a recently disclosed router bug is actively being exploited by crooks. (Naked Security)

Afrinic Bank Accounts Frozen After R470 Million Damages Claim

(News ≈ Packet Storm)

Hackers Netting Average Of Nearly $10,000 For Stolen Network Access

(News ≈ Packet Storm)

Apple To Refuse Government Demands Of Expanding Scanning

(News ≈ Packet Storm)

Uber Asked Contractor To Allow Video Surveillance In Employee Homes, Bedrooms

(News ≈ Packet Storm)

1M Stolen Credit Cards Hit Dark Web For Free

(News ≈ Packet Storm)

Magento Update Released to Fix Critical Flaws Affecting E-Commerce Sites

Adobe on Tuesday shipped security updates to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition. Of the 26 (The Hacker News)

Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability

Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. The update, which is the smallest release since December 2019, squashes seven Critical and 37 Important bugs in Windows, .NET Core & Visual Studio, Azure, Microsoft Graphics Component, Microsoft (The Hacker News)

Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel

A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019, with the hackers masquerading themselves as Iranian actors to mislead forensic analysis. FireEye's Mandiant threat intelligence arm attributed the campaign to an operator it tracks as "UNC215", a Chinese (The Hacker News)

Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers

Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as CVE-2021-20090 (CVSS score: 9.9), the weakness concerns a path traversal vulnerability in the web interfaces of routers (The Hacker News)

Beware! New Android Malware Hacks Thousands of Facebook Accounts

A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces. Dubbed "FlyTrap," the previously undocumented malware is believed to be part of a family of trojans that employ social engineering tricks to breach Facebook accounts as (The Hacker News)

Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw

Pulse Secure has shipped a fix for a critical post-authentication remote code execution (RCE) vulnerability in its Connect Secure virtual private network (VPN) appliances to address an incomplete patch for an actively exploited flaw it previously resolved in October 2020. "The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to (The Hacker News)

Apple to Scan Every Device for Child Abuse Content — But Experts Fear for Privacy

Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material (CSAM) in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for known child abuse content as they are being uploaded into iCloud Photos, in (The Hacker News)

Connected Farms Easy Pickings for Global Food Supply-Chain Hack

John Deere security bugs could allow cyberattackers to damage crops, surrounding property or even people; impact harvests; or destroy farmland for years. (Threatpost)

Actively Exploited Windows Zero-Day Gets a Patch

Microsoft's August 2021 Patch Tuesday addressed a smaller set of bugs than usual, including more Print Spooler problems, a zero-day and seven critical vulnerabilities. (Threatpost)

eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices

Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendors’ devices that are common in SOHO setups. (Threatpost)

Chaos Malware Walks Line Between Ransomware and Wiper

The dangerous malware has been rapidly developed since June and could be released into the wild soon. (Threatpost)


/security-daily/ 11-08-2021 23:44:24