Security daily (18-08-2021)

Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers

Apple has reignited a legal battle with Corelluim days after settling with the security firm over an ongoing lawsuit against the company for providing a virtual environment for security researchers that recreates its operating system. Apple on Tuesday filed an appeal of a December ruling in which a judge dismissed an argument that Corellium had infringed Apple’s copyright by offering researchers a simulated environment that emulates Apple’s iOS software. The environment allows researchers to hunt for bugs via a controllable browser that can be rebooted, instead of jailbreaking an actual iPhone. It’s the latest update in a case that could have enormous implications for the ability of private researchers and academics to probe major technologies for dangerous flaws without the risk of legal retaliation. The move follows reassurances by Apple that it would rely on security researchers to help vet its controversial new system for scanning child sexual abuse imagery. […] The post Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers appeared first on CyberScoop. (CyberScoop)

How trust, connection and understanding can shape the future of cyber

Tim Li is a principal at Deloitte Risk & Financial Advisory and Deloitte & Touche LLP and leads Deloitte’s Strategic Growth Cyber portfolio for federal, state and local governments and higher education institutions. Cybersecurity incidents continue to make headlines, challenging public agencies in the US to modernize cybersecurity defenses to protect citizens and the country.  The recent Executive Order (EO) on Improving the Nation’s Cybersecurity calls for the federal government to “improve its efforts to identify, deter, protect against, detect and respond to these actions and actors.” As cyber challenges evolve in complexity and scale, they create multi-faceted challenges for government.  So, while the EO lays out a solid foundation of recommendations, organizations should also take heed of the following considerations as they evolve their future cyber thinking: Enable trust as the foundation for collaboration. The EO calls for the private sector to share information with government to improve overall […] The post How trust, connection and understanding can shape the future of cyber appeared first on CyberScoop. (CyberScoop)

Ohio man pleads guilty to role in $300-million cryptocurrency laundering service

A 38-year-old Ohio man has pleaded guilty to his role in a cryptocurrency laundering service that moved some $300 million on behalf of dark web marketplaces and other clients, the Justice Department said Wednesday. Larry Dean Harmon admitted to running Helix, a popular service for concealing the source of bitcoin transactions, from 2014 to 2017. Helix allegedly worked with AlphaBay, a notorious $1 billion marketplace for hacking tools and drugs that security researchers recently warned could be coming back online. Harmon faces up to 20 years in prison and a $500,000 fine, according to the Justice Department. A lawyer for Harmon could not be reached for comment. As part of his plea deal, Harmon agreed to forfeit more than $200 million in bitcoin. After a multi-year investigation of Helix, U.S. law enforcement arrested Harmon in his hometown of Akron in February, 2020. The U.S. Treasury’s Financial Crimes Enforcement Network has […] The post Ohio man pleads guilty to role in $300-million cryptocurrency laundering service appeared first on CyberScoop. (CyberScoop)

T-Mobile confirms breach exposed sensitive data of more than 40 million people

T-Mobile confirmed Wednesday that the information of more than 8 million customers as well as 40 million former or potential customers who had applied for credit with the company was compromised in a recent data breach. The hacker accessed customers’ names, dates of birth, Social Security numbers, and driver’s license or ID information from some portion of the 7.8 million subscribers exposed in the breach. No phone numbers, account numbers, passwords, or financial information were compromised for paying customers, according to the company. The company did not say if or how many of those 7.8 million customers were also involved in the credit application breach. Names, phone numbers, and PIN numberss of roughly 850,000 active pre-paid customers were exposed. T-Mobile said it has reset all PINs and will be notifying affected customers. The company said the hacker obtained “additional information from inactive pre-paid accounts accessed through prepaid billing files” from […] The post T-Mobile confirms breach exposed sensitive data of more than 40 million people appeared first on CyberScoop. (CyberScoop)

T-Mobile Says Data On 40 Million People Stolen By Hackers

(News ≈ Packet Storm)

Unpatched Fortinet Bug Allows Firewall Takeovers

(News ≈ Packet Storm)

9to5Mac Writer Paid Source $500 In Bitcoin For Stolen Apple Data

(News ≈ Packet Storm)

HolesWarm Malware Exploits Windows, Linux Servers

(News ≈ Packet Storm)

A Short History of Essay Spam (How We Got from Pills to Plagiarism)

From answering beginner questions like ‘What is SEO spam?’ to breaking down the spammers’ code and exactly how they hide their injections in compromised websites, we have written regularly about spam at Sucuri. If you’ve ever operated a WordPress website you will have certainly seen, at the very least, a litany of spam comments posted on your comments section. Typically what first comes to mind are links to spam sites informing you about cut-price pharmaceuticals that could improve your love life. Continue reading A Short History of Essay Spam (How We Got from Pills to Plagiarism) at Sucuri Blog. (Sucuri Blog)

Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices

A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw (The Hacker News)

BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices

A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed BadAlloc, that was originally disclosed by (The Hacker News)

Iranian Hackers Target Several Israeli Organizations With Supply-Chain Attacks

IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company's clients. The attacks, which occurred in two waves in May and July 2021, have been linked (The Hacker News)

Does a VPN Protect You from Hackers?

A virtual private network (VPN) is the perfect solution for a lot of issues you might experience online- accessing blocked sites, hiding your browsing activity, getting rid of internet throttling, finding better deals, and much more.  But does a VPN protect you from hackers? Is your private information and files safer on the internet with a VPN? How much of a difference does it make in terms of (The Hacker News)

NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware

A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper. Cybersecurity firm Volexity attributed the watering hole attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. (The Hacker News)

Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF

Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands (The Hacker News)

Bogus Cryptomining Apps Infest Google Play

The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads. (Threatpost)

T-Mobile: >40 Million Customers’ Data Stolen

Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection. (Threatpost)

Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks

The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices. (Threatpost)


/security-daily/ 19-08-2021 23:44:22