Security daily (20-08-2021)

Mozi botnet gets stealthier in infecting Huawei network gateways and other gear

The authors of a prolific internet-of-things botnet called Mozi have developed new capabilities for their malicious software to linger on infected device and avoid detection, Microsoft researchers said Thursday. A botnet is a horde of compromised computers that attackers use to distribute spam or ransomware, or conduct distributed denial of service (DDoS) attacks. The Mozi botnet’s malware now has features catered to networking equipment made by popular vendors Netgear, Huawei and ZTE so that the malicious code lives on when the device is rebooted, according to the research. The features could also make it harder for other malicious hackers to wipe code off of infected devices — malicious-on-malicious activity that is a feature of the scamming ecosystem. For network defenders, it’s an unwelcome development from a botnet that has been used to steal data and conduct DDoS attacks since surfacing in 2019. IBM researchers said last year that Mozi accounted […] The post Mozi botnet gets stealthier in infecting Huawei network gateways and other gear appeared first on CyberScoop. (CyberScoop)

T-Mobile breach climbs to over 50 million people

T-Mobile on Friday announced roughly 6 million additional accounts had data was swiped in a recent hack, bringing the total number of victims of the breach to over approximately 55 million individuals. The revelations come as lawmakers have ramped up scrutiny of the company. An additional 5.3 million subscriber accounts had addresses, names, dates of birth, and phone numbers accessed, T-Mobile said. The company also found that the data of 667,000 more accounts of former T-Mobile customers, including their names, phone numbers, addresses and dates of birth, had been accessed Unlike the first set of customers identified by T-Mobile on Wednesday, none of these additional accounts had their Social Security Numbers or ID information compromised, the company said. The new findings also reveal that phone data, IMEI and IMSIs were also accessed. IMEIs, which are often used for advertising purposes, are a unique fingerprint for a device that cannot be […] The post T-Mobile breach climbs to over 50 million people appeared first on CyberScoop. (CyberScoop)

Facebook, other platforms scramble to secure user accounts in Afghanistan

Facebook rolled out a one-click tool Thursday that will allow users in Afghanistan to lock down their profiles in response to fears that the accounts could be used by the Taliban to target individuals. The measures include preventing user information from being downloaded or seen by anyone who is not friends with the user, as well as removing the search feature from friends lists. The company is also rolling out pop-up alerts on Instagram to help users in Afghanistan protect their accounts. “We’re working closely with our counterparts in industry, civil society and government to provide whatever support we can to help protect people,” Nathaniel Gleicher, Facebook’s head of security, wrote on Twitter. Groups including the Atlantic Council’s Digital Forensic Research Lab and Human Rights Watch have warned that the Taliban is highly skilled with social media and advised anyone in Afghanistan or who has contacts in Afghanistan to make […] The post Facebook, other platforms scramble to secure user accounts in Afghanistan appeared first on CyberScoop. (CyberScoop)

Japanese cryptocoin exchange robbed of $100,000,000

Another week, another cryptocurrency catastrophe. This time, it's "only" $100 million's worth... (Naked Security)

China Passes New Personal Data Privacy Law, To Take Effect Nov. 1

(News ≈ Packet Storm)

Afghanistan: Will Fingerprint Data Point Taliban To Targets?

(News ≈ Packet Storm)

T-Mobile Data Breach Now Affects More Than 50 Million

(News ≈ Packet Storm)

Hackers Steal Nearly $100m In Japan Crypto Heist

(News ≈ Packet Storm)

Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million (The Hacker News)

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, (The Hacker News)

Cybercrime Group Asking Insiders for Help in Planting Ransomware

A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme. "The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the (The Hacker News)

Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways

Mozi, a peer-to-peer (P2P) botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings. "Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks," researchers at Microsoft Security Threat (The Hacker News)

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed

A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019. Tracked as CVE-2021-34730 (CVSS score: 9.8), the issue resides in the routers' Universal Plug-and-Play (UPnP) service, enabling an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart (The Hacker News)

Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang

Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer (The Hacker News)

Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices

A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw (The Hacker News)

BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices

A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed BadAlloc, that was originally disclosed by (The Hacker News)

Web Censorship Systems Can Facilitate Massive DDoS Attacks

Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks. (Threatpost)

Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits

Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organization’s network. (Threatpost)


/security-daily/ 21-08-2021 23:44:22