Security daily (21-07-2021)

Chinese spies are exploiting routers to try hacking French targets, cyber agency says

France’s national cybersecurity agency said on Wednesday that it is contending with a massive campaign by Chinese state-backed hackers targeting French organizations through compromised routers. The Agence nationale de la sécurité des systèmes d’information (French National Agency for the Security of Information Systems), or ANSSI, released forensic information to help French entities to recognize if they had been compromised. The alert did not specify which industries or specific organizations were targets. ANSSI said the APT31 group, sometimes known as Zirconium or Judgment Panda, carried out the reconnaissance. The group’s prior targets include Finland’s parliament, according to a June allegation from the Finnish Security and Intelligence Service, and the presidential campaign of then-contender Joe Biden in 2020, according to Google’s Threat Analysis Group. APT31’s effort in France is “a large intrusion campaign of compromise” that is “still ongoing,” according to an English version of the ANSSI alert. France’s attribution of Chinese hacking […] The post Chinese spies are exploiting routers to try hacking French targets, cyber agency says appeared first on CyberScoop. (CyberScoop)

New legislation would boost the FTC's role in fighting ransomware

A new bill could direct the Federal Trade Commission’s international efforts towards taking on ransomware. Rep. Gus Bilirakis (R-Fla.), the top Republican on the House Energy and Commerce consumer protection subcommittee, filed legislation Tuesday that would require the agency to report the number of ransomware and cyberattack-related complaints it receives, and how it cooperated with international law enforcement to respond to those issues. The new text would update a 2006 law enabling the agency to work with foreign law enforcement agencies on consumer protection issues. Under the amended law, the FTC would also be charged with providing recommendations for legislation and best practices to mitigate and defend against ransomware. The FTC has always played a role in trying to mitigate data breaches and online fraud, including the enforcement of privacy policies and pursuing companies like Equifax for failing to take basic security precautions. It has in the past also offered […] The post New legislation would boost the FTC's role in fighting ransomware appeared first on CyberScoop. (CyberScoop)

Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy

In a series of ransomware payment negotiations last December, operatives from a gang known as “Egregor” alternated from treating their victims with surprising civility, and behaving like cartoonish movie villains. “The Egregor Team wishes you a Merry Christmas and a Happy New Year,” they’d say at intervals of their chat room communications, sometimes in the middle of an extortion back-and-forth. “We wish you wisdom in your decision making and financial stability in this difficult time for us all. Happy Holidays!” In another exchange, they weren’t as kind, threatening to leak victims’ data and publish it on a website as a warning to other organizations that might fall in the group’s crosshairs. “We simply need to determine what category you should be placed in. In the category of those who are ready to negotiate and pay or in the category of scarecrows on our news site,” one exchange read. “It’s not […] The post Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy appeared first on CyberScoop. (CyberScoop)

Pioneering spammer Peter Levashov is sentenced to time served after 33 months

A U.S. judge sentenced a Russian man who built a reputation as a global spam kingpin to time served in prison, over the wishes of prosecutors who hoped the defendant would spend more than a decade behind bars. Peter Levashov, known by the online alias “Severa,” who was arrested in Spain in 2017, faced up to 12 more years in prison after he pleaded guilty to operating one of the largest botnets ever. The botnet, an army of hacked computers used for fraud, was called Kelihos, and primarily trafficked in denial-of-service attacks and email spam. Levashov also admitted to running two other botnets, Storm Worm and Waledac, which prosecutors said sent up to 1.5 billion spam messages a day at its most prolific. A plea deal struck in 2018 pegged the number of estimated losses at $7 million, though such figures are notoriously unreliable. Levashov, a 40-year-old native of St. […] The post Pioneering spammer Peter Levashov is sentenced to time served after 33 months appeared first on CyberScoop. (CyberScoop)

UK man arrested in connection with massive Twitter hack, alleged cyberstalking

Spanish national police arrested a U.K. citizen Wednesday charged by U.S. law enforcement in connection with a July 2020 Twitter hack that compromised over 130 accounts, the Justice Department announced. The 2020 breach compromised dozens of high profile accounts including those of former president Barack Obama, Tesla CEO Elon Musk, Microsoft founder Bill Gates and rapper Kanye West. Attackers gained access to internal account management systems by targeting employees. Twitter changed security practices for its administrative tools after the hack. The suspect, Joseph O’Connor, is also charged with allegedly hacking TikTok and Snapchat user accounts as well as cyberstalking a juvenile. Details about those incidents were not immediately clear. O’Connor is charged by the U.S. District Court of California with nine charges in total, including making extortive and threatening communications. CyberScoop could not immediately locate an attorney for O’Connor to seek comment. Florida teenager Graham Ivan Clark pleaded guilty earlier […] The post UK man arrested in connection with massive Twitter hack, alleged cyberstalking appeared first on CyberScoop. (CyberScoop)

Windows “HiveNightmare” bug could leak passwords – here’s what to do!

Windows "hives" contain registry data, some of it secret. The nightmare is that these files aren't properly protected against snooping. (Naked Security)

Fortinet's Security Appliances Hit By Remote Code Exec Vuln

(News ≈ Packet Storm)

EU Plans To Make Bitcoin Transfers More Traceable

(News ≈ Packet Storm)

MacOS Being Picked Apart By $49 XLoader Data Stealer

(News ≈ Packet Storm)

Why Apple's Walled Garden Is No Match For Pegasus Spyware

(News ≈ Packet Storm)

TSA Announces New Pipeline Security Order

(News ≈ Packet Storm)

Vulnerable Plugin Exploited in Spam Redirect Campaign

Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin installed. In this post I will review a common infection seen as a result of this vulnerability in the wp-user-avatar plugin. Continue reading Vulnerable Plugin Exploited in Spam Redirect Campaign at Sucuri Blog. (Sucuri Blog)

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejsnetserver" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent (The Hacker News)

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple's macOS operating system. The upgraded malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, capture screenshots, record keystrokes, and (The Hacker News)

Several New Critical Flaws Affect CODESYS Industrial Automation Software

Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. The flaws can be turned "into innovative attacks that could put threat actors in position to remotely (The Hacker News)

[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams

Today’s cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can’t prevent these attacks from happening, what can lean security teams look forward to?  Surprisingly, leaner teams have a much greater chance than (The Hacker News)

New Windows and Linux Flaws Give Attackers Highest System Privileges

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. The vulnerability has been nicknamed "SeriousSAM.""Starting with Windows 10 (The Hacker News)

US and Global Allies Accuse China of Massive Microsoft Exchange Attack

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS). In a statement issued by the White House on Monday, the administration said, "with a high degree of (The Hacker News)

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely

The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any (The Hacker News)

Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks. "Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT (The Hacker News)

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. (Threatpost)

Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say

Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change. (Threatpost)

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Misconfigured permissions for Argo's web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers. (Threatpost)

French Launch NSO Probe After Macron Believed Spyware Target

Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware. (Threatpost)


/security-daily/ 22-07-2021 23:44:23