Security daily (22-04-2021)

How to use AWS Secrets & Configuration Provider with your Kubernetes Secrets Store CSI driver

April 23, 2021: We’ve updated the commands in Steps 1 and 5 and in the “Additional Features” section. AWS Secrets Manager now enables you to securely retrieve secrets from AWS Secrets Manager for use in your Amazon Elastic Kubernetes Service (Amazon EKS) Kubernetes pods. With the launch of AWS Secrets and Config Provider (ASCP), you […] (AWS Security Blog)

Stanford student finds glitch in ransomware payment system to save victims $27,000

The hackers behind a nascent strain of ransomware hit a snag this week when a security researcher found a flaw in the payment system and, he says, helped victims save $27,000 in potential losses. Stanford University student and security researcher Jack Cable got a call Wednesday from a family friend, who is a doctor, asking for help because cybercriminals had locked the doctor’s computer. The doctor was preparing to pay the ransom when Cable began looking at the hackers’ payment system, according to Cable. The hackers were demanding 0.01 Bitcoin, or roughly $550 at the time, to unlock the doctor’s files. Cable, who served as a cybersecurity adviser to the Department of Homeland Security during the 2020 election, realized that if he changed one letter from lowercase to uppercase in the “transaction ID” the hackers were using to track payments, the system mistook the input for a victim that had […] The post Stanford student finds glitch in ransomware payment system to save victims $27,000 appeared first on CyberScoop. (CyberScoop)

A botnet named after Prometheus is also exploiting Exchange Server flaws

Sometimes a glaring new software vulnerability is all that scammers need to revive a trusty hacking scheme.  Just days after Microsoft announced that suspected Chinese spies were exploiting bugs in Microsoft Exchange Server software in March, Russian-speaking attackers controlling a botnet, or army of compromised computers, used those vulnerabilities to conduct a series of intrusions at companies in North America, according to incident responders at security firm Cybereason. The hacks, which are among several breaches involving the Exchange Server vulnerabilities, show how the same bugs in widely used software can be used for very different purposes. And the reemergence of the so-called Prometei botnet, named after the Russian word for Prometheus, the Greek god of fire, is a reminder of the many malicious purposes that the zombie computers serve. Cybereason said it was aware of more than a dozen recent hacking incidents involving the Prometei botnet, which the attackers typically use […] The post A botnet named after Prometheus is also exploiting Exchange Server flaws appeared first on CyberScoop. (CyberScoop)

Linux team in public bust-up over fake “patches” to introduce bugs

Embarrassed overreaction or righteous indignation? An academic research group has provoked the Linux crew to ban their whole university! (Naked Security)

S3 Ep29: Anti-tracking, rowhammer problems and IoT vulns [Podcast]

Latest episode - listen now! (Naked Security)

Signal CEO Hacks Cellebrite iPhone Hacking Device Used By Cops

(News ≈ Packet Storm)

Bugs Allowed Hackers To Dox All John Deere Owners

(News ≈ Packet Storm)

Telegram Platform Abused In ToxicEye Malware Campaigns

(News ≈ Packet Storm)

SolarWinds Hack Analysis 56% Boost In Command Server Footprint

(News ≈ Packet Storm)

Researchers Find Additional Infrastructure Used By SolarWinds Hackers

The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, (The Hacker News)

Cost of Account Unlocks, and Password Resets Add Up

There are many labor-intensive tasks that the IT service desk carries out on a daily basis. None as tedious and costly as resetting passwords. Modern IT service desks spend a significant amount of time both unlocking and resetting passwords for end-users. This issue has been exacerbated by the COVID-19 pandemic. Causes of account lockouts and password resets End-user password policies, such as (The Hacker News)

Cybercriminals Using Telegram Messenger to Control ToxicEye Malware

Adversaries are increasingly abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems. "Even when Telegram is not installed or being used, the system allows hackers to send malicious commands and operations remotely via the instant messaging app," said researchers from cybersecurity (The Hacker News)

Facebook Busts Palestinian Hackers' Operation Spreading Mobile Spyware

Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware. The social media giant attributed the attacks to a network connected to the Preventive Security Service (PSS), the security apparatus of the State of Palestine, and another threat actor known as (The Hacker News)

Over 750,000 Users Downloaded New Billing Fraud Apps From Google Play Store

Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform. The findings were reported (The Hacker News)

Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload (The Hacker News)

Mount Locker Ransomware Aggressively Changes Up Tactics

The ransomware is upping its danger quotient with new features while signaling a rebranding to "AstroLocker." (Threatpost)

Spotlight on Cybercriminal Supply Chains

In this Threatpost podcast Fortinet’s top researcher outlines what a cybercriminal supply chain is and how much the illicit market is worth. (Threatpost)

Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns

Even if the app is not installed or in use, threat actors can use it to spread malware through email campaigns and take over victims’ machines, new research has found. (Threatpost)

It’s Easy to Become a Cyberattack Target, but a VPN Can Help

You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN's Cyber Risk Index puts North American and Northern European countries at the top of the target list. (Threatpost)


/security-daily/ 23-04-2021 23:44:23