Security daily (23-04-2021)

Breach at Click Studios-owned password manager left clients exposed for more than 24 hours

For more than 24 hours this week, hackers had unfettered access to the update mechanism for a popular password manager that claims hundreds of thousands of IT professionals as clients, incident responders revealed on Friday. The malicious code found in the Passwordstate software offered the unidentified attackers a potential foothold onto any customer network that downloaded the update during that time. Click Studios, the Australian firm that owns the Passwordstate password manager, claims that 370,000 IT security professional around the world use the software. In addition, 29,000 organizations across sectors such as banking, manufacturing, defense and aerospace are customers, according to the Click Studios website. “We assume this attack could have impacted a large number of these customers,” said CSIS Security Group, the Danish firm that responded to the intrusion. In a year of high-profile supply chain compromises, it’s unclear how severely the incident will rank. But it points to […] The post Breach at Click Studios-owned password manager left clients exposed for more than 24 hours appeared first on CyberScoop. (CyberScoop)

Rights groups ask Supreme Court to review warrantless searches at border

Civil liberties groups on Friday asked the Supreme Court to hear a case challenging the Department of Homeland Security’s warrantless searches of travelers’ electronic devices at U.S. ports of entry and airports. The petition from the Electronic Frontier Foundation and American Civil Liberties Union asks the Supreme Court to overturn a U.S. appeals court’s decision in February that authorizes border agents to search devices without a warrant. The EFF and ACLU sued DHS in 2017 on behalf of 11 U.S. citizens who contended border officers violated their rights when they searched their devices as they re-entered the U.S.   The issue has long been a concern for privacy-minded groups and press advocates. The Committee to Protect Journalists, which does advocacy around the world, warned in 2018 that journalists traveling to the U.S. “should be aware that current practice risks exposing contacts, sourcing and reporting material contained on laptops, phones and […] The post Rights groups ask Supreme Court to review warrantless searches at border appeared first on CyberScoop. (CyberScoop)

Researchers find flaw that leaks email addresses from Apple's AirDrop

AirDrop, the feature built into an estimated 1.5 billion Apple devices, allows Mac and iPhone users to seamlessly share files without the nuisance of USB sticks or finding another network connection. But security researchers this week poked a big hole in that peace of mind by revealing two flaws in AirDrop’s protocol that could allow an attacker to obtain email addresses and phone numbers of nearby devices that are using AirDrop. The concern is the snooping could enable other malicious activity, such as spearphishing of individual Apple users or the sale of bulk personal data to fraudsters. At issue are the “hash values” that Apple uses to hide the contact details of AirDrop users from a third party. Researchers from Germany’s Technical University (TU) of Darmstadt who made the discovery said those values can be easily exposed using brute-force or other attacks. A hacker would need to be in close […] The post Researchers find flaw that leaks email addresses from Apple's AirDrop appeared first on CyberScoop. (CyberScoop)

Twitter alarms users with messages that resembled phishing emails

Twitter sparked a panic among some users that they were the subjects of a phishing attack in what was instead an accidental mass email. The message sent to some Twitter users went out Thursday, asking them to confirm their email addresses by clicking on a button. To many of those users who commented about it on the social media platform, it smelled like a possible phishing attempt. Twitter clarified what had happened later that same evening. “Some of you may have recently received an email to ‘confirm your Twitter account’ that you weren’t expecting,” the company said. “These were sent by mistake and we’re sorry it happened. If you received one of these emails, you don’t need to confirm your account and you can disregard the message.” In the cybersecurity sphere, Twitter usually gains the most attention for its efforts to combat online misinformation, or criticisms about how it’s handling […] The post Twitter alarms users with messages that resembled phishing emails appeared first on CyberScoop. (CyberScoop)

Apple AirDrop has “significant privacy leak”, say German researchers

Researchers say they reported what they consider to be a privacy hole to Apple in 2019, but never heard back. They worked on a fix anyway. (Naked Security)

Learn to Code Today with This $20 Web Development Course

Learning to code is difficult, particularly if you're doing it alone. While coding may be among the most valued job skills in many markets, the education is sometimes inaccessible.

However, the Introduction to Coding with HTML, CSS & JavaScript course provides five hours of introductory content that can get you started coding with some of the most used languages available, and right now, it's on sale for $19.99 — a full 90% off.

For many complex skills, the hardest part is just getting started. The barrier between knowing nothing and knowing enough to learn more can be insurmountable without... more (Null Byte « WonderHowTo)

How to Install Kali Linux as a Portable Live USB for Pen-Testing & Hacking on Any Computer

Kali Linux is the go-to Linux distribution for penetration testing and ethical hacking. Still, it's not recommended for day-to-day use, such as responding to emails, playing games, or checking Facebook. That's why it's better to run your Kali Linux system from a bootable USB drive.

The hacker-friendly Debian-based distro did receive a major update by Offensive Security in late-2019 that changed the default desktop environment from the heavyweight Gnome to a more lightweight Xfce, making Kali more snappy and responsive overall. But we still can't recommend it as your daily driver unless you... more (Null Byte « WonderHowTo)

Malware Operators Use TLS 46% Of The Time When Detected

(News ≈ Packet Storm)

Taiwan Authorities Look Into Apple Supplier Hack

(News ≈ Packet Storm)

Ransomware Is Growing At An Alarming Rate, Warns GCHQ Chief

(News ≈ Packet Storm)

MI5 Tries To Change Image By Opening Up Instagram Account

(News ≈ Packet Storm)

New QNAP NAS Flaws Exploited In Recent Ransomware Attacks - Patch It!

A new ransomware strain called "Qlocker" is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives. First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key. In response to the (The Hacker News)

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm (The Hacker News)

Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that's leveraging the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a connection to a Pulse Secure VPN device. "The threat actor connected to the entity's network via a Pulse Secure virtual private network ( (The Hacker News)

Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware

Judas and the Black Messiah may be a favorite for Best Picture at the 93rd Academy Awards on Sunday, but it's a fave for cybercriminals too. (Threatpost)

Prometei Botnet Could Fire Up APT-Style Attacks

The malware is for now using exploits for the Microsoft Exchange "ProxyLogon" security bugs to install Monero-mining malware on targets. (Threatpost)

5 Fundamental But Effective IoT Device Security Controls

Matt Dunn, the associate managing director for cyber-risk at Kroll, discusses how to keep networks safe from insecure IoT devices. (Threatpost)

REvil’s Big Apple Ransomware Gambit Looks to Pay Off

The notorious cybercrime gang could make out whether or not Apple pays the $50 million ransom by May 1 as demanded. (Threatpost)


/security-daily/ 24-04-2021 23:44:23