Security daily (25-05-2021)

Suspected Iranian hackers pose as ransomware operators to target Israeli organizations

Ever since a 2012 hack that disabled tens of thousands of computers at oil giant Saudi Aramco, suspected Iranian operatives have been known to regularly use data-wiping hacks against organizations throughout the Middle East. Now, one such possible group has been posing as ransomware operators in an effort to conceal the origin of a series of data-wiping hacks against Israeli organizations, according to private-sector investigators. The hackers are demanding extortion fees even when the code they deploy deletes data rather than unlocks it. The findings, published Tuesday by security firm SentinelOne, suggest a growing willingness by certain Iran-linked hacking groups to use tactics associated with financially motivated criminals in order to advance their interests. “Deploying ransomware is a disruptive act that provides deniability, allowing the attackers to conduct destructive activity without taking the full responsibility of those acts,” said Amitai Ben Shushan Ehrlich, a threat intelligence researcher at SentinelOne. SentinelOne […] The post Suspected Iranian hackers pose as ransomware operators to target Israeli organizations appeared first on CyberScoop. (CyberScoop)

TSA to issue cyber directive for pipeline operators following Colonial ransomware attack

Following a ransomware attack on an artery for delivering fuel to the East Coast, the Transportation Security Administration plans to issue a security directive requiring pipeline companies to report hacks to federal authorities, according to multiple people familiar with the matter. The Biden administration’s move to issue mandatory requirements for pipeline operators, where there has previously been only voluntary guidelines, follows the days-long shutdown of Colonial Pipeline by a cybercriminal gang known as DarkSide. Gas stations in multiple states ran low on fuel amid a rash of panic buying, and the federal government issued emergency orders to alleviate any fuel shortages. The TSA directive, expected in the coming days, is another signal from the administration that the status quo for federal cyber requirements for critical infrastructure is untenable. President Joe Biden on May 12 signed an executive order that will require federal contractors to promptly report data breaches following the […] The post TSA to issue cyber directive for pipeline operators following Colonial ransomware attack appeared first on CyberScoop. (CyberScoop)

Ransomware forced Bose systems offline, exposed personal data of 6 former employees

A ransomware intrusion of the computer networks of Bose in March forced some of the electronic giant’s IT systems offline and exposed the personal information of a handful of former employees, the company said in a breach notification letter. Seven weeks into an investigation of the incident, in late April, Bose discovered that hackers had accessed and “potentially exfiltrated” files containing the Social Security numbers and salary information of six former Bose employees based in New Hampshire, according to the statement. Bose could not confirm whether the data was exfiltrated, the company said in a May 19 letter posted to the New Hampshire attorney general’s website. Neither private sector experts nor the FBI have found evidence of the data being sold on the dark web, the letter said. The incident is a reminder that while, high profile ransomware attacks like the one on Colonial Pipeline are impossible to miss, some […] The post Ransomware forced Bose systems offline, exposed personal data of 6 former employees appeared first on CyberScoop. (CyberScoop)

How Hydra, a Russian dark net market, made more than $1 billion in 2020

Russian-speaking dark web bazaar Hydra has dominated the illicit marketplace since 2018, thanks in part to the demise of a rival business as well as its imposition of restrictive policies on sellers, according to research published Tuesday. Hydra administrators have made transactions on the site more difficult to track by forcing users to transact in difficult-to-track Russian currencies, along with regional financial operators and service providers, according to the research. Dark web markets have typically relied on a variety of methods for withdrawing funds, from ATMs to escrow services. It adds up to a headache for law enforcement, potential competitors and other entities with an interest in disrupting Hydra, concludes the joint report by dark web intelligence firm Flashpoint and cryptocurrency-watching software company Chainalysis. Hydra specializes in narcotics sales. “Money laundering trails to Hydra are difficult, near impossible, to trace,” the companies said. “While the illicit trade of narcotics is problematic […] The post How Hydra, a Russian dark net market, made more than $1 billion in 2020 appeared first on CyberScoop. (CyberScoop)

Apple patches dangerous security holes, one in active use – update now!

It's three weeks since last time. Now it's this time, so patch now! (Naked Security)

Eight suspects busted in raid on “home delivery” scamming operation

Some victims of home delivery scams end up with their entire bank accounts drained. Don't get caught out! (Naked Security)

FBI Analyst Indicted For Theft Of Osama bin Laden Threat Intel

(News ≈ Packet Storm)

A Governor's Live Zoom Event Got Hacked With Very Graphic Porn

(News ≈ Packet Storm)

Freenode IRC Staff Resign En Masse After Takeover By Korea's Crown Prince

(News ≈ Packet Storm)

Exploited macOS 0-Day Let Hackers Take Screenshots

(News ≈ Packet Storm)

Google Researchers Discover A New Variant of Rowhammer Attack

A team of security researchers from Google has demonstrated yet another variant of the Rowhammer attack that bypasses all current defenses to tamper with data stored in memory. Dubbed "Half-Double," the new hammering technique hinges on the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed.  "Unlike TRRespass, which exploits the blind spots (The Hacker News)

Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!

VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. Tracked as CVE-2021-21985 (CVSS score 9.8), the issue stems from a lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which is enabled by default in the vCenter Server. "A malicious actor with network (The Hacker News)

Download Ultimate 'Security for Management' Presentation Template

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization.

Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO.

This person is the (The Hacker News)

New High-Severity Vulnerability Reported in Pulse Connect Secure VPN

Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges. "Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user," (The Hacker News)

New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices

Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks. "Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during (The Hacker News)

Threat Actor ‘Agrius’ Emerges to Launch Wiper Attacks Against Israeli Targets

The group is using ransomware intended to make its espionage and destruction efforts appear financially motivated. (Threatpost)

Trend Micro Bugs Threaten Home Network Security

The security vendor's network management and threat protection station can open the door to code execution, DoS and potential PC takeovers. (Threatpost)

Combatting Insider Threats with Keyboard Security

Dale Ludwig, business development manager at Cherry Americas, discusses advances in hardware-based security that can enhance modern cyber-defenses. (Threatpost)

Bose Admits Ransomware Hit: Employee Data Accessed

The consumer-electronics stalwart was able to recover without paying a ransom, it said. (Threatpost)

Pulse Secure VPNs Get Quick Fix for Critical RCE

One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again. (Threatpost)


/security-daily/ 26-05-2021 23:44:22