Security daily (26-04-2021)

Hackers have been exploiting 'dangerous' MacOS bug to run malware campaign

Apple has been working for years to protect users from bad applications and developers seeking to exploit unsuspecting users and target them with malware. But hackers recently found a workaround that circumvents even the latest MacOS protections and have been exploiting the flaw, according to researchers. Apple released MacOS Big Sur 11.3 Monday, an update which contains a security update meant to fix the issue, an Apple spokesperson told CyberScoop. Security researcher Cedric Owens originally found the problem, present in MacOS Catalina 10.15 and MacOS Big Sur, in March. Security researcher Patrick Wardle — who also investigated the flaw — said it allowed hackers to get past Apple’s various methods of keeping bad code from users, such as Gatekeeper, File Quarantine or its application notarization review process. All users had to do was double click when presented with a seemingly benign document, a .dmg file, and the hackers then could […] The post Hackers have been exploiting 'dangerous' MacOS bug to run malware campaign appeared first on CyberScoop. (CyberScoop)

Before SolarWinds, US officials say SVR began stealthily targeting cloud services in 2018

U.S. national security agencies on Monday continued their concerted efforts to expose hacking techniques used by the Russian intelligence agency allegedly responsible for a historic cyber-espionage campaign aimed at the U.S. government. The latest public statement from the FBI and the Department of Homeland Security traces the evolution of Russia’s SVR foreign intelligence agency as a formidable cyber adversary capable of exploiting U.S. networks through a range of tools. A turning point, the advisory said, came in 2018 when the FBI saw the SVR begin to target email-based cloud computing resources in a likely effort to conceal the spies’ intelligence collection. The SVR allegedly employed that tactic in the hacking effort that exploited software made by SolarWinds and other vendors to breach nine U.S. government agencies. The bugging of trusted SolarWinds software updates was “a notable departure from the SVR’s historic tradecraft,” the FBI and DHS’s Cybersecurity and Infrastructure Security […] The post Before SolarWinds, US officials say SVR began stealthily targeting cloud services in 2018 appeared first on CyberScoop. (CyberScoop)

Law enforcement delivers final blow to Emotet

Law enforcement officials are taking another stab at taking down Emotet. For years cybercriminals have used Emotet, a botnet or a network of infected computers, to spread ransomware such as Ryuk and other malware around the world. The activity has caught the attention of law enforcement officials around the world who have helped countless victims respond to these kinds of infections. But over the weekend authorities sent a specially crafted file to infected devices that is meant to make it so Emotet is no longer run automatically on infected machines. The action is intended to make it so Emotet’s persistence mechanism is removed and disrupt any existing infections, according to security researchers at Malwarebytes. It’s the last step of an operation targeting Emotet that law enforcement authorities from around the world launched earlier this year. U.S. and European authorities said in January they had taken control of the botnet’s computing […] The post Law enforcement delivers final blow to Emotet appeared first on CyberScoop. (CyberScoop)

Naked Security Live – Just how (un)safe is AirDrop?

Here's the latest Naked Security talk - watch now! (Naked Security)

Enterprise Password Manager Hit In Supply Chain Attack

(News ≈ Packet Storm)

Prominent Security Expert Dan Kaminsky Passes Away At 42

(News ≈ Packet Storm)

Homebrew Fixes Cask Repo GitHub Actions Bug That Would Have Let Anyone Sneak Malicious Code Onto Machines

(News ≈ Packet Storm)

Promotei Botnet Could Fire Up APT-Style Attacks

(News ≈ Packet Storm)

Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby

New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers. "As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger," said a team of academics from the Technical University of Darmstadt, (The Hacker News)

How to Test and Improve Your Domain's Email Security?

No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to send emails on behalf of the company. As a result, (The Hacker News)

Emotet Malware Destroys Itself From All Infected Computers

Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation. The development comes three months after a coordinated disruption of Emotet as part of "Operation Ladybird" to seize control of servers used to run and maintain the malware (The Hacker News)

3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails

A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords. In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the (The Hacker News)

Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux

A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed. The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were handled, resulting in a (The Hacker News)

Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs

Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update mechanism and used it to drop malware on user computers. The breach is said to have occurred between (The Hacker News)

Flubot Spyware Spreading Through Android Devices

The malware is spreading rapidly through ‘missed package delivery’ SMS texts, prompting urgent scam warnings from mobile carriers. (Threatpost)

Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software

The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks. (Threatpost)


/security-daily/ 27-04-2021 23:44:23