Security daily (29-04-2021)

Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says

A hacking group exploited a SonicWall zero-day software flaw before a fix was available in order to deploy a previously unreported ransomware strain, FireEye researchers said Thursday. The disclosure of the ransomware comes one week after FireEye revealed three previously unknown vulnerabilities in SonicWall’s email security software. But the latest hacking tool emerges from an earlier zero-day  found in SonicWall’s mobile networking gear. Mandiant, FireEye’s incident response unit, dubbed the malware FiveHands, which bears similarities to another hacking tool, dubbed HelloKitty, that attackers deployed against a video game company. The security firm linked it to a group they call UNC2447. “UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums,” reads a blog post from the company. “UNC2447 has been observed targeting organizations in Europe and North America and has […] The post Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says appeared first on CyberScoop. (CyberScoop)

Researchers find two dozen bugs in software used in medical and industrial devices

Microsoft researchers have discovered some two dozen vulnerabilities in software that is embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash. The so-called “BadAlloc” vulnerabilities the researchers revealed on Thursday are in code that makes its way into infusion pumps, industrial robots, smart TVs and wearable devices. No less than 25 products made by the likes of Google Cloud, Samsung and Texas Instruments are affected. The research serves as a critique of the coding practices of the designers of billions of so-called “internet of things” devices that are a feature of modern life. There’s no evidence that the vulnerabilities have been exploited, according to Microsoft. But the Department of Homeland Security’s cybersecurity agency issued an advisory urging organizations to update their software. It’s unclear just how many devices are affected by the software bugs, but […] The post Researchers find two dozen bugs in software used in medical and industrial devices appeared first on CyberScoop. (CyberScoop)

NSA warns defense contractors to double check connections in light of Russian hacking

The National Security Agency warned defense contractors in a memo on Thursday to reexamine the security of the connections between their operational technology and information technology in light of recent alleged Russian hacking. The alert, which references the sweeping SolarWinds espionage operation that U.S. officials have blamed on the Russian government, is meant to convince operational technology (OT) owners and operators in the defense industrial base to limit the scope and scale of any potential attack surface for U.S. adversaries to exploit, the NSA said in the alert. “Each IT-OT connection increases the potential attack surface,” the NSA said. “To prevent dangerous results from OT exploitation, OT operators and IT system administrators should ensure only the most imperative IT-OT connections are allowed, and that these are hardened to the greatest extent possible.” The alert comes weeks after the Biden administration formally attributed the recent espionage campaign to hackers working for […] The post NSA warns defense contractors to double check connections in light of Russian hacking appeared first on CyberScoop. (CyberScoop)

Deepfakes advertised on underground markets, signaling possible shift, Recorded Future says

Malicious use of manipulated visual and audio files — technology known as deepfakes — is swiftly migrating toward crime and influence operations, according to findings published Thursday. Threat intelligence company Recorded Future pointed to a recent surge in such activities and a burgeoning underground marketplace that could spell trouble for individuals and companies that use tools like facial identification technology as part of multi-factor authentication. The report mirrors similar conclusions from an FBI alert last month warning that nation-backed hackers would themselves begin using deepfakes more frequently for cyber operations as well as misinformation and disinformation. “We believe that threat actors have begun to advertise customized deepfake services that are directed at threat actors interested in bypassing security measures and to facilitate fraudulent activities, specifically fake voices and facial recognition,” the company’s Insikt Group wrote in a blog post. Recorded Future’s work focuses more on that development in the criminal […] The post Deepfakes advertised on underground markets, signaling possible shift, Recorded Future says appeared first on CyberScoop. (CyberScoop)

Suspected Chinese hackers are breaking into nearby military targets

Chinese hackers with suspected ties to the People’s Liberation Army have been hacking into military and government organizations in Southeast Asia over the course of the last two years, according to Bitdefender research published Wednesday. The Chinese hackers, known as the Naikon group, have been conducting espionage against the organizations and stealing data from the victims since at least June of 2019, the researchers said in a blog post on the campaign. Bitdefender does not identify victims by name in its report. It’s just the latest evidence security researchers have gathered in the last several years that Naikon, which was first exposed in 2015, is still actively conducting espionage years later. Just last year Check Point revealed the suspected Chinese hackers were running a hacking campaign targeting government entities in Australia, Indonesia, the Philippines and Vietnam. Researchers have previously tied the Naikon hackers to China’s PLA, which is host to several […] The post Suspected Chinese hackers are breaking into nearby military targets appeared first on CyberScoop. (CyberScoop)

S3 Ep30: AirDrop worries, Linux pests and ransomware truths [Podcast]

Listen now - latest episode - lots of fun but with a serious (and educational!) side. (Naked Security)

Protect Your Browsing with This 10-Year VPN Subscription

As useful as VPNs are for securing your browsing experience and bypassing frustrating barriers online, it's hard to find the right one among the horde of choices. VPN.asia: 10-Year Subscription is a great choice for a VPN that keeps your browsing safe and smooth, and right now, it's only $79.99.

Featured on CNET, Forbes, TNW, PC Mag, and Business Insider, VPN.asia: 10-Year Subscription packs everything you want in a VPN into an intuitive package. With this VPN, you'll be able to keep your browsing totally anonymous, and the 256-bit encryption will keep everything you do comfortably secure... more (Null Byte « WonderHowTo)

How to Write Your Own Subdomain Enumeration Script for Better Recon

There are tons of tools out there that do all kinds of recon, but it can be hard to narrow down what to use. A great way to be more efficient is by taking advantage of scripting. This doesn't have to mean writing everything from scratch — it can simply mean integrating existing tools into a single, comprehensive script. Luckily, it's easy to create your own subdomain enumeration script for better recon.

Step 1: Install Dependencies

Before we begin, there are a few things we need to install and set up for everything to work properly. First, make sure Go and Subfinder are installed on the... more (Null Byte « WonderHowTo)

Chase Bank Phish Swims Past Exchange Email Protections

(News ≈ Packet Storm)

Google Chrome V8 Bug Allows For Remote Code Execution

(News ≈ Packet Storm)

Paleohacks Leak Exposes Customer Records, Password Reset Tokens

(News ≈ Packet Storm)

Digital Ocean Sprung A Leak With Customer Billing Details

(News ≈ Packet Storm)

How to Find & Fix Mixed Content Issues with SSL / HTTPS

Note: We’ve updated this post to reflect the evolving security standards around mixed content, SSLs, and server access as a whole. With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating on HTTP previously: Mixed content warnings. Today, let’s look at these common errors, what causes them, and how you can fix them. Continue reading How to Find & Fix Mixed Content Issues with SSL / HTTPS at Sucuri Blog. (Sucuri Blog)

A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack. Tracked as CVE-2021-29472, the security issue was discovered and reported on April 22 by researchers from SonarSource, following which a hotfix was (The Hacker News)

LuckyMouse Hackers Target Banks, Companies and Governments in 2020

An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical (The Hacker News)

How to Conduct Vulnerability Assessments: An Essential Guide for 2021

Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing a vulnerability assessment. Read this guide to learn how to perform vulnerability (The Hacker News)

Chinese Hackers Attacking Military Organizations With New Backdoor

Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new (The Hacker News)

Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years

A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate sensitive information from infected systems. Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "the family uses (The Hacker News)

Babuk Ransomware Gang Mulls Retirement

The RaaS operators have been posting, tweaking and taking down a goodbye note, saying that they'll be open-sourcing their data encryption malware for other crooks to use. (Threatpost)

F5 Big-IP Vulnerable to Security-Bypass Bug

The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console. (Threatpost)

Experian API Leaks Most Americans’ Credit Scores

Researchers fear wider exposure, amidst a tepid response from Experian. (Threatpost)

Multi-Gov Task Force Plans to Take Down the Ransomware Economy

A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations. (Threatpost)

COVID-19 Results for 25% of Wyoming Accidentally Posted Online

Sorry, we’ve upchucked your COVID test results and other medical and personal data into public GitHub storage buckets, the Wyoming Department of Health said. (Threatpost)

Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites

The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes. (Threatpost)


/security-daily/ 30-04-2021 23:44:23