29-07-202131-07-2021

Security daily (30-07-2021)

FTC's right-to-repair ruling is a small step for security researchers, giant leap for DIY hackers

When the Federal Trade Commission voted unanimously on July 21 to enforce rules against manufacturers who have made it difficult for consumers to fix their own devices, it marked a significant win for the “right-to-repair” movement that includes farmers, hackers and consumer advocates among its ranks. The consumer watchdog agency’s decision to ramp up enforcement actions against illegal right-to-repair restrictions came after Americans, for years, had been limited by legal restrictions that prevented them from fixing technology they already purchased. For instance, manufacturers can withhold repair tools and implement software-based locks that prevent owners from making even simple updates unless they visit a repair shop authorized by the company. That has been the ongoing struggle for John Deere owners, some of whom resorted to hacking their tractors with Ukrainian software in order to fix them. Companies like Apple, as well as industry groups, fought for years against state and federal […] The post FTC's right-to-repair ruling is a small step for security researchers, giant leap for DIY hackers appeared first on CyberScoop. (CyberScoop)

Evidence suggests Russia's SVR is still using 'WellMess' malware, despite US warnings

President Joe Biden urging Vladimir Putin to crack down on cyberattacks coming from within Russian borders doesn’t seem to have convinced the Kremlin to give it up just yet. RiskIQ said in a report Friday that it uncovered active hacking infrastructure that Western governments attributed last summer to the Russian SVR intelligence agency-linked APT29 or Cozy Bear, which it used at the time to try to steal Covid-19 research. Known as WellMess or WellMail, the malware warranted government alerts in July of 2020 from the U.S., U.K. and Canada. In April, the FBI urged organizations to patch five known vulnerabilities that U.S. officials said were the subject of exploitation by the SVR. RiskIQ identified three dozen command and control servers serving WellMess that the company said were under APT29 control.  It focused on the infrastructure after a U.S.-Russia summit where cyberattacks came up. “The activity uncovered was notable given the […] The post Evidence suggests Russia's SVR is still using 'WellMess' malware, despite US warnings appeared first on CyberScoop. (CyberScoop)

S3 Ep43: Apple 0-day, pygmy hippos, hive nightmares and Twitter hacker bust [Podcast]

Latest episode - listen now! (Naked Security)

Vultur Bank Malware Infests Thousands Of Devices

(News ≈ Packet Storm)

Cisco Researchers Spotlight Solarmarker Malware

(News ≈ Packet Storm)

Security Team Finds Crimea Manifesto Buried In VBA Rat

(News ≈ Packet Storm)

Inside The Bitcoin Mine With Its Own Power Plant

(News ≈ Packet Storm)

Experts Uncover Several C&C Servers Linked to WellMess Malware

Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said  (The Hacker News)

Several Malicious Typosquatted Python Libraries Found On PyPI Repository

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. "Lack of moderation and automated security controls in public software repositories allow even inexperienced attackers to use them (The Hacker News)

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor." The campaign — dubbed "MeteorExpress" — has not been linked to any previously identified threat group or to additional attacks, making it the first (The Hacker News)

Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers

An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems. The attacks — dubbed "BazaCall" — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are (The Hacker News)

NSA Warns Public Networks are Hacker Hotbeds

Agency warns attackers targeting teleworkers to steal corporate data. (Threatpost)

Novel Meteor Wiper Used in Attack that Crippled Iranian Train System

A July 9th attack disrupted service and taunted Iran’s leadership with hacked screens directing customers to call the phone of Iranian Supreme Leader Khamenei with complaints. (Threatpost)

29-07-202131-07-2021

/security-daily/ 31-07-2021 23:44:22