Secjuice Squeeze 69
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Andy74, Ross Moore, and Mars Groves.
DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps
A new research has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware.
Read more at thehackernews.com
Cybersecurity firm exposes 5 billion data breach records
In recent news, a cybersecurity analytics firm, Cognyte was found to be responsible for leaving a huge database unsecured which led to more than 5 billion records being exposed online.
Read more at hackread.com
Vulnerabilities in Open Design Alliance SDK Impact Siemens, Other Vendors | SecurityWeek.Com
Eight vulnerabilities discovered in ODA’s Drawings SDK impact products from Siemens and likely other vendors.
Read more at securityweek.com
A security bug in Google’s Android app put users’ data at risk – TechCrunch
Until recently, Google’s namesake Android app, which has more than five billion installs to date, had a vulnerability that could have allowed an attacker to quietly steal personal data from a victim’s device.
Read more at techcrunch.com
XSS flaw in Wire messaging app allowed attackers to ‘fully control’ user accounts
The maintainers of the Wire secure messaging app have patched the software against two security vulnerabilities, one of which could have allowed an attacker to “fully control” user accounts.
Read more at portswigger.net
Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature
Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature | Read latest news headlines on latest news and technical coverage on cybersecurity, infosec and hacking.
Read more at thehackernews.com
Tor Browser fixes vulnerability that tracks you using installed apps
The Tor Project has released Tor Browser 10.0.18 to fix numerous bugs, including a vulnerability that allows sites to track users by fingerprinting the applications installed on their devices.
Read more at bleepingcomputer.com
CSP bypass: How one Chrome XSS bug took 2.5 years and an HTML spec change to fix
The Chromium team has patched a 2.5-year-old bug that made it possible to stage cross-site scripting (XSS) attacks on web pages, even if they had been configured to prevent XSS attacks.
Read more at portswigger.net
NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws
A total of 26 high-severity vulnerabilities affect NVIDIA Jetson chipsets.
Read more at thehackernews.com
Most Developers Never Update Third-Party Libraries in Their Software: Report | SecurityWeek.Com
Most developers never update third-party libraries after including them in their software, a new report from application security company Veracode reveals.
Read more at securityweek.com
Malicious PyPI packages hijack dev devices to mine cryptocurrency
This week, multiple malicious packages were caught in the PyPI repository for Python projects that turned developers' workstations into cryptomining machines.
Read more at bleepingcomputer.com
Darkside RaaS in Linux version
Executive summary AT&T Alien Labs recently analyzed the Linux version of the Darkside ransomware, one of the most active ransomware in the last quarter. Shortly after hitting Colonial Pipeline, Darkside developers announced they would be closing operations. Key Points: Unlike common Linux ransomwares which mostly zip files with a password, Darkside encrypts files using crypto libraries. This likely makes recovery impossible without the encryption key, if properly implemented.
Read more at att.com
SonicWall bug affecting 800K firewalls was only partially fixed
New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched. Tracked as CVE-2020-5135, when exploited, the bug allows unauthenticated remote attackers to execute arbitrary code on the impacted devices.
Read more at bleepingcomputer.com
Sure looks like someone's pirating the REvil ransomware, tweaking the binary in a hex editor for their own crimes
It appears someone is pirating the infamous REvil ransomware by tweaking its files for their own purposes.
Read more at theregister.com
Zephyr RTOS fixes Bluetooth bugs that may lead to code execution
The Zephyr real-time operating system (RTOS) for embedded devices received an update earlier this month that fixes multiple vulnerabilities that can cause a denial-of-service (DoS) condition and potentially lead to remote code execution.
Read more at bleepingcomputer.com
DarkRadiation ransomware targeting RedHat, Debian Linux distributions
Trend Micro cybersecurity researchers have shared findings of a newly identified ransomware strain dubbed DarkRadiation. The ransomware strain is entirely written in Bash, and this aspect makes it difficult for most security software to detect it as a threat.
Read more at hackread.com
Comparitech finds 1 in 5 Google Play Apps for kids violates Children’s Online Privacy Protection Act
Recent research from security and privacy comparison and advice website Comparitech.com, which has looked at children’s apps available through Google Play has found that 1 in 5 breach COPPA rules. Even more worrying is that half of the apps that violate the rules have received a “teacher-approved” badge.
Read more at itsecurityguru.org
VMware Patches Privilege Escalation Vulnerability in Tools for Windows | SecurityWeek.Com
A high-severity vulnerability that VMware patched this week in VMware Tools for Windows could be exploited to execute arbitrary code with elevated privileges.
Read more at securityweek.com
One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account
Attackers could have hacked any Atlassian account using a one-click exploit.
Read more at thehackernews.com
BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models
Researchers disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS.
Read more at thehackernews.com
Remote Access Trojan now targeting schools with ransomware
A Remote Access Trojan is targeting schools and universities with ransomware attacks. Christened ChaChi by the BlackBerry Threat Research and Intelligence SPEAR team, the RAT is being used by operators of the PYSA ransomware, according to a report released by BlackBerry on Wednesday. Specifically, ChaChi has been discovered in data breaches of K-12 schools and higher education facilities in the U.S. as well as the U.K.
Read more at techrepublic.com
MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework - The Record by Recorded Future
The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released today D3FEND, a complementary framework to its industry-recognized ATT&CK matrix.
Read more at therecord.media
From Word to Lateral Movement in 1 Hour
In May 2021, we observed a threat actor conducting an intrusion utilizing the IcedID payloads for initial access. They later performed a number of techniques from host discovery to lateral movement, using RDP and SMB to access the file servers within an enterprise domain.
Read more at thedfirreport.com
What you need to know about Microsoft Windows 11: It will run Android apps
Microsoft on Thursday announced Windows 11, or tried to as an uncooperative video stream left many viewers of the virtual event flummoxed by intermittent transmission gaps in the opening minutes.
Read more at theregister.com
“I’m totally screwed.” WD My Book Live users wake up to find their data deleted
Storage-device maker advises customers to unplug My Book Lives from the Internet ASAP.
Read more arstechnica.com
The Ghosts of Mirai | FortiGuard Labs
As the number of installed IoT devices continues to explode, especially given the current lack of security standards available to protect them, IoT will be a hotbed for malware operations for the foreseeable future, as we have demonstrated in this article. And interestingly, Mirai variants are still very active in terms of attack and development.
Read more at fortinet.com
VMware Patches Critical Vulnerability in Carbon Black App Control | SecurityWeek.Com
VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) running on Windows machines.
Read more at securityweek.com
Vulnerabilities Expose Fortinet Firewalls to Remote Attacks | SecurityWeek.Com
A vulnerability patched recently by Fortinet in its FortiWeb WAF can be exploited to execute arbitrary commands, and it can pose a more serious risk if it’s chained with a misconfiguration and another recently discovered flaw.
Read more at securityweek.com
Ransomware: Now gangs are using virtual machines to disguise their attacks | ZDNet
Ransomware operators are using virtual machines to avoid their unusual network activity being spotted before they deploy their malware.
Read more at zdnet.com
EU wants emergency team for 'nightmare' cyber-attacks
European Commission says recent ransomware attacks on US and Ireland have "focussed mind".
Read more at bbc.com
The Ruthless Hackers Behind Ransomware Attacks on U.S. Hospitals: ‘They Do Not Care’
An Eastern European group known as Ryuk has hit at least 235 facilities, raking in more than $100 million.
Read more at wsj.com
OIG: Medicare Lacks Oversight of Cybersecurity for Medical Devices
An OIG study reveals that Medicare's hospital survey protocol does not address the cybersecurity of networked medical devices.
Read more at healthitsecurity.com