OSN February 1, 2021

by | Feb 1, 2021 | Open Source News

Title: A New Software Supply-Chain Attack Targeted Millions With Spyware

Date Published: February 1, 2021

https://thehackernews.com/2021/02/a-new-software-supplychain-attack.html

Excerpt: “Cybersecurity researchers today disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. Dubbed “Operation NightScout” by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in Taiwan, Hong Kong.”

Title: Hacker Group Inserted Malware in Noxplayer Android Emulator

Date Published: February 1, 2021

https://www.zdnet.com/article/hacker-group-inserted-malware-in-noxplayer-android-emulator/#ftag=RSSbaffb68

Excerpt: “The attack was discovered by Slovak security firm ESET on January 25, last week, and targeted BigNox, a company that makes NoxPlayer, a software client for emulating Android apps on Windows or macOS desktops. ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company’s official API (api.bignox.com) and file-hosting servers (res06.bignox.com).”

Title: Google Discloses a Severe Flaw in Widely Used Libgcrypt Encryption Library

Date Published: February 1,  2021

https://securityaffairs.co/wordpress/114076/security/libgcrypt-encryption-library-flaw.html

Excerpt: “There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs.” reads the advisory published by Ormandy. “This code in _gcry_md_block_write (part of the generic block buffer abstraction code) assumes that the occupied space in a block buffer cannot exceed the blocksize of the algorithm.”

Title: Nation-States and Their Supply-Chain Attack Strategy

https://www.darkreading.com/threat-intelligence/nation-states-and-their-supply-chain-attack-strategy/d/d-id/1339969

Date Published: February 2, 2021

Excerpt: “It’s clear the SolarWinds incident has rocked the infosec community to its core. While there is still much to be uncovered, the public details indicate attackers inserted code into a third-party IT provider’s services, in order to perpetrate intricate attacks against multiple organizations. This type of incident, commonly referred to as a “supply-chain attack,” has been the cornerstone in some of the biggest security incidents of the past decade.”

Title: Industrial Gear at Risk from Fuji Code-Execution Bugs

Date Published:  January 29,  2021

https://threatpost.com/industrial-gear-fuji-code-execution-bugs/163490/

Excerpt: “Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite are both affected by the vulnerabilities, which all carry a CVSS severity rating of 7.8. The two make up a comprehensive human-machine interface (HMI) system, used to remotely monitor and collect production data in real time, and control a variety of industrial and critical-infrastructure gear. It can be used to interface with various manufacturers’ programmable logic controllers (PLCs), temperature controllers, inverters and so on.”

Title: WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites

Date Published: January 29, 2021

https://threatpost.com/wordpress-pop-up-builder-plugin-flaw-plagues-200k-sites/163500/

Excerpt: “The plugin in question is Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter, from developer Sygnoos. The plugin has been installed on 200,000 WordPress websites. Versions 3.71 and below are affected by the vulnerability (a fix has been issued in version 3.72; and the latest version is 3.73). “The only requirement for exploitation is that the user is logged in and has access to the nonce token,” said researchers with WebArx on Friday. “It is affecting methods which in turn could cause damage to the reputation and security status of the site”.”

Title: Malicious Actors Reserving Their Cyber Attacks for the Hospitality Industry

Date Published:  January 31, 2021

https://www.tripwire.com/state-of-security/security-data-protection/malicious-actors-reserving-cyber-attacks-hospitality-industry/

Excerpt: “Already hard hit by the coronavirus pandemic, hospitality companies must now deal with the increasing threat of cyber attacks that can hurt their reputation as well as lead to large fines from regulators. To keep up with customer demand, enhance convenience and foster a safer environment, many hotels have embraced technological innovations such as biometrics to speed up check-in processes and avoid the hassle of lost room keys. Hotels with smart televisions that allow guests to log in to their existing streaming services are becoming more common as well as public Wi-Fi that is free for all to use. However, the more gateways guests can access to connect to different networks, the more surface area is created for potential cyber attacks.”

Title: CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds

Date Published: February 1, 2021

https://rootdaemon.com/2021/02/01/cisa-says-many-victims-of-solarwinds-hackers-had-no-direct-link-to-solarwinds/

Excerpt: “This is an ongoing response, and we are still working with our government and private sector partners to fully understand this campaign, and to develop and share timely information to mitigate the threat posed by this adversary,” the agency said. CISA’s acting director, Brandon Wales, told The Wall Street Journal last week that roughly 30% of the victims identified by the agency did not have a direct connection to SolarWinds. Wales also said some victims were compromised before SolarWinds started delivering malicious product updates to customers.”

Title: This Malware Hides Behind Free VPN, Pirated Security Software Keys

Date Published: January 29, 2021

https://www.hackread.com/malware-free-vpn-pirated-security-software-keys/

Excerpt: “Proofpoint researchers have discovered a new strain of DanaBot malware. It is being distributed through pirated software keys. The user is tricked into downloading infected software disguised as anti-virus programs, VPNs, and online games. According to researchers, websites offering cracked or pirated versions of the software are distributing the new version of DanaBot, capable of stealing the victim’s online banking credentials.”

Title: Police Using Emotet’s Network to Help Victims

Date Published: January 28, 2021

https://www.bankinfosecurity.com/police-using-emotets-network-to-help-victims-a-15886

Excerpt: “Dutch police, along with law enforcement agencies from the seven other nations that participated in the yearlong operation, have created two tools to help organizations and individuals discover if they have been victimized and then recover. One tool enables a user to check if their email address and password have been compromised by Emotet. The other software tool, which is being pushed out by Netherlands authorities using the captured botnet’s servers, can disconnect infected devices from the botnet.”