OSN FEBRUARY 16, 2021

by | Feb 17, 2021 | Open Source News

Title: Hackers Exploited Centreon Monitoring Software to Compromise It Providers
Date Published: February 16, 2021

https://www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/

Please also see: Sandworm Intrusion Set Campaign Targeting Centreon Systems
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf

Excerpt: “The hackers exploited public-facing Centreon installations to gain access to the underlying system (servers running the CentOS operating system), and used that access to spread laterally through the target organizations’ networks. “The initial compromise method is not known,” ANSSI analysts noted. Once on them, the hackers would equip the compromised Centreon servers with previously known malware: the P.A.S. (aka Fobushell) web shell and the Exaramel (Linux) backdoor.”

Title: Bluetooth Overlay Skimmer That Blocks Chip
Date Published: February 16, 2021

https://securityaffairs.co/wordpress/114625/cyber-crime/bluetooth-overlay-skimmer.html

Excerpt: “As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.”

Title: Microsoft’s Smith: SolarWinds Attack Involved 1,000 Developers
Date Published: February 15,  2021

https://www.bankinfosecurity.com/microsofts-smith-solarwinds-attack-involved-1000-developers-a-15993

Excerpt: “In an interview with CBS News’ “60 Minutes,” Smith said the supply chain attack was “the largest and most sophisticated attack the world has ever seen.”The U.S. federal agencies investigating the attack, which targeted Microsoft and other technology and cybersecurity companies, say it was likely a cyberespionage campaign waged by Russian hackers (see: SolarWinds Attack: Pointing a Finger at Russia). Some investigators have said that Russia’s SVR foreign intelligence service may have been behind the hacking campaign.”

Title: Microsoft Pulls Windows KB4601392 for Blocking Security Updates
Date Published: February 16, 2021

https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-windows-kb4601392-for-blocking-security-updates/

Excerpt: “Microsoft has pulled a problematic Windows servicing stack update (SSU) after blocking Windows 10 and Windows Server customers from installing the security updates released during this month Patch Tuesday. Servicing stack updates are designed to provide fixes to the Windows servicing stack, the component used by the OS to correctly receive and install updates. They can be installed automatically via Windows Update or manually using standalone update packages available through the Microsoft Update Catalog.”

Title: Threat Actors Now Target Docker via Container Escape Features
Date Published: February 16,  2021

https://www.trendmicro.com/en_us/research/21/b/threat-actors-now-target-docker-via-container-escape-features.html

Excerpt: “We saw an attack where cryptocurrency-mining malware searched and killed off other existing cryptocurrency miners in infected Linux systems to maximize their own computing power. This attack showcased the malicious actors’ familiarity with Docker and Redis, as the malware featured in this attack looked for exposed application programming interfaces (APIs) in these platforms. However, we’re currently seeing something completely different — a payload specifically crafted to be able to escape privileged containers with all of the root capabilities of a host machine. It’s important to note that being on Docker doesn’t automatically mean that a user’s containers are all privileged.”

Title: Apple Patches Severe Macos Big Sur Data Loss Bug
Date Published: February 16,  2021

https://www.zdnet.com/article/apple-patches-severe-macos-big-sur-data-loss-bug/#ftag=RSSbaffb68

Excerpt: “For the past few weeks, macOS Big Sur has suffered from a bug that could cause serious data loss. The bug was introduced in Big Sur 11.2, and it made its way into the 11.3 data. The bug comes down to the macOS Big Sur installer not checking if the Mac has the required free space available to carry out an upgrade. The upgrade runs into problems, and if that isn’t bad enough, if the user’s Mac was encrypted using FileVault, then the user is locked out of their data.”

Title: This Phishing Email Promises You a Bonus – but Actually Delivers This Windows Trojan Malwar
Date Published: February 16,  2021

https://thehackernews.com/2021/02/secret-chat-in-telegram-left-self.html

Excerpt: “The backdoor has been used in attacks targeting industries including healthcare, technology, manufacturing and logistics across North America and Europe. Researchers have linked it to the developers of Trickbot, one of the most common forms of malware for criminal hackers looking to gain entry to networks.”

Title: Malvertisers Exploited Browser Zero-Day to Redirect Users to Scams
Date Published: February 16,  2021

https://www.bleepingcomputer.com/news/security/malvertisers-exploited-browser-zero-day-to-redirect-users-to-scams/

Excerpt: “The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. During their campaigns over the past three months, the number of malicious ad impressions served in a day recorded spikes as high as 16 million. ScamClub malvertisers are notorious for their noisy tactics that consist of flooding the ad ecosystem with malicious ads hoping that a smaller percentage goes through.”

Title: Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware
Date Published: February 16,  2021

https://threatpost.com/unpatched-android-app-billion-downloads-malware/163976/

Excerpt: “An Android app that’s been downloaded more than 1 billion times is riddled with flaws that can let attackers hijack app features or overwrite existing files to execute malicious code, or launch man-in-the-disk (MiTD) attacks on people’s devices, researchers discovered. The flaws exist in an app called SHAREit, which allows Android app users to share files between friends or devices. They were identified and reported to the app maker three months ago by researchers at Trend Micro. However, the flaws remain unpatched, according to a report posted online Monday. Softonic, a company based in Barcelona, Spain, is the app’s developer and distributor.”

Title: How One Man Silently Infiltrated Dozens of High-Tech Networks
Date Published: February 16,  2021

https://nakedsecurity.sophos.com/2021/02/16/how-one-man-silently-infiltrated-dozens-of-high-tech-networks/

Excerpt: “In Birsan’s research, he found numerous cases where source code published by a variety of major vendors, including Apple, Microsoft, Telsa, Uber, Yelp and dozens of others, contained clearly documented dependencies on internal (company-created) packages written in a variety of different languages. As you can imagine, these internal packages – ones that weren’t available in public repositories like PyPi, Gems and the NPM archives – had internal names, for example because the functions they performed would never be needed in other software and would therefore be no use to anyone else.”