OSN May 25, 2021

by | May 25, 2021 | Open Source News

Title: New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices

Date Published: May 24, 2021

https://thehackernews.com/2021/05/new-bluetooth-flaws-let-attackers.html

Excerpt: “Our attacks work even when the victims are using Bluetooth’s strongest security modes, e.g., SSP and Secure Connections. Our attacks target the standardized Bluetooth authentication procedure, and are therefore effective against any standard compliant Bluetooth device,” the researchers said.The Android Open Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology, and Red Hat are among the identified vendors with products impacted by these security flaws. AOSP, Cisco, and Microchip Technology said they are currently working to mitigate the issues.”

Title: Apple Fixes MacOS Vulnerability Exploited by XCSSET Malware

Date Published: May 25, 2021

https://heimdalsecurity.com/blog/apple-fixes-macos-vulnerability-exploited-by-xcsset-malware/

Excerpt: “This threat primarily spreads via Xcode projects and maliciously modified applications created from the malware. It is not yet clear how the threat initially enters these systems. Presumably, these systems would be primarily used by developers. These Xcode projects have been modified such that upon building, these projects would run a malicious code. This eventually leads to the main XCSSET malware being dropped and run on the affected system. Infected users are also vulnerable to having their credentials, accounts, and other vital data stolen.”

Title: Iranian Hacking Group Agrius Pretends to Encrypt Files for a Ransom, Destroys Them Instead

Date Published: May 25, 2021

https://www.zdnet.com/article/iranian-hacking-group-agrius-pretends-to-encrypt-files-for-a-ransom-destroys-it-instead/

Excerpt: “The group uses a combination of its own custom toolsets and readily available offensive security software to deploy either a destructive wiper or a custom wiper-turned-ransomware variant.   However, unlike ransomware groups such as Maze and Conti, it doesn’t appear that Agrius is purely motivated by money — instead, the use of ransomware is a new addition and a bolt-on to attacks focused on cyberespionage and destruction.”

Title: New High-Severity Vulnerability Reported in Pulse Connect Secure VPN

Date Published: May 25, 2021

https://thehackernews.com/2021/05/new-high-severity-vulnerability.html

Excerpt: “The flaw, identified as CVE-2021-22908, has a CVSS score of 8.5 out of a maximum of 10 and impacts Pulse Connect Secure versions 9.0Rx and 9.1Rx. In a report detailing the vulnerability, the CERT Coordination Center said the issue stems from the gateway’s ability to connect to Windows file shares through a number of CGI endpoints that could be leveraged to carry out the attack.”

Title: USB Drop Attack

Date Published: May 25, 2021

https://sliitcs2.medium.com/usb-drop-attack-d8dcb8ce2e4a

Excerpt: “This attack is so successful because it takes advantage of humans’ inherent curiosity and/or ability to support others. When there is a device lying around with possibly “juicy” details on it, humans can’t help but grab it to see what’s inside. A successful intruder takes advantage of a victim’s natural interest to convince them to take a USB gadget. When a gadget is taken, the contents are almost always going to be checked by the perpetrator. Attackers will have tempting files or file names within the device to capitalize on the human traits that drew them to the device in the first place.”

Title: The New Group Policies Coming to Windows 10 21h2

Date Published: May 24, 2021

https://www.bleepingcomputer.com/news/microsoft/the-new-group-policies-coming-to-windows-10-21h2/

Excerpt: “As Microsoft continues to develop the Windows 10 21H2 feature update, we can use the preview builds to get a glimpse of the upcoming features, changes, and new group policies coming to the operating system this fall. Microsoft just released Windows 10 21H1 last week, but it was not met with much fanfare as it is not a very exciting release. Windows 10 21H2, also known as the Sun Valley update, is poised to be a much more feature-rich version, with a new UI refresh, DNS-over-HTTPS support, a modern disk management tool, new settings, and more.”

Title: Victims Lose Millions to Healthcare Related E-Crime

Date Published: May 24, 2021

https://www.helpnetsecurity.com/2021/05/25/healthcare-related-ecrime/

Excerpt: “Tactics often include offers for fake insurance cards, health insurance marketplace assistance, stolen health information, or various other scams involving medications, supplements, weight loss products, or diversion/pill mill practices. Criminals usually target victims through spam email, online advertisements, links in forums or on social media, and fraudulent websites.”

Title: Long-Lasting Malware Bot Phorpiex Adapts and Has New Ways of Deployment

Date Published: May 24, 2021

https://heimdalsecurity.com/blog/bot-phorpiex-adapts-new-ways-of-deployment/

Excerpt: “Since recently, when it has been found out that Phorpiex has the capacity to disable Microsoft Defender, Microsoft specialists looked more closely into the botnet and found out that it is “modifying registry keys to disable firewall and antivirus popups or functionality, overriding proxy and browser settings, setting the loader and executables to run at startup, and adding these executables to the authorized application lists.”

Title: Should Paying Ransoms to Attackers Be Banned?

Date Published: May 24, 2021

https://www.bankinfosecurity.com/should-paying-ransoms-to-attackers-be-banned-a-16726

Excerpt: “CNA reported being victimized by a “cybersecurity attack” on March 23 that caused a network disruption and affected certain systems, including corporate email. The attack led the company to disconnect its systems, including taking down its website. CNA later confirmed it had been victimized by ransomware. But CNA has not confirmed it paid a ransom. The company did not immediately reply to a request for comment on the Bloomberg report.”

Title: Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Date Published: May 24, 2021

https://threatpost.com/reservation-system-easy-to-exploit-xss-bug/166414/

Excerpt: “An easy-to-exploit bug impacting the WordPress plugin ReDi Restaurant Reservation allows unauthenticated attackers to pilfer reservation data and customer personal identifiable information by simply submitting a malicious snippet of JavaScript code into the reservation comment field. The bug affects ReDi Restaurant Reservation versions prior to 21.0307, with a patched (v. 21.0426) version of the plugin available for download. The vulnerability (CVE-2021-24299) is a persistent cross-site scripting (XSS) bug. The flaw is not yet rated.”