OSN September 27, 2021

Fortify Security Team
Sep 27, 2021

Title: Frustrated Dev Drops Three Zero-Day Vulns Affecting Apple IoS 15 After Six-Month Wait

Date Published: September 24, 2021

https://www.theregister.com/2021/09/24/apple_zeroday/

Excerpt: “The bugs are neat, but unlikely to be widely exploited,” security researcher Patrick Wardle, founder of free security project Objective See and director of research at security biz Synack, told The Register. “Any app that attempted to (ab)use them would need to first be approved by Apple, via the iOS app Store.” “To me, the bigger takeaway is that Apple is shipping iOS with known bugs,” Wardle continued, noting that IllusionOfChaos claims to have reported the bugs months ago. “And that security researchers are so frustrated by the Apple Bug Bounty program they are literally giving up on it, turning down (potential) money, to post free bugs online”.”

Title: Jupyter Infostealer Continues to Evolve and Is Distributed via MSI Installers

Date Published: September 27, 2021

https://securityaffairs.co/wordpress/122627/cyber-crime/jupyter-infostealer-msi-installers.html

Excerpt: “The experts spotted the infostealer during a routine incident response process in October, but according to forensic data earlier versions of the info-stealer have been developed since May. The malware was continuously updated to evade detection and include new information-stealing capabilities; the most recent version was created in early November. At the time of its discovery, the attack chain star wars starting with downloading a ZIP archive containing an installer (Inno Setup executable) masqueraded as legitimate software (i.e. Docx2Rtf). On 8 September 2021, the researchers observed a new delivery chain that was able to avoid detection by using an MSI payload that executes a legitimate installation binary of Nitro Pro 13.”

Title: Conti Makes a New Victim: GSS Ransomware Attack Affecting Major European Call Center Provider

Date Published: September 27, 2021

https://heimdalsecurity.com/blog/gss-ransomware-attack-affecting-major-european-call-center-provider/

Excerpt: “GSS is Covisian’s Spanish and Latin America division, counting among the biggest providers in call center services in Europe. A company’s spokesperson told the same publication mentioned above that the ones behind Conti ransomware conducted the attack on the 18th of September. Normally in Conti operations, data leakage is a common method. However, the spokesperson asserted that no data leakage happened and customers are not impacted. The attack impacted only the GSS network, not the other services Covisian provides in other European states.”

Title: Russian Turla APT Group Deploying New Backdoor on Targeted Systems

Date Published: September 27, 2021

https://thehackernews.com/2021/09/russian-turla-apt-group-deploying-new.html

Excerpt: “This simple backdoor is likely used as a second-chance backdoor to maintain access to the system, even if the primary malware is removed,” the researchers said. “It could also be used as a second-stage dropper to infect the system with additional malware.” Furthermore, TinyTurla can upload and execute files or exfiltrate sensitive data from the infected machine to a remote server, while also polling the command-and-control (C2) station every five seconds for any new commands. Also known by the monikers Snake, Venomous Bear, Uroburos, and Iron Hunter, the Russian-sponsored espionage outfit is known for its cyber offensives targeting government entities and embassies spanning across the U.S., Europe, and Eastern Bloc nations. The TinyTurla campaign involves the use of a .BAT file to deploy the malware, but the exact intrusion route remains unclear as yet.”

Title: New Android Malware Steals Financial Data from 378 Banking and Wallet Apps

Date Published: September 27, 2021

https://thehackernews.com/2021/09/new-android-malware-steals-financial.html

Excerpt: “The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. “The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays,” ThreatFabric’s CEO Cengiz Han Sahin said in an emailed statement. First campaigns involving ERMAC are believed to have begun in late August under the guise of the Google Chrome app. Since then, the attacks have expanded to include a range of apps such as banking, media players, delivery services, government applications, and antivirus solutions like McAfee.”

Title: SonicWall Critical Vulnerability Should Be Patched ASAP

Date Published: September 27, 2021

https://heimdalsecurity.com/blog/sonicwall-critical-vulnerability-should-be-patched-asap/

Excerpt: “An inaccurate file path to a restricted directory limitation is the cause of the SonicWall critical vulnerability. This means that cybercriminals can perform their malicious actions, more specifically deleting arbitrary files from the SMA series appliances without even authenticating. They could do it by bypassing path traversal checks. Then a reset to factory default settings could be performed. This eventually will only lead to hackers having admin access over the targeted host, access that could be achieved via default credentials accessible after the reboot. The score that the Common Vulnerabilities and Exposures (CVE) database attributed to this SonicWall critical vulnerability is 9.1 out of 10. However, there is no confirmation at the present moment that the bug is being exploited.”

Title: Sonicwall Fixes Critical Bug Allowing SMA 100 Device Takeover

Date Published: September 24, 2021

https://www.bleepingcomputer.com/news/security/sonicwall-fixes-critical-bug-allowing-sma-100-device-takeover/

Excerpt: “SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices. The SMA 100 series appliances vulnerable to attacks targeting the improper access control vulnerability tracked as CVE-2021-20034 include SMA 200, 210, 400, 410, and 500v. There are no temporary mitigations to remove the attack vector, and SonicWall strongly urges impacted customers to deploy security updates that address the flaw as soon as possible.”

Title: More Than 130,000 Malicious Ip Addresses Were Blocked During Census 2021: AWS

Date Published: September 26, 2021

https://www.zdnet.com/article/more-than-130000-malicious-ip-addresses-were-blocked-during-census-2021-aws/

Excerpt: “Elisha also boasted that by building a cloud-based contact centre for ABS, it saved over 394,000 people from calling the Census contact centre to request a paper form. Instead, people who called were prompted by an automated agent to enter details such as their Census ID number and their postcode to be verified. “The Census Digital Service achieved high levels of security, reliability, and scale thanks to the serverless architecture built on AWS. The most important benefit of working with AWS is that ABS doesn’t have to worry about building and operating the underlying infrastructure, and ABS can focus on delivering a simple and easy experience for the people of Australia,” ABS CIO Steve Hamilton said.”

Title: Windows 10 Emergency Update Resolves KB5005565 App Freezes, Crashes

Date Published: September 25, 2021

https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-update-resolves-kb5005565-app-freezes-crashes/

Excerpt: “Microsoft has released an emergency fix for freezing and crashing app issues caused by September’s KB5005565  and KB5005101 cumulative updates. With the release of the Windows 10 KB5005101 preview update and the KB5005565 cumulative update, Microsoft states that users may have experienced app freezes, app crashes, and the inability to launch an application. These issues only affected users utilizing the Microsoft Exploit Protection Export Address Filtering (EAF) feature, which is used to detect dangerous operations used by malicious code or exploit modules.”

Title: Ransomware Disrupts Services at Coos County Family Health Services in Berlin

Date Published: September 23, 2021

https://www.unionleader.com/news/crime/ransomware-disrupts-services-at-coos-county-family-health-services-in-berlin/article_722da518-d0c5-54b7-949e-fe0cfcc96502.html

Excerpt: “Hackers struck the Androscoggin Valley Regional Refuse Disposal District this spring, with the district paying an undisclosed amount to get its computer files back, while on Monday hackers targeted Coos County Health Services, which operates two clinics in Berlin and one in Gorham. According to its website, Coos County Family Health Services “has provided comprehensive office-based primary care services for more than 10 years,” including “diagnosis and treatment of acute and chronic illnesses, preventive services, screening, and health education …” In a message posted at 2 a.m. Tuesday on its Facebook page, CCHS offered its “Apologies to our patients and colleagues,” explaining that “Our phone and computer systems have been affected by a ransomware attack. We are working to restore services as quickly as possible”.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...