Title: Attackers Now Actively Targeting Critical SonicWall RCE bug
Date Published: January 24, 2022
Excerpt: “A critical severity vulnerability impacting SonicWall’s Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts. The bug, found by Rapid7 Lead Security Researcher Jacob Baines, is an unauthenticated stack-based buffer overflow tracked as CVE-2021-20038 that impacts SMA 100 series appliances (including SMA 200, 210, 400, 410, and 500v) even when the web application firewall (WAF) is enabled. Successful exploitation can let remote unauthenticated attackers execute code as the ‘nobody’ user in compromised SonicWall appliances.”
Title: Latest Version of Android RAT BRATA Wipes Devices After Stealing Data
Date Published: January 25, 2022
https://securityaffairs.co/wordpress/127131/cyber-crime/new-android-brata-rat.html
Excerpt: “The new version of the BRATA Android malware supports new features, including GPS tracking and a functionality to perform a factory reset on the device. Security experts at Kaspersky discovered the Android RAT BRATA (the name comes from ‘Brazilian RAT Android’) in 2019, when it was used to spy on Brazilian users. The BRATA RAT was first detected in January 2019 while spreading via WhatsApp and SMS messages. The RAT was delivered through the official Google Play Store and also via unofficial Android app stores. Most of the tainted apps pose as an update to the popular instant messaging application WhatsApp that would address the CVE-2019-3568 flaw in the instant messaging application. Once the malware has infected the victim’s device, it will start keylogging feature, enhancing it with real-time streaming functionality. The malware leverages the Android Accessibility Service feature to interact with other applications installed on the victim’s device.”
Title: MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists
Date Published: January 24, 2022
https://threatpost.com/molerats-apt-spy-bankers-politicians-journalists/177907/
Excerpt: “Malicious files doctored up to look like legitimate content related to the Israeli-Palestine conflict are being used to target prominent Palestinians, as well as activists and journalists in Turkey, with spyware. That’s according to a disclosure from Zscaler, which attributes the cyberattacks to the MoleRats advanced persistent threat (APT). Zscaler’s research team was able to tie MoleRats, an Arabic-speaking group with a history of targeting Palestinian interests, to this campaign because of overlap in the .NET payload and command-and-control (C2) servers with previous MoleRats APT attacks.”
Title: Beware of Fake Tax Apps Pushing Malware
Date Published: January 25, 2022
https://www.helpnetsecurity.com/2022/01/25/fake-tax-apps/
Excerpt: “With the self-assessment tax deadline fast approaching in the UK, self-employed individuals will be looking to take advantage of the many apps that are on the market to help make the tax return process as smooth as possible. Unfortunately, there is a real and pervasive problem of tax-related cybercrime. It is not uncommon for cyber scams to be tied to current affairs, as this ensures that they are far-reaching and timely. When it comes to apps, for every good and useful app that exists, there will nearly always be malicious individuals looking to exploit its popularity to try to steal from unsuspecting individuals.”
Title: Suspected REvil Ransomware Spinoff ‘Ransom Cartel’ Debuts
Date Published: January 24, 2022
https://www.bankinfosecurity.com/suspected-revil-ransomware-spinoff-ransom-cartel-debuts-a-18365
Excerpt: “Has the notorious REvil, aka Sodinokibi, ransomware operation rebooted as “Ransom Cartel”? Security experts say the new group has technical and other crossovers with REvil. But whether the new group is a spinoff of REvil, bought the tools, or is simply copying how they work, remains unclear. The anti-malware researchers behind MalwareHunterTeam note that the new crime group debuted by the middle of December 2021, and that while none of the group’s crypto-locking malware has yet been recovered, and it’s not clear how many victims the group might have amassed, it has a number of crossovers with REvil.”
Title: Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks
Date Published: January 25, 2022
https://thehackernews.com/2022/01/hackers-infect-macos-with-new-dazzlespy.html
Excerpt: “A previously undocumented cyber-espionage malware aimed at Apple’s macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. Slovak cybersecurity firm ESET attributed the intrusion to an actor with “strong technical capabilities,” calling out the campaign’s overlaps to that of a similar digital offensive disclosed by Google Threat Analysis Group (TAG) in November 2021. The attack chain involved compromising a legitimate website belonging to D100 Radio, a pro-democracy internet radio station in Hong Kong, to inject malicious inline frames (aka iframes) between September 30 and November 4, 2021.”
Title: Google Drive Flags Nearly Empty Files for ‘Copyright Infringement’
Date Published: January 25, 2022
Excerpt: “Users were left startled as Google Drive’s automated detection systems flagged a nearly empty file for copyright infringement. The file, according to one Drive user, contained nothing other than just the digit “1” within. This week, Assistant Professor at Michigan State University, Dr. Emily Dolson, Ph.D. reported seeing some odd behavior when using Google Drive. One of the files in Dolson’s Google Drive, ‘output04.txt’ was nearly empty—with nothing other than the digit ‘1’ inside it. But according to Google, this file violated the company’s “Copyright Infringement policy” and was hence flagged.”
Title: Trickbot Injections Get Harder to Detect & Analyze
Date Published: January 24, 2022
https://www.darkreading.com/vulnerabilities-threats/trickbot-injections-get-harder-to-detect-analyze
Excerpt: “The authors of the Trickbot Trojan have added multiple layers of defenses around the malware to make it harder for defenders to detect and analyze the injections it uses during malicious operations. The improvements coincide with escalating activity around the malware and appear designed for attacks in which Trickbot is being used to conduct online banking fraud — something the tool was originally designed for before it was repurposed for malware distribution purposes.”
Title: 53% of Medical Devices Have A Known Critical Vulnerability
Date Published: January 25, 2022
https://www.helpnetsecurity.com/2022/01/25/critical-medical-device-risks//
Excerpt: “After a year of unprecedented ransomware attacks on hospitals and healthcare systems – and with healthcare now the #1 target for cybercriminals – critical medical device risks in hospital environments continue to leave hospitals and their patients vulnerable to cyber attacks and data security issues. Cynerio found that security threats related to IoT and related devices within healthcare environments have remained sorely under-addressed, despite increased investments in healthcare cybersecurity. Data shows that 53% of connected medical devices and other IoT devices in hospitals have a known critical vulnerability.”
Title: Missing Microsoft Intune Certs Break Email, VPN on Samsung Devices
Date Published: January 25, 2022
Excerpt:” Microsoft says Samsung devices enrolled in Microsoft Intune using a work profile will experience email and VPN connectivity issues due to missing certificates after upgrading to Android 12. Microsoft Intune is a cloud-based service designed to help admins manage Windows, macOS, iOS/iPadOS, and Android apps and devices in enterprise environments. It also enforces device-specific policies when accessing proprietary data from company-owned or personal devices.”