Title: PyPI package ‘Keep’ Mistakenly Included a Password Stealer
Date Published: June 12, 2022
Excerpt: “PyPI packages ‘keep,’ ‘pyanxdns,’ ‘api-res-py’ were found to be containing a backdoor due to the presence of malicious ‘request’ dependency within some versions. For example, while most versions of ‘keep’ project use the legitimate Python module requests for making HTTP requests, ‘keep’ v.1.2 contains ‘request’ (without s) which is malware.”
Title: HelloXD Ransomware Operators Install MicroBackdoor on Target Systems
Date Published: June 13, 2022
https://securityaffairs.co/wordpress/132207/malware/helloxd-ransomware-installs-microbackdoor.html
Excerpt: “The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn’t use a leak site, instead, it contacts victims through TOX chat and onion-based messenger instances.”
Title: Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers
Date Published: June 13, 2022
https://threatpost.com/bluetooth-signals-track-smartphones/179937/
Excerpt: “Researchers warn Bluetooth signals can be used to track device owners via a unique fingerprinting of the radio signal. The technique was presented via a paper presented at IEEE Security and Privacy conference last month by researchers at the University of California San Diego.”
Title: Microsoft Helps Prevent Lateral Movement from Compromised Unmanaged Devices
Date Published: June 13, 2022
https://www.helpnetsecurity.com/2022/06/13/microsoft-prevent-lateral-movement/
Excerpt: “A new feature in Microsoft Defender for Endpoint can make it more difficult for attackers to perform lateral movement within company networks, as it allows admins to prevent traffic flowing to and from unmanaged devices that have been compromised. Lateral movement is a fundamental tactic deployed by most cyberattackers today, which means that enterprise defenders should work to prevent it or at least minimize it.”
Title: Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users
Date Published: June 13, 202
https://thehackernews.com/2022/06/chinese-hackers-distribute-backdoored.html
Excerpt: “A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims’ funds. Said to be first discovered in March 2022, the cluster of activity “hint[s] to a strong relationship with a Chinese-speaking entity yet to be uncovered,” based on the macOS usernames, source code comments in the backdoor code, and its abuse of Alibaba’s Content Delivery Network (CDN).”
Title: New Vytal Chrome Extension Hides Location info that your VPN Can’t
Date Published: June 12, 2022
Excerpt: “A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. Many people use VPNs to hide their location or connect from another country while browsing the web. People do this for various reasons, such as bypassing censorship, geographic blocks, or simply having additional privacy on the Internet.”
Title: Using WiFi Connection Probe Requests to Track Users
Date Published: June 13, 2022
https://securityaffairs.co/wordpress/132193/mobile-2/wifi-probe-requests-track-users.html
Excerpt: “A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users. Mobile devices transmit probe requests to receive information about nearby Wi-Fi networks and establish a Wi-Fi connection. An access point receiving a probe request replies with a probe response, thereby establishing a connection between both devices. However, probe requests can contain identifying information about the device owner depending on the age of the device and its OS. For example, a request can contain the preferred network list (PNL), which includes networks identified by their so-called Service Set Identifier (SSIDs). Experts explained that 23 % of the probe requests contain SSIDs of networks the devices were connected to in the past.”
Title: API Security Warrants its Own Specific Solution
Date Published: June 13, 2022
https://www.helpnetsecurity.com/2022/06/13/risks-api-security/
Excerpt: “Application programming interfaces (APIs) enable developers to quickly and easily roll-out services but they’re also equally attractive to attackers. This is because they can provide ready access to back-end systems and sensitive data sets. What makes these attacks so interesting is how they are executed: unlike a traditional “hack,” an API attack doesn’t hinge on there being something wrong with the API. Rather, attackers can legitimately use the way an API functions against it and can simply find out if it hasn’t been developed securely through standard interaction.”
Title: Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
Date Published: June 13, 2022
https://thehackernews.com/2022/06/researchers-disclose-rooting-backdoor.html
Excerpt: “Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May 2022.”
Title: Russian Hackers Start Targeting Ukraine with Follina Exploits
Date Published: June 13, 2022
Excerpt: “Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. The security issue can be triggered by either opening or selecting a specially crafted document and threat actors have been exploiting it in attacks since at least April 2022.”