- 1. Chaos Malware Walks Line Between Ransomware and Wiper
Nasty: " “Instead of encrypting files (which could then be decrypted after the target paid the ransom), it replaced the files’ contents with random bytes, after which the files were encoded in Base64. This meant that affected files could no longer be restored, providing victims no incentive to pay the ransom.” “One of the more interesting functions of Chaos version 1.0 was its worming function, which allowed it to spread to all drives found on an affected system,” de Jesus wrote. “This could permit the malware to jump onto removable drives and escape from air-gapped systems.”"
- 2. Hacker Exploiting Authentication Bypass Bug On Millions Of Routers
Yikes: "For a device in which http:///index.htm requires authentication, an attacker could access index.htm using the following paths: http:///images/..%2findex.htm or http:///js/..%2findex.htm or http:///css/..%2findex.htm" Great article on the details: https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
- 3. Apple’s Plan to “Think Different” About Encryption Opens a Backdoor to Your Private Life
Interesting take on this and how it could be abused from a privacy perspective: "This means that if—for instance—a minor using an iPhone without these features turned on sends a photo to another minor who does have the features enabled, they do not receive a notification that iMessage considers their image to be “explicit” or that the recipient’s parent will be notified. The recipient’s parents will be informed of the content without the sender consenting to their involvement. Additionally, once sent or received, the “sexually explicit image” cannot be deleted from the under-13 user’s device."
- 4. Microsoft announces new ‘Super Duper Secure Mode’ for Edge
"Encouraged by these findings, Norman said the Edge team is now working on Super Duper Secure Mode, an Edge configuration where they disable JIT and enable three other security features such as Controlflow-Enforcement Technology (CET) and Arbitrary Code Guard (ACG)—two features that would normally clash with V8’s JIT implementation. As Norman explained, Super Duper Secure Mode is currently classified as an experiment, and there are no plans set in stone to ship it to users just yet."
- 5. INFRA:HALT security bugs impact critical industrial control devices
We've seen this before, very bad: "They impact the DNS client and the HTTP server components of the stack, allowing a remote attacker to execute code on the vulnerable device to take full control over it. To trigger CVE-2020-25928, an attacker would need to send a crafted DNS packet as a response to a DNS query from the vulnerable device, Forescout and JFrog researchers explain in a joint technical report published earlier today."
- 6. Zoom to pay $85M for lying about encryption and sending data to Facebook and Google
Trying to re-define end-to-end encryption: "The connection between the Zoom app running on a user's computer or phone and Zoom's server is encrypted in the same way the connection between a web browser and a website is encrypted. This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. In a Zoom meeting utilizing this encryption technology, the video and audio content will stay private from anyone spying on Wi-Fi, but will not stay private from the company or, presumably, anyone with whom the company shares its access voluntarily, by compulsion of law (e.g., at the request of law enforcement), or involuntarily (e.g., a hacker who can infiltrate the company's systems). With true E2E encryption, the encryption keys are generated by the client (customer) devices, and only the participants in the meeting have the ability to decrypt it." as "the encryption keys for each meeting are generated by Zoom's servers, not by the client devices."
- 7. Credit card-stealing malware found in official Python repository
I really want to know if a library is accessing my file system and/or communicating with IP addresses on the Internet... This one steals your Discord auth tokens and credit cards stored by your browser...
- 8. Men File Lawsuit Against Dallas County Sheriff
"Gary DeMercurio and Justin Wynn have filed a civil lawsuit against Dallas County and Sheriff Chad Leonard from an incident that occurred in September 2019 when the two men broke into the Dallas County Courthouse claiming they were hired to do so. The two men worked for cybersecurity advisor Coalfire, which is headquartered in Colorado. "
- 9. Fingerprinting Windows versions, AV, wireless cards over the network—all without authentication
Using Windows DCE/RPC (TCP port 135) HD and team was able to more accurately fingerprint the Windows OS type and version, in addition to determining if the host has a Wifi adapter and even what type of AV software is running. Amazing research!
- 10. Crypto-mining botnet modifies CPU configurations to increase its mining power
We need more power captain: "In a report published last week, Uptycs researchers said they spotted a crypto-mining botnet in June 2021 that was breaching Linux servers, downloading the Linux MSR driver, and then disabling hardware prefetching before installing a version of XMRig, a common app used for cryptocurrency mining by both legitimate users and malware gangs. Uptycs believes the attacker got the idea to disable hardware prefetching after reading the XMRig documentation, where it is claimed that XMRig can gain a 15% speed boost if the feature is disabled."
- 11. A Botnet is Attacking Synology NAS Devices: Here’s How to Secure Yours
Why do you need your NAS device on the Internet!?!?
- 12. Glowworm-Attack
Wow: "In this paper, we identify a new class of optical TEMPEST attacks: recovering sound by analyzing optical emanations from a device’s power indicator LED. We analyze the response of the power indicator LED of various devices to sound and show that there is an optical correlation between the sound that is played by connected speakers and the intensity of their power indicator LED due to the facts that: (1) the power indicator LED of various devices is connected directly to the power line, (2) the intensity of a device's power indicator LED is correlative to the power consumption, and (3) many devices lack a dedicated means of countering this phenomenon."
- 13. Ransomware Payments Explode Amid ‘Quadruple Extortion’
"1) Encryption: Victims pay to regain access to scrambled data and compromised computer systems that stop working because key files are encrypted. 2) Data Theft: Hackers release sensitive information if a ransom is not paid. 3) DoS: Ransomware gangs launch DoS attacks that shut down a victim’s public websites. 4) Harassment: Cybercriminals contact customers, business partners, employees and media to tell them the organization was hacked."
- 14. Accenture claims to fight off LockBit ransomware gang with backup
"Cybercrime intelligence firm Hudson Rock revealed that nearly 2,500 computers of Accenture partners and employees were compromised. Another research firm Cyble tweeted that the attackers stole 6TB of data and have demanded a ransom of $50 million."