Wemo Vulnerability, EXSI Threats, Critical Cisco Flaws, IAM, Malware, and More – SWN #299
$10M reward, a serious wemo vulnerability, EXSI threats, critical Cisco flaws, millions of smart phones with preinstalled malware and Bill Brenner
Hosts
- 1. US Offering $10M Reward for Russian Man Charged With Ransomware Attacks
The US is offering a $10 million reward for information on a Russian man accused of launching ransomware attacks on critical infrastructure.
- 2. FBI confirms BianLian ransomware switch to extortion only attacks
A joint Cybersecurity Advisory from government agencies in the U.S. and Australia, and published by the Cybersecurity and Infrastructure Security Agency (CISA,) is warning organizations of the latest tactics, techniques, and procedures (TTPs) used by the BianLian ransomware group.
- 3. Chrome 113 Security Update Patches Critical Vulnerability
Google this week announced the release of a Chrome 113 security update that resolves a total of 12 vulnerabilities, including one rated ‘critical’. Six of the flaws were reported by external researchers.
Tracked as CVE-2023-2721 and reported by Qihoo 360 researcher Guang Gong, the issue is described as a use-after-free flaw in Navigation.
- 4. Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs
The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely.
The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on January 9, 2023, by Israeli IoT security company Sternum, which reverse-engineered the device and gained firmware access.
- 5. ESXi Servers Face New Threats From MichaelKors RaaS Affiliates
A few days ago, a report highlighted the increasing affinity of ransomware groups toward the ESXi platform. The trend continues further, with a new RaaS operation added to the list. This operation, dubbed MichaelKors (formerly Qilin), has been encrypting Linux and VMware ESXi systems since April.
- 6. Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks
Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition.
"These vulnerabilities are due to improper validation of requests that are sent to the web interface," Cisco said, crediting an unnamed external researcher for reporting the issues.
Four of the nine vulnerabilities are rated 9.8 out of 10 on the CVSS scoring system, making them critical in nature.
- 7. Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions
Apple has announced that it prevented over $2 billion in potentially fraudulent transactions and rejected roughly 1.7 million app submissions for privacy and security violations in 2022.
The computing giant said it terminated 428,000 developer accounts for potential fraudulent activity, blocked 105,000 fake developer account creations, and deactivated 282 million bogus customer accounts. It further noted that it thwarted 198 million attempted fraudulent new accounts prior to their creation.
- 8. Don’t panic. Google offering scary .zip and .mov domains is not the end of the world
COMMENT In early May, Google Domains added support for eight new top-level domains, two of which – .zip, and .mov – raised the hackles of the security community.
The reason, of course is, that .zip and .mov are both file extensions. So there's concern that a miscreant could employ these TLDs to confuse people by visiting a malicious website rather than opening a file, among other threat scenarios.
- 9. Access to Energy Sector ICS/OT Systems Offered on Hacker Forums
Threat actors have been offering access to energy sector organizations, including industrial control systems (ICS) and other operational technology (OT) systems, according to a new report from Searchlight Cyber.
The UK-based threat intelligence company has conducted an analysis of posts published between February 2022 and February 2023 on cybercrime forums, dark web sites, and marketplaces, and found many offers for initial access into the environments of energy sector organizations, including oil and gas and renewable energy firms in the US, Canada, UK, Italy, France and Indonesia.
- 10. Millions of Smartphones Distributed Worldwide With Preinstalled ‘Guerrilla’ Malware
A threat actor has control over millions of smartphones distributed worldwide thanks to a piece of malware that has been preinstalled on the devices, Trend Micro warned.
It has been known for several years that smartphones, particularly budget devices, may be shipped with shady firmware that can give companies or other entities access to user data. One of the best known operations involved Triada, an advanced trojan installed on Android devices whose existence came to light in 2016.
- 11. Apple fixes three new zero-days exploited to hack iPhones, Macs
Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.
"Apple is aware of a report that this issue may have been actively exploited," the company revealed in security advisories describing the flaws.
- 12. Cybercriminals who targeted Ukraine are actually Russian government hackers, researchers say
For years, Russian government hackers have used several made-up personas to hide their tracks and try to trick security researchers and government agencies into pointing the blame in the wrong direction.
They have pretended to be a lone Romanian hacktivist called Guccifer 2.0 when they hacked the Democratic National Committee; unleashed a destructive malware designed to look like run-of-the-mill ransomware; hid within the servers used by an Iranian hacking group; claimed to be an Islamist hacking group called Cyber Caliphate; hacked the 2018 Winter Olympics leaving breadcrumbs that pointed to North Korea and China; and slipped false evidence within documents released as a hack and leak operation supposedly carried out by an hacktivist group called Cyber Berkut.
Now, security researchers claim to have found a new Russian government false flag.