Job Expectations, Pi Password Thief, Python Masscan, & Pingback – PSW #693

with over two dozen makes

Researchers say they have identified a novel Windows malware sample dubbed "Pingback" that leverages ICMP for C&C communications and DLL hijacking to achieve persistence on targeted Windows 64-bit systems.

A new threat actor that appears to be financially motivated has targeted many organizations in the United States and other countries. The attacks involved three previously unseen pieces of malware tracked by FireEye as DOUBLEDRAG, DOUBLEDROP and DOUBLEBACK. DOUBLEDRAG is a downloader delivered in the first stage of the attack and which in some cases was replaced with a malicious Excel document that served as a downloader. DOUBLEDRAG is designed to connect to a C&C server and fetch DOUBLEDROP, a memory-only dropper that deploys DOUBLEBACK, a backdoor that is apparently still under development

MITRE announced last week that the latest update to the popular ATT&CK framework introduces techniques related to containers and the Google Workspace platform. ATT&CK v9 includes another significant change that consolidates AWS, Azure, and Google Cloud Platforms into a single infrastructure-as-a-service (IaaS) platform.

Digital marriage licenses. Zoom ceremonies. Everyday citizens becoming wedding officiants. Utah County, Utah's online marriage license system became a big hit after COVID-19 shut down most offices that issue marriage licenses.

A cyber crime group breached its systems and began selling access to compromised customer and courier accounts on Amazon rival Spanish delivery service Glovo, just one month after announcing it had taken in $1 billion in funding and has plans to go public in a few years.

Pulse Secure has released a patch addressing the critical authentication bypass vulnerability (CVE-2021-22893). Run the Pulse Secure Integrity Checker prior to patching.

The U.S. government says it is investigating a recently discovered supply chain attack in which attackers leveraged vulnerabilities affecting the Pulse Secure VPN to target more than a dozen federal agencies.

Hackers are now claiming they have accessed "tens of thousands" of SIM cards following a cyber attack against telecommunications firm Schepisi Communications, which is self-described as a "platinum partner" of Melbourne-based Telstra that provides cloud storage and telephone numbers on behalf of Telstra.

Using obtained credentials and exploiting a vulnerability in third-party security software, the unauthorized party gained unauthorized access to under 200 online customer bank accounts, had access to personal information in those accounts, and fraudulently obtained an aggregate of less than $1 million from some of those accounts.

Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let attackers execute code on unpatched systems. Attackers can exploit CVE-2021-28482 if the are authenticated on an on-premises Exchange server instance not patched with Microsoft's April update. A python based PoC exploit has been released.

Pennsylvania DOH is accusing contact tracing company Insight Global, which was contracted to provide the state with "contact tracing and other services," of willfully disregarding security protocols and exposing PHI and PII belonging to some 72,000 people.

Chelle brought this to my attention. Previously undocumented piece of Linux malware dubbed "RotaJakiro" that functions as a backdoor and has gone undetected for at least three years have been spotted being used in attacks targeting Linux X64 systems.

Researchers at the universities of Virginia and California in the United States have devised new Spectre-style hardware attacks that make it possible to steal data when processes retrieve commands from their micro-ops caches.

According to TurgenSec, the compromised documents include documents generated during daily operations, staff training, internal passwords and policies, staff payment information, information related to financial processes, and other activities such as audits.

Tthe "PortDoor" backdoor developed by Anonymous is likely being leveraged by Chinese APT actors in phishing attacks targeting Russian firm Rubin Design Bureau, which builds submarines for the Russian Navy Federation. RoyalRoad is used by attackers to create weaponized RTF document designed to exploit three vulnerabilities (CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802) affecting Microsoft's Equation Editor.

Executive Summary SentinelLabs has discovered five high severity flaws in Dell’s firmware update driver impacting Dell desktops, laptops, notebooks and tablets. See also: https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability