Vending Machine Hack, Chucky’s Amber Alert, HarmonyOS, & Realtek Vulns – PSW #682
Security in a Complex World, Huawei’s HarmonyOS embodies “Fake it till you make it”, Hackers Infiltrating the World of Online Gaming, Sloppy patches breed zero-day exploits, Dutch researcher hacks prepaid vending machines, When was the last time you said: "Hey, that web app on that IoT/network device was really secure!"? Test Amber Alert accidentally sent out warning of Chucky from the Child’s Play horror movies, Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module, New Linux malware steals SSH credentials from supercomputers, From Microsoft: how not to run Docker in Azure Functions.
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. Experts discovered a new Trickbot module used for lateral movementTrickbot operators have been spotted leveraging a new Trickbot module dubbed "masrv" (masrvDll32 and masrvDll64) which uses the "Masscan" open-source utility to scan local networks, allowing attackers to more easily move laterally across targeted organizations' networks in search of vulnerable devices with open ports that can be compromised.
- 2. New Linux malware steals SSH credentials from supercomputersA new backdoor has been targeting supercomputers across the world, often stealing the credentials for secure network connections by using a trojanized version of SSH. Even with SSH, you should enable MFA, and limit certificates trusted for authentication.
- 3. Trickbot Back from the Dead in New CampaignSecurity researchers are warning of a resurgence of prolific Trojan malware Trickbot, which had its infrastructure disrupted by a Microsoft-led coalition late in 2020
- 4. Operation NightScout: Supply?chain attack targets online gaming in AsiaESET discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox’s product range with over 150 million users worldwide. DIsable or untnstall until known good patch available.
- 5. CISA Launches Campaign to Reduce the Risk of RansomwareCISA has launched a campaign to reduce the risk of ransomware, including a one-stop resource for alerts, guides, fact sheets, training and other resources. While the initial focus is on supporting COVID-19 response organizations and K-12 educational institutions, there is real value to any organization wanting to combat ransomware.
- 6. ZINC attacks against security researchers – Microsoft SecurityMicrosoft’s Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team write that over that past months, they have “detected cyberattacks targeting security researchers by an actor we track as ZINC.”
- 7. US court system ditches electronic filing, goes paper-only for sensitive documents following SolarWinds hackUS courts have been instructed to issue standing or general orders that “highly sensitive court documents (HSDs) filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system.
- 8. North Korean hackers are targeting security researchers with malware, 0-daysA North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight. According to a report released tonight by Google's Threat Analysis Group, a North Korean government-backed hacking group uses social networks to target security researchers and infect their computers with a custom backdoor malware.
- 9. Intel says it wasn’t hacked after all; blames internal error for financial results leaking outThe URL of their earnings infographic was inadvertently leaked, and accessed by third-parties, necessitating an immediate release of the earnings report. Unintentional insider incidents are common and can cause significant damage, including the accidental exposure of sensitive financial data.