NEWS:
Top Techniques Used by Attackers to Bypass MFA
Many consider MFA (multi-factor authentication) as one of the critical security defenses against malicious cyberattacks, and rightly so. Even a large organization like Microsoft claims that MFA enables users to block 99.9 percent of automated attacks. Also, it reduces the risk of identity compromise over passwords. For this reason, we have seen that people across the board have begun to embrace MFA significantly in recent years. We witnessed a wide adoption of multi-factor authentication spanning from social media profiles to corporate accounts.
https://lifars.com/2021/08/top-techniques-used-by-attackers-to-bypass-mfa/
How Cybercriminals Weaponize Social Media
There’s no denying that social media has forever changed how we interact with one another. Social media has been more important than ever in the past year, with many of us stuck in our homes waiting out the seemingly endless COVID-19 pandemic. Whether we’ve used our social media feeds to pass the time or connect with friends and family, it’s helped us all feel connected, informed us, or just given us a good laugh. Unfortunately, it’s also been weaponized to spread disinformation, promote scams, and, more recently, steal information from COVID vaccination cards.
https://www.digitalshadows.com/blog-and-research/how-cybercriminals-weaponize-social-media/
Cybersecurity’s next fight: How to protect employees from online harassment
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Leigh Honeywell, CEO and Co-founder of Tall Poppy, which builds tools and services to help companies protect their employees from online harassment and abuse. In this blog, Leigh talks about company strategies for fighting online harassment.
The games cybercriminals use to disguise malware
Cybercriminals often use creative ways to get malware onto a system but, sometimes, the old ways can prove just as successful as newer tactics are. Case in point – using games as a way to get malware onto a system. During the pandemic gaming has become a massive hobby for those stuck at home and cybercriminals have leveraged that appetite to spread malware. According to Kaspersky, game-related cyberthreats increased between Q1 2020 and Q2 2020 by 66 percent. In total the firm detected 2.48 million instances of malware designed to look like games.
https://www.htxt.co.za/2021/08/the-games-cybercriminals-use-to-disguise-malware/
INCIDENTS:
Personal Data and docs of Swiss town Rolle available on the dark web
Documents and personal details of residents of the small Swiss town Rolle, on the shores of Lake Geneva, were stolen in a ransomware attack. The Swiss town Rolle disclosed the data breach after a ransomware attack, personal details of all its 6,200 inhabitants were stolen by threat actors. The threat actors compromised some administrative servers and exfiltrated sensitive documents. Initially the municipal government in the town downplayed the incident, saying that attackers stole only a small amounts of data and that all the information had been restored from backup copies. Immediately after the attack, the town administrative chief Monique Choulat Pugnale told the Swiss daily 24 heures that it was “a weak attack” that impacted email servers that “did not contain any sensitive municipal data.”
https://securityaffairs.co/wordpress/121470/cyber-crime/swiss-town-rolle-ransomware.html
New Hampshire town loses $2.3 million to overseas scammers
Peterborough, a small New Hampshire town, has lost $2.3 million after BEC scammers redirected several bank transfers using forged documents sent to the town’s Finance Department staff in multiple email exchanges. BEC scammers use various tactics (including phishing and social engineering) to compromise or impersonate their targets’ business email accounts, allowing them to redirect pending or future payments to bank accounts they control.
Town officials discovered the attack on July 26 when the ConVal School District notified them that they didn’t receive a $1.2 million monthly transfer. On August 18, while investigating this incident, Peterborough’s Finance Department staff discovered that two other bank transfers meant for a general contractor on the town’s Main Street Bridge project were diverted to attackers’ bank accounts.
MALWARE:
Need to get root on a Windows box? Plug in a Razer gaming mouse
This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File Explorer window to the proposed location—but that File Explorer spawns with SYSTEM process ID, not with the user’s.
New variant of PRISM Backdoor ‘WaterDrop’ targets Linux systems
According to researchers, the PRISM backdoor has been on their radar for more than 3.5 years. Security researchers at AT&T Labs have published a report sharing details of a newly discovered Linux ELF executables cluster having zero to low antivirus detections on VirusTotal. Researchers noted that these executables have a modified version of the open-source backdoor PRISM, which threat actors use extensively in different campaigns. Reportedly, the malware has been on their radar for more than 3.5 years. The oldest samples date back to November 8th, 2017. It concerns researchers that the executables aren’t detected by VirusTotal that usually detects malicious URLs and files easily.
VULNERABILITIES:
F5 Bug Could Lead to Complete System Takeover
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode. Application delivery and networking firm F5 released a baker’s dozen of 13 fixes for high-severity bugs, including one that could lead to complete system takeover and hence is boosted to “critical” for customers in “especially sensitive sectors.” F5 – maker of near-ubiquitously installed enterprise networking gear – released nearly 30 vulnerabilities for multiple devices in its August security updates.
https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html
Cisco Issues Critical Fixes for High-End Nexus Gear
Networking giant issues two critical patches and six high-severity patches. Cisco Systems released six security patches tied to its high-end 9000 series networking gear ranging in importance from critical, high and medium severity. The most serious of the bugs patched by Cisco (rated 9.1 out of 10) could allow a remote and unauthenticated adversary to read or write arbitrary files on to an application protocol interface used in Cisco 9000 series switches designed to manage its software-defined networking data center solution.
VMware Issues Patches to Fix New Flaws Affecting Multiple Products
VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses (from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 – 8.6) affect VMware vRealize Operations (prior to version 8.5.0), VMware Cloud Foundation (versions 3.x and 4.x), and vRealize Suite Lifecycle Manager (version 8.x)..
Separately, VMware has also issued patches to remediate a cross-site scripting (XSS) vulnerability impacting VMware vRealize Log Insight and VMware Cloud Foundation that stems from a case of improper user input validation, enabling an adversary with user privileges to inject malicious payloads via the Log Insight UI that’s executed when a victim accesses the shared dashboard link.
https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-new-flaws.html
B. Braun Infusomat Pumps Could Let Attackers Remotely Alter Medication Dosages
Cybersecurity researchers have disclosed five previously unreported security vulnerabilities affecting B. Braun’s Infusomat Space Large Volume Pump and SpaceStation that could be abused by malicious parties to tamper with medication doses without any prior authentication.
https://thehackernews.com/2021/08/bbraun-infusomat-pumps-could-let.html
Mirai-style IoT botnet is now scanning for router-pwning critical vuln in Realtek kit
A denial-of-service vulnerability affecting SDKs for Realtek chipsets used in 65 vendors’ IoT devices has been incorporated into a son-of-Mirai botnet, according to new research. The remote code execution flaw, CVE-2021-35395, was seen in Mirai malware binaries by threat intel firm Radware, which “found that new malware binaries were published on both loaders leveraged in the campaign.” Warning that the vuln had been included in Dark.IoT’s botnet “less than a week” after it was publicly disclosed, Radware said: “This vulnerability was recently disclosed by IoT Inspectors Research Lab on August 16th and impacts IoT devices manufactured by 65 vendors relying on the Realtek chipsets and SDK.”
https://www.theregister.com/2021/08/25/mirai_botnet_critical_vuln_realtek_radware/
Cyber4Dev collates data from Open Source websites, any opinions or attributions expressed in the articles are not those of Cyber4Dev and are not endorsed by the project or the EU.
