Daily Drop(45)

2-11-22

Friday, February 11, 2022 // (IG): BB //Weekly Sponsor: BLKTRIANGLE

Apple patches new zero-day exploited to hack iPhones, iPads, Macs

FROM THE MEDIA: Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. The zero-day patched today is tracked as CVE-2022-22620 [1, 2] and is a WebKit Use After Free issue that could lead to OS crashes and code execution on compromised devices. Successful exploitation of this bug allows attackers to execute arbitrary code on iPhones and iPads running vulnerable versions of iOS and iPadOS after processing maliciously crafted web content. "Apple is aware of a report that this issue may have been actively exploited," the company said when describing the zero-day. Apple addressed CVE-2022-22620 with improved memory management in iOS 15.3.1, iPadOS 15.3.1, and macOS Monterey 12.2.1. Although this zero-day was likely only used in targeted attacks, it's still strongly recommended to install the updates as soon as possible to block potential attack attempts.

READ THE STORY:  Bleeping Computer

A QUICK LOOK: 

VMware Details Malware Threats in Linux Multi-Cloud Implementations

FROM THE MEDIA: VMware said that while 90 percent of cloud runs on Linux servers, most countermeasures are for Windows, which leaves multi-cloud implementations vulnerable to malware attacks. "Threat actors know that current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to Linux-based attacks," the report says. "These public and private clouds are high-value targets for cybercriminals, providing access to critical infrastructure services and substantial computational resources." While the dense, data-laden technical threat report is heavy on nitty-gritty details (including downloadable datasets) and light on highlight takeaways and generalizations, VMware does offer some recommendations at the end, including adopting Zero Trust security model principles. Zero Trust is emerging along with best practice techniques like regular system backups and using Multi-factor Authentication (MFA) in the fight against ransomware and other attacks that are regularly making headline news.

READ THE STORY:  Virtualization Review

A QUICK LOOK: 

Cyber-attack disrupts Slovenia’s top TV station

FROM THE MEDIA: cyber-attack has disrupted the operations of Pop TV, Slovenia’s most popular TV channel, in an incident this week believed to be an extortion attempt. The attack, which took place on Tuesday, impacted Pop TV’s computer network and prevented the company from showing any computer graphics for the evening edition of 24UR, the station’s daily news show. The night edition of the same show was canceled altogether, although a truncated version of the news aired on the company’s website, Pop TV said in a statement on Tuesday, the day of the attack. But while news broadcasts were restored by the next day, the attack also impacted other parts of the network’s operation. In a second statement on Wednesday, Pop TV said the attack also hit some of its web servers, including VOYO, an on-demand streaming platform that offers channels from its parent company, along with licensed movies and TV series. The company said the attack prevented its staff from adding new content to the platform and streaming any of its channels and live sporting events, such as the Winter Olympics, which angered many of its paid subscribers.

READ THE STORY:  The Record

A QUICK LOOK: 

Malicious QR Codes Flood Twitter To Deliver a Malicious Chrome Extension

FROM THE MEDIA: Elaborating on the details in a post, Karsten Hahn described how multiple researchers noticed QR codes flooding Twitter to spread malware. Upon further investigation the matter made him discover that those QR codes target users with a malicious Chrome extension. Briefly, these QR codes typically catch victims’ attention via lucrative images. The images boast ads for downloading pirated software as an ISO file to ensure that a victim would scan the QR code. However, this ISO file never delivers the claimed software instead serves as a malware loader. It consists of two components; a _meta.txt containing a PowerShell script and a downloader.exe. Regarding how these components function, the post states, The _meta.txt contains a PowerShell script, which is encrypted with a substitution cipher. The downloader.exe is a .NET assembly. It has a big dictionary with the substitution alphabet to decrypt the PowerShell script in _meta.txt. It adds the PowerShell commands as a scheduled task named ChromeTask which runs every ten minutes. The PowerShell script specifically downloads the malicious Chrome extension that exhibits stealthy properties to escape uninstalling. For instance, attempting to visit the “chrome://extensions” path would redirect to “chrome://settings”. Once installed, the malicious extension doesn’t run any damaging malware, attempting to evade detection. But in the background, it performs session hijacking and displays intrusive ads.

READ THE STORY:  LHN

A QUICK LOOK:

France Rules That Using Google Analytics Violates GDPR Data Protection Law

FROM THE MEDIA:  French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation (GDPR) laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S. is not "sufficiently regulated" citing a violation of Articles 44 et seq. of the data protection decree, which govern the transfers of personal data to third countries or international entities. Specifically the independent administrative regulatory body highlighted the lack of equivalent privacy protections and the risk that "American intelligence services would access personal data transferred to the United States if the transfers were not properly regulated." "[A]lthough Google has adopted additional measures to regulate data transfers in the context of the Google Analytics functionality, these are not sufficient to exclude the accessibility of this data for U.S. intelligence services," the CNIL said. "There is therefore a risk for French website users who use this service and whose data is exported." As part of the order, the CNIL recommended one of the offending websites to adhere to the GDPR by ceasing to utilize the Google Analytics functionality or by using an alternative website traffic monitoring tool that does not involve a transfer outside the E.U., giving it a deadline of one month to comply.

READ THE STORY:  THN

A QUICK LOOK:

Microsoft starts killing off WMIC in Windows, will thwart attacks

FROM THE MEDIA: Microsoft is moving forward with removing the Windows Management Instrumentation Command-line (WMIC) tool, wmic.exe, starting with the latest Windows 11 preview builds in the Dev channel. WMIC.exe is a built-in Microsoft program that allows command-line access to the Windows Management Instrumentation. Using this tool, administrators can query the operating system for detailed information about installed hardware and Windows settings, run management tasks, and even execute other programs or commands. Microsoft announced last year that they had begun deprecating wmic.exe in Windows Server in favor of Windows PowerShell, which also includes the ability to query Windows Management Instrumentation. "The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This tool is superseded by Windows PowerShell for WMI," explains the list of deprecated Window features.

READ THE STORY:  Bleeping Computer

A QUICK LOOK:

After lying low, SSH botnet mushrooms and is harder than ever to take down

FROM THE MEDIA: Two years ago, researchers stumbled upon one of the Internet’s most intriguing botnets: a previously undiscovered network of 500 servers, many in well-known universities and businesses around the world, that was impervious to normal takedown methods. After lying low for 16 months, those researchers said, the botnet known as FritzFrog is back with new capabilities and a larger base of infected machines. FritzFrog targets just about anything with an SSH, orsecure shell, server—cloud instances, data center servers, routers, and the like—and installs an unusually advanced payload that was written from scratch. When researchers from security firm Guardicore Labs (now Akamai Labs)reported it in mid-2020, they called it a “next-generation” botnet because of its full suite of capabilities and well-engineered design. It was a decentralized, peer-to-peer architecture that distributed administration among many infected nodes rather than a central server, making it hard to detect or take it down using traditional methods.

READ THE STORY:  Arstechnica

A QUICK LOOK:

The Clipboard Hacker Strikes Again: NFT Newbie Robbed by Crypto Scam

FROM THE MEDIA: The Clipboard Hacker continues its rampage to victimize unsuspecting newbies and even crypto and NFT veterans! This is alarming because this scheme proves that hackers are getting more innovative than ever with how they target users and wallets. Nowadays, the attacks are a mix of social engineering and technical sophistication. Akshay Upadhya, a photographer and NFT newbie, shared his unfortunate experience on Twitter. He admitted that he was reluctant to enter the NFT space primarily because of a lack of knowledge and fear of scams. So over the past couple of weeks, he has been listening to people in the NFT space and really loved how the community is holding up. Hence, he finally decided to give it a try. He approached things carefully and conservatively. Learning from all the experts and thought leaders, he started his NFT journey by creating a new metamask wallet about two weeks ago with no real currency in it. Then, he made sure to use a separate browser exclusively for this purpose and secured his seed phrase by not making it accessible anywhere digitally.

READ THE STORY:  NTF Evening

A QUICK LOOK:

Microsoft's Small Step to Disable Macros Is a Huge Win for Security

FROM THE MEDIA: TRICKING SOMEONE INTO enabling macros on a downloaded Microsoft Excel or Word file is an old hacker chestnut. That one click from a target creates a foothold for attackers to take over their devices. This week, though, Microsoft announced a seemingly minor tweak with massive implications: Beginning in April, macros will be disabled by default in files downloaded from the internet. Macros are small pieces of software used to automate tasks like data collection without the need to develop additional tools or applications. They can be written directly in Microsoft's Visual Basic for Applications programming language, or set up through translation tools that will turn a series of steps into a VBA macro, no coding skills required. Businesses rely on them heavily, especially those with legacy infrastructure, and they play a crucial role in everything from financial services to government organizations. But as an individual Microsoft 365 user, it's not unusual if your only interaction with macros has been clicking that pesky “allow” button—or knowing avoidance. For attackers, being able to write little programs within massive, trusted applications like Excel or Word creates the opportunity to develop what are essentially macro viruses. Bad actors can also craft these programs to automatically download and run additional malware on victim devices. As a result, whether you use the feature in your daily life or not, everyone has faced risk from it for decades, making Microsoft's move this week all the more significant.

READ THE STORY:  Wired

A QUICK LOOK:

Israel freezes spyware exports

FROM THE MEDIA: Pegasus developer NSO has warned the Israeli financial newspaper Calcalist today that it will take legal action if the outlet does not back away from reports published earlier this morning. Calcalist claims that Pegasus clients were able to erase records of some of their usage of the spyware. Two days earlier, Calcalist revealed a long list of politicians, activists and journalists the police allegedly spied upon by eavesdropping on their phones. Prime Minister Naftali Bennett vowed to get to the bottom of the issue while Public Security Minister Omer Bar Lev said he would seek a government commission of inquiry. Israel's domestic Pegasus affair will not die down anytime soon and will continue to wreck havoc in Israeli politics and democracy while the country is still also grappling with the international Pegasus scandal at great diplomatic cost.

READ THE STORY:  AL Monitor

A QUICK LOOK:

Items of interest

The Cyber Cold War: Understanding the Russian cyberattacks, and the strategy to defend against them(Article)

FROM THE MEDIA: Russian state-sponsored cyberattacks have wreaked havoc across the globe, and they show no sign of slowing down. Russian hackers are waging a campaign of espionage and cyber terror against the Ukraine, with the most recent crime on January 14, wiping vital government data and knocking out government websites, including the ministries of education and foreign affairs. Tensions are at an all-time high between the two countries, and governments around the world are bracing themselves amidst fears that these data breaches in the Ukraine are simply a testing ground for future attacks. While the daily news updates on these Russian cyberattacks are certainly sobering, organizations are not entirely helpless. Government, corporate, and financial leaders can take immediate steps to prepare their IT infrastructure and their employees to withstand potential attacks.

READ THE STORY:  IDG Connect

Spies, Lies, and Algorithms with Amy B. Zegart(Video)

FROM THE MEDIA: The past, present, and future of American intelligence…where are we going and how well are we doing? Amy B. Zegart has been analyzing the challenges that American intelligence faces for the last 30 years, and she believes we are at a reckoning point. Join us for a talk with Zegart, the author of "Spies, Lies, and Algorithms: The History and Future of American Intelligence" where she puts her thoughts into context. In our conversation, we’ll explore some of the key points that she argues have placed American intelligence in crisis. Drawing on interviews with current and former intelligence officials and extensive and diverse research, she’ll discuss how weak intelligence makes the US more vulnerable to attacks on power grids, water supply, elections, corporate network servers, and nuclear weapons; how artificial intelligence, quantum computing, social media, and the Internet are reshaping politics, societies, and economics; the rise of open source intelligence; why US congressional oversight so rarely works effectively or smoothly; and why cyberspace is the ultimate cloak-and-dagger battleground.

Russia and the West: A New Cold War?(Video)

FROM THE MEDIA: Panelists discuss the escalating threats at the Ukrainian border, the risks of Russian military action, as well as the mounting tensions between Russia, the United States, and the European Union that have led to this point and possible ways forward.

About this Product

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com