Latest cybersecurity news and articles compiled by “Cyware.com.”

Views expressed in this cybersecurity-cybercrime update are those of he reporters and correspondents.

Accessed on 09 March 2022, 2259 UTC.

Content supplied by “Cyware.com.”

Source:

https://cyware.com/cyber-security-news-articles

Please click link or scroll down to read your selections.

Latest Cybersecurity News And Articles

Access:7 – Supply Chain Flaws Impacting IoT and Medical Devices

The seven flaws have been dubbed Access:7 and are present in PTC’s Axeda agent, which is used for remote access and management of more than 150 connected devices across over 100 vendors. 

NVIDIA’s Code Signing Certificates Stolen and Abused in Attacks

Lapsus$, responsible for the recent attack on Nvidia, reportedly released two of the company’s old code-signing certificates, and threat actors have started abusing it. In some cases, the stolen certificates were used to sign Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans. Ad … Read More

Ragnar Locker Breached 52 Organizations and Counting, FBI Warns

The FBI issued an alert about the Ragnar Locker ransomware group that has claimed 52 entities as its victims across 10 critical infrastructure sectors in the U.S, so far. The IOCs in the alert has information from Bitcoin addresses where hackers collect the ransom to the email addresses of operator … Read More

Updated SharkBot Variant Makes its Way into Google Play Store

Researchers exposed cybercriminals distributing the SharkBot banking trojan via Google Play Store. The malware is using Automatic Transfer Systems (ATS) to transfer money by abusing the Accessibility permission on devices and grants itself additional required permissions. Smartphone users are reque … Read More

Siemens Addresses Over 90 Vulnerabilities Affecting Third-Party Components

Siemens has released 15 new advisories to inform customers about more than 100 vulnerabilities affecting its products, including over 90 security flaws introduced by the use of third-party components.

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

It is an extension of the 2017 Spectre version 2 attack, also known as Spectre-BTI (Branch Target Injection) and, just like Spectre v2, can result in the leak of sensitive information from the privileged kernel memory space.

Adobe Patches ‘Critical’ Security Flaws in Illustrator, After Effects

The patches, scheduled as part of Adobe’s Patch Tuesday release cycle, address a range of arbitrary code execution and memory leak vulnerabilities that could expose data to malicious hacker attacks.

Attackers Exploit Flaw in Mitel Systems to Launch Terabyte Scale DDoS Attack in the Wild

The flaw resides in around 2,600 incorrectly provisioned Mitel MiCollab and MiVoice Business Express systems that act as PBX-to-internet gateways and have a test mode that should not be exposed to the internet.

SAP Patches Critical Security Flaws in Monitoring Solutions

The most serious of the documented flaws is rated critical and described as a missing authorization check vulnerability in SAP Focused Run that could lead to complete system compromise.

Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses

Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System (CPS) that could be combined to achieve a full pre-authenticated remote code execution of affected systems.

Android’s March 2022 Security Updates Patch 39 Vulnerabilities

Google this week announced the release of patches for 39 vulnerabilities as part of the March 2022 security update for Android. The most serious vulnerability is CVE-2021-39708 in the System component.

China-linked APT41 Targeting U.S. State Governments by Exploiting Flaws in Web Applications

APT41 is a prolific Chinese state-sponsored espionage group known to target organizations in both the public and private sectors and also conducts financially motivated activity for personal gain.

Container Escape to Shadow Admin Enabled by GKE Autopilot Vulnerabilities

An attacker could have exploited these issues to escalate privileges and become a “shadow administrator” with the ability to covertly exfiltrate secrets, deploy malware or cryptominers, and disrupt workloads.

New RURansom Wiper Targets Russian Entities Amidst Ongoing Conflict

A conflict in cyberspace is unfolding parallel to the ongoing conflict between Russia and Ukraine. Cyberattacks are being lobbed against both sides, with a new wiper directed against Russia joining the fray.

Mid-market tackling high rate of costly attacks, worsened by complex, siloed defences and staff burnout

As per a new report, 33% of mid-market organizations suffered an outage that knocked them offline for more than a day. Only half were able to prevent malicious attachments from reaching users’ inboxes.

E-commerce Tech Giant Mercado Libre Confirms Source Code Data Breach

The company’s announcement follows a poll by the data extortion group, Lapsus$ in which they threatened to leak data allegedly stolen from Mercado and other prominent companies.

Understanding US Defense Department’s relaxed cybersecurity protocols under CMMC 2.0

The DoD announced plans to release CMMC 2.0, with promises to streamline the certification process and ease security regulations for contractors and sub-contractors handling low-priority information.

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

Cybersecurity researchers disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices.

Fraud detection and prevention costs merchants more than fraud itself

European merchants spent nearly €7 billion (~$7.7 billion) on fraud detection and prevention in 2021 alone – more than three times the value lost to fraud in the same year, CMSPI estimates.

Google Warns of Russian Hackers Targeing Ukrainians, European Allies via Phishing Attacks

A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia’s invasion of Ukraine.

Millions of APC Smart UPS Devices Can Be Remotely Hacked, Damaged

UPS products made by Schneider Electric subsidiary APC are affected by critical vulnerabilities that can be exploited to remotely hack and damage devices, according to security company Armis.

March 2022 Patch Tuesday: Microsoft fixes RCEs in RDP client, Exchange Server

Microsoft’s March 2022 Patch Tuesday introduced patches for 71 CVE-numbered vulnerabilities, including three previously unknown “critical” ones and three “important” ones that were already public.

Sharp rise in SMB cyberattacks by Russia and China

There has been a sharp rise in activity from countries with consistently high levels of both attempted and successful attacks originating within their borders — Russia and China.

DDoS Attacks Fuel Pandemonium

A threat actor launched an attack using DanaBot against the webmail server belonging to the Ukrainian Ministry of Defense. The malware was utilized to deploy another second-stage malware.

FBI Warns of the Impersonation of Law Enforcement and Government Officials

The FBI is warning of ongoing widespread fraud schemes in which scammers impersonate law enforcement or government officials in attempts to extort money or steal personally identifiable information.

PROPHET SPIDER Exploits Citrix ShareFile Vulnerability to Deliver Webshell

At the start of 2022, CrowdStrike found PROPHET SPIDER exploiting CVE-2021-22941 vulnerability impacting Citrix ShareFile Storage Zones Controller to compromise a Microsoft IIS web server.

CISA Adds 95 Flaws to Its Catalog, Urges For Quick Action

The CISA added more than 60 flaws affecting Cisco and Microsoft products. All the Cisco vulnerabilities are rated critical as they can be abused by cybercriminals to run arbitrary code and for privilege escalation. Most vulnerabilities have a due date of March 24. The cybersecurity agency recommend … Read More

Update: Samsung confirms Galaxy source code breach but says no customer information was stolen

Samsung has now confirmed in a statement, without naming the hacking group, that there was a security breach, but it asserted that no personal information of customers was compromised.

Fresh flaws in Facebook Canvas earn bug bounty hunter a second payday

Facebook’s attempt at addressing the bug last year was found to be deficient. Researchers found three new flaws: a race conditions issue, a security bypass, and an issue involving encrypted parameters.

FIDO authentication standard could signal the passing of passwords

The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies.

Cybersecurity startup Axonius valued at $2.6 bln after latest funding

The latest financing led by Accel comes a year after Axonius raised $100 million at a valuation of $1.2 billion. Silver Lake Partners and existing investors Bessemer Venture Partners also participated.

China-linked TA416 Increases Attack Activity Against European Governments as Conflict in Ukraine Escalates

The campaigns utilize web bugs to profile the victims before sending a variety of PlugX malware payloads via malicious URLs. TA416 has recently updated its PlugX malware variant.

70% of breached passwords are still in use

A new SpyCloud report examined trends related to exposed data. Researchers identified 1.7 billion exposed credentials, a 15% increase from 2020, and 13.8 billion recaptured PII records obtained from breaches in 2021.

Sinclair losses mount as ransomware costs exceed insurance policy

The costs exceeded the company’s insurance coverage. The firm recorded $24 million in unrecoverable net losses related to the attack as of the March 1 filing of the 10-K.

Dirty Pipe Linux flaw allows gaining root privileges on major distros

Security expert Max Kellermann discovered a Linux flaw, dubbed Dirty Pipe and tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros.

Solving the problem of secrets sprawling in corporate codebases

When compared to open-source repositories, private ones are also four times more likely to expose a secret, comforting the idea that they permeate a false sense of secrecy threatening security postures.

Critical Security Flaws Impact Hundreds of Thousands of Medical Devices, ATMs, and Manufacturing Equipment

New findings about seven vulnerabilities in an Internet of Things remote management tool underscore the interconnected exposures in medical devices and the broader IoT ecosystem.

Google to buy cybersecurity firm Mandiant for $5.4 billion

The deal will enhance Google’s cloud computing business, which generates more than $19 billion annually, and bolster its security operations and advisory services, the company said on Tuesday.

7,000 Publications Impacted by PressReader Service Outage Due to Cyberattack

PressReader, a digital platform for hundreds of print newspapers and magazines, said its systems are slowly returning to normal after a cyberattack caused outages since last Thursday.

ICS vulnerability disclosures surge 110% over the last four years

ICS vulnerability disclosures grew a staggering 110% over the last four years, with a 25% increase in the second half of 2021 compared to the previous six months, according to research by Claroty.

Ragnar Locker Ransomware Gang breacheB 52 US Critical Infrastructure Organizations

The FBI also provided IOCs related to Ragnar Locker activity, including info on attack infrastructure, Bitcoin addresses used to collect ransom demands, and email addresses used by the operators.

Fill&Go Service at Rompetrol Gas Station Network Disrupted by Hive Ransomware

A subsidiary of KMG International, Rompetrol announced today that it is dealing with a “complex cyberattack” that forced it to shut down its websites and the Fill&Go service at gas stations.

War in Ukraine highlights vulnerability of critical energy infrastructure | DW | 07.03.2022

As the Russian army pushes deeper into Ukraine and hackers take down government websites in waves of cyber attacks, the security of Ukraine’s power sector has been thrown into question.

Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking

Researchers have disclosed details of critical security vulnerabilities in TerraMaster NAS devices that could be chained to attain unauthenticated remote code execution with the highest privileges.

Researchers find new way to neutralize side-channel memory attacks

The new solution is to shape memory requests by running them through a request shaper, called DAGuise, that uses a graph structure to process requests and send them to the memory controller on a fixed schedule.

Fake Purchase Order Used to Deliver Agent Tesla

FortiGuard Labs recently came across an interesting phishing e-mail masquerading as a purchase order addressed to a Ukrainian manufacturing organization that deals with raw materials and chemicals.

How the tech community has rallied to Ukraine’s cyber-defense

Responding to cyberattacks and building national cyber resilience has never been – and will never be – the sole responsibility of governments. It requires a whole-of-society approach grounded in international cooperation efforts.

MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I

Fortinet captured over 500 Excel files that were involved in a campaign to deliver the Emotet Trojan. The malicious macro downloads Emotet via two extracted files, “uidpjewl.bat” and “tjspowj.vbs”.

Why the World Needs a Global Collective Cyber Defense

As cyberattacks grow in scale and sophistication, private and public sector entities are recognizing the need for a system to proactively share threat intelligence information: a global collective defense.

Anonymous hacked Russian TV and streaming services with Ukraine footage

According to Anonymous, three Russian-state TV channels, Russia 24, Moscow 24, and Channel One and two Netflix-like Russian streaming services, Ivi and Wink, were targeted in the attack.

What Russia’s Ongoing Cyberattacks in Ukraine Suggest About the Future of Cyber Warfare

While some attacks, such as those against infrastructure, are nearly impossible for companies to prepare for, there are steps that they should take as a matter of course.

Ukrainian WordPress Sites Witness Massive Attack Volumes

Wordfence recorded a whopping 144,000 attacks on February 25, 2022, and a total of 209,624 attacks between February 25 and 27. Most of the attacks were focused on a subset of 376 academic websites.

Log4Shell Exploit Channelized to Launch DDoS and Cryptomining Attacks

According to a report by Barracuda, the volume of attacks attempting to exploit the Log4Shell vulnerability remained relatively constant over the past two months. Mirai and its other versions appeared in most of the attacks that made use of the Log4Shell exploit. 

8X Increase in Russian-Based Phishing

Avanan analyzed more than two million customer email inboxes since February 16. On the 27th, the attacks increased by eight times as compared to the baseline volume. 

Microsoft fixes critical Azure bug that exposed customer data

Microsoft has addressed a vulnerability in the Azure Automation service that could have allowed attackers to take complete control over the data of other Azure customers.

Japanese beauty retailer Acro blames third-party hack for breach of 100k payment cards

In a data breach notice, Acro revealed that customers of two of its beauty product websites were impacted as the result of the exploitation of a vulnerability in a third-party payment processing vendor.

Charities and NGOs providing support in Ukraine hit by malware

The news was reported by Amazon that associates the attacks with state-sponsored hackers and confirmed that it is helping customers impacted by the attacks to adopt security best practices.

Ukrainian Citizens Targeted in Phishing Attacks Using Compromised Accounts of Indian Entities

The messages purportedly warn the recipients of an unauthorized attempt to log in to their accounts from an IP address based out of the eastern Ukrainian city of Donetsk.
—–

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.

Thanks for joining us today.

Russ Roberts

https://cyber-security-intelligence.org

https://paper.li/RussellRoberts (machine learning, artificial intelligence, IoT, information security.