Nastiest Malware 2023
News, Announcements, Tech Discussions
These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:CVE-2023-24936· Title: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability· Version: 3.0· Reason for revision: In the Security Updates table, added all supported versions of all supported versions of .NET Framework, Visual Studio 2022 version 17.0, Visual Studio 2022 version 17.2, and Visual Studio 2022 version 17.4 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.· Originally released: June 13, 2023· Last updated: July 13, 2023· Aggregate CVE Severity Rating: ModerateCVE-2023-27909· Title: AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or pri
September 15, 2023 By Pierluigi Paganini Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story. The Android challengeIn the digital age, mobile applications have become an integral part of our lives, transforming the way we communicate, work, and entertain ourselves. With the vast array of apps available at our fingertips, it’s easy to overlook the potential risks they may pose. Behind the sleek interfaces and promising functionalities lurks a hidden concern that has captured the attention of security researchers and users alike – dangerous Android app permissions.Android, being the most widely used mobile operating system globally, offers developers great flexibility to create innovative and powerful applications. However, this flexibility also introduces a crucial challenge – maintaining a balance between user convenience and safeguarding sensitive data and privacy.Our researchers to
Google's app for generating MFA codes syncs to user accounts by default. Who knew?DAN GOODIN - 9/15/2023 A security company is calling out a feature in Google’s authenticator app that it says made a recent internal network breach much worse.Retool, which helps customers secure their software development platforms, made the criticism on Wednesday in a post disclosing a compromise of its customer support system. The breach gave the attackers responsible access to the accounts of 27 customers, all in the cryptocurrency industry. The attack started when a Retool employee clicked a link in a text message purporting to come from a member of the company’s IT team.“Dark patterns”It warned that the employee would be unable to participate in the company’s open enrollment for health care coverage until an account issue was fixed. The text arrived while Retool was in the process of moving its login platform to security company Okta. (Okta itself disclosed the breach of one of its third-party custo
September 15, 2023 By Pieter Arntz The European Union Agency for Law Enforcement Cooperation (Europol), has published a report that examines developments in cyberattacks, discussing new methodologies and threats observed by Europol’s operational analysts. The report also discusses the criminal organizations behind cyberattacks and the influence of geopolitical events.The report follows the Internet Organized Crime Assessment (IOCTA), Europol’s assessment of the cybercrime landscape and how it has changed over the last 24 months.When it comes to the most deployed tactics, the report holds no big surprises. >> Full Article <<
For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide. September 15, 2023 By Nathan Eddy A global cyber-espionage campaign conducted by the Iranian nation-state actor known as Peach Sandstorm (aka Holmium) has successfully plucked targets in the satellite, defense, and pharmaceutical sectors, Microsoft is warning. The cyber offensive has been active since February, according to a blog post from Microsoft Threat Intelligence, which concluded that the campaign used masses of password spray attacks between February and July to authenticate to thousands of environments and exfiltrate data, all in support of Iranian state interests.The password spray method of attack is a type of brute-force method used by hackers to gain unauthorized access to user accounts and systems. Password spraying involves attempting to access multiple accounts using common passwords, reducing the risk
September 15, 2023 By Lawrence Abrams 9/15/23 update added below.Trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is behind recent service outages preventing trucking companies from managing their fleets.ORBCOMM is a solutions provider for freight companies to manage fleets and track transported assets. The company also provides Electronic Logging Devices (ELD) that truckers use to log their hours to adhere to federal safety regulations.Since September 6th, ORBCOMM customers have reported that they cannot track their transported inventory or use Blue Tree ELD devices, forcing truckers to switch to paper logs.As truckers can only use paper logs for eight days out of every 30, truckers were concerned that they would be unable to drive their trucks unless they received a waiver.Update 9/15/23: After publishing the story, BleepingComputer learned that an email was sent out to all ORBCOMM customers on the evening of September 7th about the rans
Education and research is the most targeted industry globally when it comes to cyberattacks with an average of nearly 2,300 attacks against organizations each week. September 15, 2023 By SKYLAR RISPENS Personal information of current and former university students and employees at Virginia Tech was posted online, the university announced this week. The compromised files contained demographic data on current and former students and dining service employees at the university, according to a Virginia Tech press release. The files were stored on a computer workstation in the student affairs division that has since been removed from the network, the release said. >> Full Article <<
The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges. September 15, 2023 By Jai Vijayan A widely used programming library called "ncurses" is infested by malicious gremlins — in the form of multiple memory corruption vulnerabilities that give attackers a way to target applications running in macOS, Linux, and FreeBSD.Researchers from Microsoft uncovered the vulnerabilities in the library, which basically provides APIs for text-based user interfaces and terminal applications. In a technical report this week, researchers from the company's threat intelligence team described the bugs as allowing data leaks, privilege escalation, and arbitrary code execution."After discovering the vulnerabilities in the ncurses library, we worked with the maintainer, Thomas E. Dickey, and Apple to ensure the issues were resolved across platforms," the rese
This week’s big news is the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having already paid the ransom and the other still facing operational disruptions.Caesers was first quietly breached earlier this month, with the attackers stealing its loyalty program database. This database contains driver's license numbers and social security for customers, and to prevent the leak of the data, Caesers paid a ransom demand.According to a report by the Wall Street Journal, the threat actors demanded $30 million not to leak the data, but the Casino negotiated it down to a $15 million payment."We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result," Caesars said in an SEC 8-K filing published after news of the attack leaked.This week, MGM Resorts suffered a ransomware attack, causing massive disruptions in its casinos, such as ATMs and credit card machines not working, guests locked our of hotel
These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:CVE-2023-36562· Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability· Version: 1.0· Reason for revision: Information published.· Originally released: September 15, 2023· Last updated: September 15, 2023· Aggregate CVE Severity Rating: ModerateCVE-2023-36727· Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability· Version: 1.0· Reason for revision: Information published.· Originally released: September 15, 2023· Last updated: September 15, 2023· Aggregate CVE Severity Rating: ImportantCVE-2023-36735· Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability· Version: 1.0· Reason for revision: Information published.· Originally released: September 15, 2023· Last updated: September 15, 2023· Aggregate CVE Severity Rating: ModerateCVE-2023-4900· Title: Chromium: CVE-2023-4900 Inappropriate implementation in Custom Tabs·
September 18, 2023 By Bill Toulas The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.WebDAV (Web Distributed Authoring and Versioning) is an extension of the HTTP protocol that enables clients to perform remote authoring operations such as creating, accessing, updating, and deleting web server content.Intel471's researchers report that Bumblebee's latest campaign, which started on September 7, 2023, abuses the 4shared WebDAV services to distribute the loader, accommodate the attack chain, and perform several post-infection actions. >> Full Article <<
September 18, 2023 By Sergiu Gatlan The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.Almost three years later, this was discovered by cloud security firm Wiz whose security researchers found that a Microsoft employee inadvertently shared the URL for a misconfigured Azure Blob storage bucket containing the leaked information.Microsoft linked the data exposure to using an excessively permissive Shared Access Signature (SAS) token, which allowed full control over the shared files. This Azure feature enables data sharing in a manner described by Wiz researchers as challenging to monitor and revoke.When used correctly, Shared Access Signature (SAS) tokens offer a secure means of granting delegated access to resources within your storage account. >> Full Article <<
