BU-CERT News

From cyware.com

It has only been a week since Apple Inc. released a set of OS updates addressing nearly three dozen bugs. The California-headquartered tech giant, once again, patched a zero-day impacting iOS, iPadOS, and macOS.

The storyline

An unnamed researcher reported the new flaw that could be exploited to run malicious code on the affected device.

• Dubbed CVE-2021-30807, the bug resided in the iGiant’s IOMobileFrameBuffer code, which is a kernel extension for managing the screen frame buffer.
• It also stated it is aware of an incident with possible exploitation of the flaw. 

Read more…

From thehackernews.com

A cyber attack that derailed websites of Iran’s transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called “Meteor.”

The campaign — dubbed “MeteorExpress” — has not been linked to any previously identified threat group or to additional attacks, making it the first incident involving the deployment of this malware, according to researchers from Iranian antivirus firm Amn Pardaz and SentinelOne. Meteor is believed to have been in the works over the past three years.

“Despite a lack of specific indicators of compromise, we were able to recover most of the attack components,” SentinelOne’s Principal Threat Researcher, Juan Andres Guerrero-Saade, noted. “Behind this outlandish tale of stopped trains and glib trolls, we found the fingerprints of an unfamiliar attacker,” adding the offensive is “designed to cripple the victim’s systems, leaving no recourse to simple remediation via domain administration or recovery of shadow copies.”

Read more…

From en.secnews.gr

A new file wiping malware called Meteor has been discovered in recent attacks on Iran’s railway system.

Earlier this month, Iran’s transport ministry and national train system came under cyber attack, shutting down the service’s websites and disrupting train service. Threatening agents also posted messages on the railway billboards indicating that train services were delayed or canceled due to a cyber attack.

Read more…

From thehackernews.com

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks.

“Lack of moderation and automated security controls in public software repositories allow even inexperienced attackers to use them as a platform to spread malware, whether through typosquatting, dependency confusion, or simple social engineering attacks,” JFrog researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe said Thursday.

Read more…

From decoded.avast.io

If I could choose one computer program and erase it from existence, I would choose Internet Explorer. Switching to a different browser would most likely save countless people from getting hacked. Not to mention all the headaches that web developers get when they are tasked with solving Internet Explorer compatibility issues. Unfortunately, I do not have the power to make Internet Explorer disappear. But seeing its browser market share continue to decline year after year at least gives me hope that one day it will be only a part of history.

While the overall trend looks encouraging, there are still some countries where the decline in Internet Explorer usage is lagging behind. An interesting example of this is South Korea, where until recently, users often had no choice but to use this browser if they wanted to visit a government or an e-commerce website. This was because of a law that seems very bizarre from today’s point of view: these websites were required to use ActiveX controls and were therefore only supported in Internet Explorer. Ironically, these controls were originally meant to provide additional security. While this law was finally dismantled in December 2020, Internet Explorer still has a lot of momentum in South Korea today. 

Read more…

From theregister.com

A call from the executive floor is rarely a harbinger of happiness, especially when one is wading knee-deep through the molasses of malware. Welcome to one Register reader’s experience in On Call.

Our story takes place a few years ago and concerns “Ruud” (not his name) who had joined a very well-known company as head of IT. As befitted a person of his job title, Ruud had started putting the company’s house in order and begun rolling out some standard security tools “to get us to a decent baseline.”

It did not go well, or went too well depending on one’s standpoint, and the new tools spotted some malware running on dozens of PCs. It was an all-hands-on-deck moment to stop the nasties spreading any further through the company. Leading from the front, Ruud dived in to do his bit.

“I was downstairs freezing my tits off in a cold store working on an affected PC when I got a tap on the shoulder from my boss,” he told us. The managing director had called down and wanted a word. Now.

Read more…

From helpnetsecurity.com

Global tax systems are responsible for handling and storing vast amounts of data. Whether it’s details of a supplier’s transactions with its customers, or personal financial information, this data is an important commodity, the protection of which is paramount.

It’s also increasingly vulnerable. Over the last 18 months, opportunistic cyber criminals have taken advantage of crisis conditions to infiltrate the networks of organizations across the globe.

Cyber attacks increased in both frequency and intensity at the height of the COVID-19 pandemic – the first half of 2020 saw a 273 percent rise in the number of large-scale data breaches compared to the same period 12 months earlier.

Read more…