The Curious Case of SunCrypt

From securityboulevard.com

SunCrypt

Toward the end of August, the gang behind the SunCrypt ransomware strain announced they had joined the Maze cartel of ransomware operators, which currently boasts Maze, LockBit and Ragnar Locker. After that announcement, reports began emerging of the first high-profile victim of the gang. However, not all is as it seems with the gang and questions have been raised as to whether they are indeed the newest members of the Maze cartel.

Read more…

Apple High Severity Bug Allows Attackers to Execute Arbitrary Code on iPhone, iPad, iPod

From gbhackers.com

Apple High Severity Bug Allows Attackers to Execute Arbitrary Code on iPhone, iPad, iPod

Apple release updates for iOS and iPadOS operating systems that fixes several security iPhone, iPad, and iPod devices.

With the security update, Apple addressed 11 bugs in various products and components such as AppleAVD, Apple Keyboard, WebKit, and Siri.

Among the fixed vulnerabilities the high severity one is CVE-2020-9992, which allows attackers to execute arbitrary code on the system.

Read more…

U.K. warns of surge in ransomware threats against education sector

From bleepingcomputer.com

The U.K. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware incidents targeting educational institutions, urging them to follow the recently updated recommendations for mitigating malware attacks.

This warning comes after the NCSC investigated in August an increased number of ransomware attacks on schools, colleges, and universities in the country.

Read more…

Authenticated Remote Code Execution in OpenMRS

From securityboulevard.com

OpenMRS-vulnerability

Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided quickly that doing some form of hack-a-thon on OpenMRS (an open medical records system) would help us learn but at the same time help OpenMRS find any application vulnerabilities they could fix to increase their security posture.

Read more…

atching in the Time of Remote Work

From securityboulevard.com

patching

It’s imperative that employers implement a patch cadence, regardless of whether employees agree with it

This may sound controversial, but unfortunately, my experience shows it to be true: When humans are prompted to do something without risk or reward, they tend not to do it. In their remote environments, just as when they were in the office, the reminders still pop up on employees’ screens: “Updates Available for Your Device.” But, when given the choice, employees more often than not select “Remind Me Tomorrow”—whether because they’re busy, impatient or don’t understand the importance of regular updates.

Read more…

A Mix of Python & VBA in a Malicious Word Document

From isc.sans.edu

A few days ago, Didier wrote an interesting diary about embedded objects into an Office document[1]. I had a discussion about an interesting OLE file that I found. Because it used the same technique, I let Didier publish his diary first. Now, let’s have a look at the document.

Read more…