News – Page 503

Ransomware attempt volume sets record, reaches more than 300 million for first half of 2021: SonicWall

Posted on 31 July 2021

From zdnet.com

A new report from SonicWall found that attempted ransomware attacks skyrocketed in the first half of 2021, with 304.7 million attempted attacks seen by the company. SonicWall researchers saw a record number of attempted attacks in both April and May but both months were beat by June, which had a record 78.4 million attempted ransomware attacks.

The total figure of ransomware attacks seen by SonicWall in the first half of 2021 smashed the 2020 total of 304.6 million. The fact that the first six months of 2021 have already surpassed all of 2020 alarmed SonicWall researchers, who added that it represented a 151% year-on-year increase.

Node.js fixes severe HTTP bug that could let attackers crash apps

Posted on 31 July 2021

From bleepingcomputer.com

Node.js has released updates for a high severity vulnerability that could be exploited by attackers to corrupt the process and cause unexpected behaviors, such as application crashes and potentially remote code execution (RCE).

The use-after-free vulnerability, tracked as CVE-2021-22930 is to do with how HTTP2 streams are handled in the language.

Bugs Across Apple Products Causing New Troubles

Posted on 30 July 2021

From cyware.com

Bugs Across Apple Products Causing New Troubles

It has only been a week since Apple Inc. released a set of OS updates addressing nearly three dozen bugs. The California-headquartered tech giant, once again, patched a zero-day impacting iOS, iPadOS, and macOS.

The storyline

An unnamed researcher reported the new flaw that could be exploited to run malicious code on the affected device.

Dubbed CVE-2021-30807, the bug resided in the iGiant’s IOMobileFrameBuffer code, which is a kernel extension for managing the screen frame buffer.
It also stated it is aware of an incident with possible exploitation of the flaw.

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

Posted on 30 July 2021

From thehackernews.com

A cyber attack that derailed websites of Iran’s transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called “Meteor.”

The campaign — dubbed “MeteorExpress” — has not been linked to any previously identified threat group or to additional attacks, making it the first incident involving the deployment of this malware, according to researchers from Iranian antivirus firm Amn Pardaz and SentinelOne. Meteor is believed to have been in the works over the past three years.

“Despite a lack of specific indicators of compromise, we were able to recover most of the attack components,” SentinelOne’s Principal Threat Researcher, Juan Andres Guerrero-Saade, noted. “Behind this outlandish tale of stopped trains and glib trolls, we found the fingerprints of an unfamiliar attacker,” adding the offensive is “designed to cripple the victim’s systems, leaving no recourse to simple remediation via domain administration or recovery of shadow copies.”

Malware Meteor: Attack on Iran’s railway system

Posted on 30 July 2021

From en.secnews.gr

A new file wiping malware called Meteor has been discovered in recent attacks on Iran’s railway system.

Earlier this month, Iran’s transport ministry and national train system came under cyber attack, shutting down the service’s websites and disrupting train service. Threatening agents also posted messages on the railway billboards indicating that train services were delayed or canceled due to a cyber attack.

Several Malicious Typosquatted Python Libraries Found On PyPI Repository

Posted on 30 July 2021

From thehackernews.com

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks.

“Lack of moderation and automated security controls in public software repositories allow even inexperienced attackers to use them as a platform to spread malware, whether through typosquatting, dependency confusion, or simple social engineering attacks,” JFrog researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe said Thursday.

Magnitude Exploit Kit: Still Alive and Kicking

Posted on 30 July 2021

From decoded.avast.io

If I could choose one computer program and erase it from existence, I would choose Internet Explorer. Switching to a different browser would most likely save countless people from getting hacked. Not to mention all the headaches that web developers get when they are tasked with solving Internet Explorer compatibility issues. Unfortunately, I do not have the power to make Internet Explorer disappear. But seeing its browser market share continue to decline year after year at least gives me hope that one day it will be only a part of history.

While the overall trend looks encouraging, there are still some countries where the decline in Internet Explorer usage is lagging behind. An interesting example of this is South Korea, where until recently, users often had no choice but to use this browser if they wanted to visit a government or an e-commerce website. This was because of a law that seems very bizarre from today’s point of view: these websites were required to use ActiveX controls and were therefore only supported in Internet Explorer. Ironically, these controls were originally meant to provide additional security. While this law was finally dismantled in December 2020, Internet Explorer still has a lot of momentum in South Korea today.