Category: News

From malware.news

On Monday (19JUL2021) President Biden announced that the US and its allies were joining together to condemn and expose that China was behind a set of unprecedented attacks exploiting vulnerabilities in Microsoft Exchange servers conducted earlier this year.  The White House press release was titled: “The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People’s Republic of China.” 

After praising recent actions by world governments to condemn Russian ransomware attacks, today’s memo goes on the offensive against China, reminding the world that the PRC intelligence enterprise hires contract hackers who operate both for the state and for their own profits.  Biden reminds us of charges brought against PRC Ministry of State Security (MSS) hackers in October 2018, July 2020, and September 2020 and says they have “engaged in ransomware attacks, cyber enabled extortion, crypto-jacking, and rank theft.” Today additional charges were brought against additional MSS hackers.

Read more…

From amnesty.org

NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime”  and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither of these statements are true. This report accompanies the release of the Pegasus Project, a collaborative investigation that involves more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories with technical support of Amnesty International’s Security Lab.[1]

Amnesty International’s Security Lab has performed in-depth forensic analysis of numerous mobile devices from human rights defenders (HRDs) and journalists around the world. This research has uncovered widespread, persistent and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware.

Read more…

From lakemchenryscanner.com

The Lake County Health Department announced two data breaches, one of which occurred in 2019, that compromised the data of almost 25,000 people.

Jefferson McMillan-Wilhoit, the Chief Health Informatics and Technology Officer for the Lake County Health Department, said the first breach was discovered on July 22, 2019.

McMillan-Wilhoit told the Chicago Tribune that the first breach, which was disclosed earlier this month, occurred after an unencrypted email was sent to an internal employee’s personal email address.

The spreadsheet consisted of medical records requests from December 2016 to June 2019 made through a third-party vendor who provides release of information services.

The information in the spreadsheet consisted of numbers and dates relevant only to the vendor along with a name.

Read more…

From malware.news

Although IcedID was originally discovered back in 2017, it did not gain in popularity until the latter half of 2020.  We have now analyzed a couple ransomware cases in 2021 (Sodinokibi & Conti) that used IcedID as the initial foothold into the environment. 

In June, we saw another threat actor utilize IcedID to download Cobalt Strike, which was used to pivot to other systems in the environment.  Similar to the Sodinokibi case, anti-virus (AV) slowed down the attackers.  AV frustrated them to the point they temporarily left the environment.  Eleven days later, activity returned to the environment with more Cobalt Strike beacons, which they used to pivot throughout the domain using WMI. The threat actors, however, remained unable or unwilling to complete their final objectives. 

Read more…

From therecord.media

An innocuous iPhone bug that could crash the WiFi service has turned out to be far worse than initially thought after mobile security firm ZecOps showed on Friday how the bug could be abused for remote code execution attacks.

Discovered last month by Danish security researcher Carl Schou, the bug could crash any up-to-date iPhone that connected to an access point or WiFi network with a name of %p%s%s%s%s%n.

After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3— Carl Schou (@vm_call) June 18, 2021

Since WiFi network names are written on disk in certain files, every time the iPhone tried to connect to a WiFi network, iOS would read those files and crash and reboot in a loop.

Read more…

From kalilinuxtutorials.com

wpscvn is a tool for pentesters, website owner to test if their websites had some vulnerable plugins or themes

The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law.

Read more…

From helpnetsecurity.com

Half of US organizations are not effective at countering phishing and ransomware threats, Osterman Research research reveals.

The findings come from a study compiled from interviews with 130 cybersecurity professionals in mid-sized and large organizations.

“Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,” said Jon Clay, VP of threat intelligence for Trend Micro. “Organizations need multi-layered defenses in place to mitigate these risks.”

Read more…