BU-CERT – Page 5 – Bournemouth University Computer Emergency Response Team

EU ends Apple Pay antitrust probe with binding commitments to open up contactless payments

Posted on 11 July 2024

From techcrunch.com

The European Union has accepted commitments from Apple over how it operates Apple Pay to settle a long running competition investigation. Commission EVP Margrethe Vestager, who heads up the EU’s competition division, announced the development in a press conference Thursday.

Apple has until July 25 to implement changes that will allow developers of rival mobile wallets to offer contactless payment by the predominant technology used in the EU (NFC) — enabling them to offer their users “tap and go” payments, she said. They will also be able to access key iOS features, such as double click to launch their apps as well as Face ID, Touch ID and passcodes for authentication.

Apple will also let users set a third-party wallet app as their default, rather than its own Apple Wallet.

Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)

Posted on 11 July 2024

From tenable.com

Microsoft released 138 CVEs in July 2024 Patch Tuesday release, with five rated critical, 132 rated important and one rated moderate. Our counts omitted four vulnerabilities, two reported by GitHub, and one reported by CERT/CC and Arm each.

Remote Code Execution (RCE) vulnerabilities accounted for 42.8% of the vulnerabilities patched this month, followed by Elevation of Privilege (EoP) and Security Feature Bypass vulnerabilities at 17.4%.

Roblox Data Breach: Email & IP address Details Exposed

Posted on 8 July 2024

From gbhackers.com

Roblox, the globally renowned online gaming platform, has suffered a data breach.

According to a tweet from cybersecurity expert H4ckManac, the breach has exposed sensitive information, including email addresses and IP addresses of millions of users.

Apple Removes VPN Apps from Russian App Store Amid Government Pressure

Posted on 8 July 2024

From thehackernews.com

Apple removed a number of virtual private network (VPN) apps in Russia from its App Store on July 4, 2024, following a request by Russia’s state communications watchdog Roskomnadzor, Russian news media reported.

This includes the mobile apps of 25 VPN service providers, including ProtonVPN, Red Shield VPN, NordVPN and Le VPN, according to MediaZona. It’s worth noting that NordVPN previously shut down all its Russian servers in March 2019.

“Apple’s actions, motivated by a desire to retain revenue from the Russian market, actively support an authoritarian regime,” Red Shield VPN said in a statement. “This is not just reckless but a crime against civil society.”

CloudSorcerer – A new APT targeting Russian government entities

Posted on 8 July 2024

From securelist.com

In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens. Additionally, CloudSorcerer uses GitHub as its initial C2 server.

CloudSorcerer’s modus operandi is reminiscent of the CloudWizard APT that we reported on in 2023. However, the malware code is completely different. We presume that CloudSorcerer is a new actor that has adopted a similar method of interacting with public cloud services.

PSA: This Microsoft Update is essential

Posted on 8 July 2024

From pandasecurity.com

There are always risks when connecting to unknown public WiFi networks. Scammers will sometimes create ‘fake’ hotspots that capture and steal sensitive data from their unsuspecting victims. However, these scams only work when the hackers have complete control of the WiFi network.

Microsoft discovers a new variation

Microsoft recently identified a new vulnerability that could be exploited to compromise machines on any public WiFi network. The vulnerability (CVE-2024-30078) allows hackers to send a malicious packet to devices on the same Wi-Fi networks in locations such as airports, coffee shops, hotels, or workplaces.

Once the magic packet has been received by an unprotected computer, the hacker can remotely execute commands and access the system. Worse still, the whole process is invisible – there are no prompts or alerts that show something is wrong.

Fortunately, Microsoft has developed a fix. The patch for CVE-2024-30078 was included in the monthly update for June. Although Microsoft classifies this vulnerability as “Important” (the second highest rating), it still presents a significant risk to anyone who uses public WiFi networks.

Decrypted: DoNex Ransomware and its Predecessors

Posted on 8 July 2024

From decoded.avast.io

DoNex and its Brothers

The DoNex ransomware has been rebranded several times. The first brand, called Muse, appeared in April 2022. Multiple evolutions followed, resulting in the final version of the ransomware, called DoNex. Since April 2024, DoNex seems to have stopped its evolution, as we have not detected any new samples since. Additionally, the TOR site of the ransomware has been down since that point. The following is a brief history of DoNex.

Apr 2022	The first sample of Muse ransomware
Nov 2022	Rebrand to fake LockBit 3.0
May 2023	Rebrand to DarkRace
Mar 2024	Rebrand to DoNex

All brands of the DoNex ransomware are supported by the decryptor.

DoNex uses targeted attacks on its victims and it was most active in the US, Italy, and Belgium based on our telemetry.