Home

Dark Reading

18 January 2022

• Mastering the Art of Cloud Tagging Using Data Science
  Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.
• Russia Takes Down REvil Ransomware Operation, Arrests Key Members
  Timing of the move has evoked at least some skepticism from security experts about the country's true motives.
• The Cybersecurity Measures CTOs Are Actually Implementing
  Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.
• Maryland Dept. of Health Responds to Ransomware Attack
  An attack discovered on Dec. 4, 2021 forced the Maryland Department of Health to take some of its systems offline.
• White House Meets With Software Firms and Open Source Orgs on Security
  The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.
• What's Next for Patch Management: Automation
  The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.
• BlueNoroff Threat Group Targets Cryptocurrency Startups
  A series of attacks against small and medium-sized businesses has led to major cryptocurrency losses for the victims.
• Fighting Back Against Pegasus, Other Advanced Mobile Malware
  Detecting infection traces from Pegasus and other APTs can be tricky, complicated by iOS and Android security features.
• How to Protect Your Phone from Pegasus and Other APTs
  The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime.
• New Vulnerabilities Highlight Risks of Trust in Public Cloud
  Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.

Threatpost

• Top Illicit Carding Marketplace UniCC Abruptly Shuts Down  
  UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next.
• Real Big Phish: Mobile Phishing & Managing User Fallibility
  Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.
• Critical Cisco Contact Center Bug Threatens Customer-Service Havoc
  Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers.
• ‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites
  As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be afraid” was scrawled on the Foreign Ministry site.
• Russian Security Takes Down REvil Ransomware Gang
  The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure.
• Three Plugins with Same Bug Put 84K WordPress Sites at Risk
  Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.
• Microsoft Yanks Buggy Windows Server Updates
  Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable.
• North Korean APTs Stole ~$400M in Crypto in 2021
  Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens.
• US Military Ties Prolific MuddyWater Cyberespionage APT to Iran
  US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools.
• New GootLoader Campaign Targets Accounting, Law Firms
  GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.

The Hacker News

18 January 2022

• Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors
  17 January 2022
  An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong,
• Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central
  17 January 2022
  Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read unauthorized data or write an arbitrary zip
• Chrome Limits Websites' Direct Access to Private Networks for Security Reasons
  17 January 2022
  Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C specification called
• Dark Web's Largest Marketplace for Stolen Credit Cards is Shutting Down
  16 January 2022
  UniCC, the biggest dark web marketplace for stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to
• High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites
  16 January 2022
  Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site's administrator into performing an action, such as clicking on a

Naked Security

• Romance scammer who targeted 670 women gets 28 months in jail
  Found love online? Sending them money? Friends and family warning you it could be a scam? Don't be too quick to dismiss their concerns...
• Serious Security: Linux full-disk encryption bug fixed – patch now!
  Imagine if someone who didn't have your password could sneakily modify data that was encrypted with it.
• REvil ransomware crew allegedly busted in Russia, says FSB
  The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew.
• S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
  Latest episode -listen to it or read it now!
• Wormable Windows HTTP hole – what you need to know
  One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
• Home routers with NetUSB support could have critical kernel hole
  Got a router that supports USB access across the network? You might need a kernel update...
• JavaScript developer destroys own projects in supply chain “lesson”
  Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.
• Honda cars in flashback to 2002 – “Can’t Get You Out Of My Head”
  Where were YOU on the night of 17 May 2002? And what about the day after that?
• Log4Shell-like security hole found in popular Java SQL database engine H2
  "It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.
• S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]
  We're back for 2022 - listen now!