NSO Group iMessage Zero-Click Exploit Captured in the Wild
citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”. In this article, Citizen Lab analyses the exploit chain in detail.
Mitigating malware and ransomware attacks
www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks The guidance document helps private and public sector organisations deal with the effects of malware (which includes ransomware). It provides actions to help organisations prevent a malware infection, and also steps to take if you’re already infected.
Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang
threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/ Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems. Criminals behind the Ryuk ransomware were early exploiters of the Windows MSHTML flaw, actively leveraging the bug in campaigns ahead of a patch released by Microsoft this week.
Malware samples found trying to hack Windows from its Linux subsystem
therecord.media/malware-samples-found-trying-to-hack-windows-from-its-linux-subsystem/ Security researchers at Lumen’s Black Lotus Labs have found a series of malware samples that were configured to infect the Windows Subsystem for Linux and then pivot to its native Windows environment. Researchers claim the samples are the first of their kind, albeit security experts have theorized as far back as 2017 that such attacks would be possible at one point.
OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners
www.bleepingcomputer.com/news/security/omigod-microsoft-azure-vms-exploited-to-drop-mirai-miners/ Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month’s Patch Tuesday. The four security flaws (allowing privilege escalation and remote code execution) were found in the Open Management Infrastructure (OMI) software agent silently installed by Microsoft on more than half of all Azure instances.
Microsoft asks Azure Linux admins to manually patch OMIGOD bugs
www.bleepingcomputer.com/news/microsoft/microsoft-asks-azure-linux-admins-to-manually-patch-omigod-bugs/ Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities. The four security flaws (allowing remote code execution and privilege escalation) were found in the Open Management Infrastructure (OMI) software agent silently installed on more than half of Azure instances.
Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years
thehackernews.com/2021/09/malware-attack-on-aviation-sector.html A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.
Väärennettyjä rokotetodistuksia kaupitellaan viestisovellus Telegramissa suomalainen “todistus” 150:llä eurolla
yle.fi/uutiset/3-12101786 Viestisovellus Telegramiin on pesiytynyt väärennettyjen rokotetodistusten musta pörssi, ilmenee kansainvälisen tietoturvayhtiö Check Point Researchin tekemästä selvityksestä(siirryt toiseen palveluun). Selvityksen mukaan viestisovelluksessa kaupitellaan kaikkiaan 28:n maan koronarokotetodistuksia esittäviä väärennöksiä. Joukossa on monia EU-maita Suomi mukaan lukien. Suomen ja useimpien muidenkin EU-maiden väärennetyn rokotetodistuksen hinta on selvityksen mukaan 150 euroa.
Trial Ends in Guilty Verdict for DDoS-for-Hire Boss – downthem / ampnode
krebsonsecurity.com/2021/09/trial-ends-in-guilty-verdict-for-ddos-for-hire-boss/ A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.
Router protection for MikroTik users
www.kaspersky.com/blog/how-to-protect-mikrotik-from-meris-botnet/41972/ Recent large-scale DDoS attacks using a new botnet called Mris peaked at almost 22 million requests per second. According to Qrator research, MikroTik’s network devices generated a fair share of the botnet’s traffic. Having analyzed the situation, MikroTik experts found no new vulnerabilities in the company’s routers; however, old ones may still pose a threat. Therefore, to ensure your router has not joined the Mris botnet (or any other botnet, for that matter), you need to follow a few recommendations.
Jyväskylän ammattikorkeakoulun virtuaalisairaalassa harjoitellaan terveydenhuoltoalan toimijoiden kyberturvallisuusvalmiutta
www.epressi.com/tiedotteet/terveys/jyvaskylan-ammattikorkeakoulun-virtuaalisairaalassa-harjoitellaan-terveydenhuoltoalan-toimijoiden-kyberturvallisuusvalmiutta.html Terveydenhuollon työn luonne tekee alasta äärimmäisen herkän palveluiden häiriöille. Sairaalan tietojärjestelmiin tai tietoliikenneverkkoon kohdistuneen hyökkäyksen vuoksi toimenpiteet voivat viivästyä tai pysähtyä vaikuttaen haitallisesti potilasturvallisuuteen. Terveydenhuollon kansallisia toimijoita ja sairaanhoitopiirejä kokoontuu 21. – 23.9. Jyväskylän ammattikorkeakouluun harjoittelemaan ja kehittämään kyberturvallisuusvalmiuttaan Healthcare Cyber Range -hankkeen pilottiharjoitukseen.
Fake Walmart press release causes cryptocurrency price surge
www.bitdefender.com/blog/hotforsecurity/fake-walmart-press-release-causes-cryptocurrency-price-surge/ The cryptocurrency Litecoin soared in value earlier this week upon the news that supermarket giant Walmart would accept it as a form of payment at its retail stores across America. The only problem was… it simply wasn’t true.
Telegram emerges as new dark web for cyber criminals
arstechnica.com/information-technology/2021/09/telegram-emerges-as-new-dark-web-for-cyber-criminals/ Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web.
Exploitation of the CVE-2021-40444 vulnerability in MSHTML
securelist.com/exploitation-of-the-cve-2021-40444-vulnerability-in-mshtml/104218/ Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers create a document with a specially-crafted object. If a user opens the document, MS Office will download and execute a malicious script. According to our data, the same attacks are still happening all over the world. We are currently seeing attempts to exploit the CVE-2021-40444 vulnerability targeting companies in the research and development sector, the energy sector and large industrial sectors, banking and medical technology development sectors, as well as telecommunications and the IT sector.