Cyberattack against UK Ministry of Defence training academy revealed
www.zdnet.com/article/ex-officer-reveals-cyberattack-against-uk-ministry-of-defence-training-academy/ A retired military officer has disclosed a cyberattack that struck the UK Ministry of Defence (MoD) academy and had a “significant” impact on the organization. Air Marshal Edward Stringer, an officer in charge at the time, told Sky News that the cyberattack was discovered in March 2021. According to the retired officer, “unusual activity” was detected by IT outsourcer Serco but originally it was thought that this may have been due to some form of IT error rather than something malicious. The Defence Academy of the United Kingdom was the target. The organization is responsible for teaching and training thousands of military personnel, MoD employees, wider government figures, and overseas students. Courses on offer relate to topics including security, strategy, languages, and information warfare. While full attribution is not available as to whom was responsible, the publication reports that China or Russia was “possibly” involved.
Apple Home software bug could lock you out of your iPhone
nakedsecurity.sophos.com/2022/01/04/apple-home-software-bug-could-lock-you-out-of-your-iphone/ A security research called Trevor Spiniolas has just published information about a bug he claims has existed in Apple’s iOS operating system since at least version 14.7. The bug affects the Home app, Apple’s home automation software that lets you control home devices webcams, doorbells, thermostats, light bulbs, and so on that support Apple’s HomeKit ecosystem. Spiniolas has dubbed the bug doorLock, giving it both a logo and a dedicated web page, claiming that although he disclosed it to Apple back in August 2021, the company’s attempts to patch it so far have been incomplete, and his specified deadline of 01 January 2022 for “going live” with details of the flaw has now passed.
Log4j flaw attack levels remain high, Microsoft warns
www.zdnet.com/article/log4j-flaw-attacks-are-causing-lots-of-problems-microsoft-warns/ Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j ‘Log4Shell’ flaw through December. Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services. Microsoft warns that customers might not be aware of how widespread the Log4j issue is in their environment. Over the past month, Microsoft has released numerous updates, including to its Defender security software, to help customers identify the issue as attackers stepped up scanning activity.
FTC warns companies to secure consumer data from Log4J attacks
www.bleepingcomputer.com/news/security/ftc-warns-companies-to-secure-consumer-data-from-log4j-attacks/ The US Federal Trade Commission (FTC) has warned today that it will go after any US company that fails to protect its customers’ data against ongoing Log4J attacks. “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future, ” the US government agency said. “The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. “It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.”
Purple Fox rootkit now bundled with Telegram installer
blog.malwarebytes.com/trojans/2022/01/purple-fox-rootkit-now-bundled-with-telegram-installer/ The Purple Fox rootkit is being spread as an installer for the popular Telegram instant messaging app for Windows, according to researchers. It’s not clear how the installer in this case was distributed, although it seems like at least some were delivered via email. Common distribution methods for this type of installer are phishing campaigns, forum spam, YouTube posts and comments, as well as untrustworthy software download sites. We’ve also seen the same malicious downloader in a combination with a WhatsApp for Windows installer. But what makes the newly found Telegram installer special is the fact that the malicious part of the install is done separately in several small files. This makes the malware harder to detect and makes it easier for the malware authors to replace parts that have a high detection rate. It starts with an installer called “Telegram Desktop.exe” which is an AutoIT script that drops a legitimate Telegram installer and a malicious downloader called “TextInputh.exe”. The legitimate Telegram installer is not executed, but the malicious downloader is immediately used as a downloader for the next stage of the attack. It downloads and executes more files, which get deleted after they have done their work. Then User Account Control (UAC) is disabled, specific antivirus initiations are blocked, and information about security tools on the affected system are gathered and sent to a hardcoded command and control (C2) address. The malware checks specifically for the presence of 360 AV software and will shut it down and block initiation. The final stage of the infection requires a reboot for the new registry settings to take effect, including the disabled UAC. The disabled UAC setting allows the malware to download and deploy the Purple Fox rootkit.
Have I Been Pwned warns of DatPiff data breach impacting millions
www.bleepingcomputer.com/news/security/have-i-been-pwned-warns-of-datpiff-data-breach-impacting-millions/ The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service. DatPiff is a popular mixtape hosting service used by over 15 million users, allowing unregistered users to download or upload samples for free.
Over 20 years of employee data leaked during McMenamins ransomware attack
www.zdnet.com/article/ransomware-attack-on-mcmenamins-leads-to-breach/ Oregon-based venue operator McMenamins said employee data was accessed during a ransomware attack that occurred on December 12. In a statement, the company explained that even though they managed to “block” the attack, employee information dating back to 1998 was compromised. The employee files included standard information (name, address, phone number, date of birth, race, disability status, and more) as well as sensitive information (Social Security numbers, bank account information, health insurance plans, income amount, and disciplinary notes).
Google acquires Israeli cybersecurity company Siemplify for $500 million
www.zdnet.com/article/google-acquires-israeli-cybersecurity-company-siemplify-for-500-million/ Google announced on Tuesday that it is acquiring Israeli cybersecurity startup Siemplify for a reported $500 million. Google Cloud Security vice president Sunil Potti said Siemplify is a leader in the security orchestration, automation and response (SOAR) field. Their platform will be integrated into Google Cloud’s security team “to help companies better manage their threat response
Cyberattack against UK Ministry of Defence training academy revealed
www.zdnet.com/article/ex-officer-reveals-cyberattack-against-uk-ministry-of-defence-training-academy/ A retired military officer has disclosed a cyberattack that struck the UK Ministry of Defence (MoD) academy and had a “significant” impact on the organization. Air Marshal Edward Stringer, an officer in charge at the time, told Sky News that the cyberattack was discovered in March 2021. According to the retired officer, “unusual activity” was detected by IT outsourcer Serco but originally it was thought that this may have been due to some form of IT error rather than something malicious. The Defence Academy of the United Kingdom was the target. The organization is responsible for teaching and training thousands of military personnel, MoD employees, wider government figures, and overseas students. Courses on offer relate to topics including security, strategy, languages, and information warfare. While full attribution is not available as to whom was responsible, the publication reports that China or Russia was “possibly” involved.
Apple Home software bug could lock you out of your iPhone
nakedsecurity.sophos.com/2022/01/04/apple-home-software-bug-could-lock-you-out-of-your-iphone/ A security research called Trevor Spiniolas has just published information about a bug he claims has existed in Apple’s iOS operating system since at least version 14.7. The bug affects the Home app, Apple’s home automation software that lets you control home devices webcams, doorbells, thermostats, light bulbs, and so on that support Apple’s HomeKit ecosystem. Spiniolas has dubbed the bug doorLock, giving it both a logo and a dedicated web page, claiming that although he disclosed it to Apple back in August 2021, the company’s attempts to patch it so far have been incomplete, and his specified deadline of 01 January 2022 for “going live” with details of the flaw has now passed.
Log4j flaw attack levels remain high, Microsoft warns
www.zdnet.com/article/log4j-flaw-attacks-are-causing-lots-of-problems-microsoft-warns/ Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j ‘Log4Shell’ flaw through December. Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services. Microsoft warns that customers might not be aware of how widespread the Log4j issue is in their environment. Over the past month, Microsoft has released numerous updates, including to its Defender security software, to help customers identify the issue as attackers stepped up scanning activity.
FTC warns companies to secure consumer data from Log4J attacks
www.bleepingcomputer.com/news/security/ftc-warns-companies-to-secure-consumer-data-from-log4j-attacks/ The US Federal Trade Commission (FTC) has warned today that it will go after any US company that fails to protect its customers’ data against ongoing Log4J attacks. “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future, ” the US government agency said. “The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. “It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.”
Purple Fox rootkit now bundled with Telegram installer
blog.malwarebytes.com/trojans/2022/01/purple-fox-rootkit-now-bundled-with-telegram-installer/ The Purple Fox rootkit is being spread as an installer for the popular Telegram instant messaging app for Windows, according to researchers. It’s not clear how the installer in this case was distributed, although it seems like at least some were delivered via email. Common distribution methods for this type of installer are phishing campaigns, forum spam, YouTube posts and comments, as well as untrustworthy software download sites. We’ve also seen the same malicious downloader in a combination with a WhatsApp for Windows installer. But what makes the newly found Telegram installer special is the fact that the malicious part of the install is done separately in several small files. This makes the malware harder to detect and makes it easier for the malware authors to replace parts that have a high detection rate. It starts with an installer called “Telegram Desktop.exe” which is an AutoIT script that drops a legitimate Telegram installer and a malicious downloader called “TextInputh.exe”. The legitimate Telegram installer is not executed, but the malicious downloader is immediately used as a downloader for the next stage of the attack. It downloads and executes more files, which get deleted after they have done their work. Then User Account Control (UAC) is disabled, specific antivirus initiations are blocked, and information about security tools on the affected system are gathered and sent to a hardcoded command and control (C2) address. The malware checks specifically for the presence of 360 AV software and will shut it down and block initiation. The final stage of the infection requires a reboot for the new registry settings to take effect, including the disabled UAC. The disabled UAC setting allows the malware to download and deploy the Purple Fox rootkit.
Have I Been Pwned warns of DatPiff data breach impacting millions
www.bleepingcomputer.com/news/security/have-i-been-pwned-warns-of-datpiff-data-breach-impacting-millions/ The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service. DatPiff is a popular mixtape hosting service used by over 15 million users, allowing unregistered users to download or upload samples for free.
Over 20 years of employee data leaked during McMenamins ransomware attack
www.zdnet.com/article/ransomware-attack-on-mcmenamins-leads-to-breach/ Oregon-based venue operator McMenamins said employee data was accessed during a ransomware attack that occurred on December 12. In a statement, the company explained that even though they managed to “block” the attack, employee information dating back to 1998 was compromised. The employee files included standard information (name, address, phone number, date of birth, race, disability status, and more) as well as sensitive information (Social Security numbers, bank account information, health insurance plans, income amount, and disciplinary notes).
Google acquires Israeli cybersecurity company Siemplify for $500 million
www.zdnet.com/article/google-acquires-israeli-cybersecurity-company-siemplify-for-500-million/ Google announced on Tuesday that it is acquiring Israeli cybersecurity startup Siemplify for a reported $500 million. Google Cloud Security vice president Sunil Potti said Siemplify is a leader in the security orchestration, automation and response (SOAR) field. Their platform will be integrated into Google Cloud’s security team “to help companies better manage their threat response
