Cyber security news January 2022

This posting is here to collect cyber security news in January 2022.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

439 Comments

  1. Tomi Engdahl says:

    Android users can now disable 2G to block Stingray attacks
    https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/

    Reply
  2. Tomi Engdahl says:

    Scammers put fake QR codes on parking meters to intercept parkers’ payments
    Fraudulent QR codes on parking meters found in Houston, Austin, and San Antonio.
    https://arstechnica.com/tech-policy/2022/01/scammers-put-fake-qr-codes-on-parking-meters-to-intercept-parkers-payments/

    Reply
  3. Tomi Engdahl says:

    Hackers are breaking into Amazon cloud accounts to mine cryptocurrency, leaving the owners stuck with huge bills for computing power
    https://www.businessinsider.com/aws-crypto-mining-hacks-amazon-cloud-customers-huge-bills-fees-2022-1

    Chris Chin, a Seattle entrepreneur who creates mobile apps for local publishers, woke up on New Year’s Day to an alarming alert from his Amazon Web Services account. It said he owed more than $53,000 for a month’s worth of hosting, a far cry from his typical $100 to $150 bill.
    “I was just shocked and started freaking out,” Chin said in an interview with Insider.

    Reply
  4. Tomi Engdahl says:

    https://www.techspot.com/news/92971-teen-hacker-gains-remote-control-over-20-teslas.html

    Reply
  5. Tomi Engdahl says:

    Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
    https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside

    Reply
  6. Tomi Engdahl says:

    Hackers are now dropping malware into SSD drives through firmware updates
    https://cybernews.com/security/hackers-are-now-dropping-malware-into-ssd-drives-through-firmware-updates/

    Reply
  7. Tomi Engdahl says:

    Ransomware: Hackers are using Log4j flaw as part of their attacks, warns Microsoft
    A new China-based “double extortion” ransomware group has started exploiting the Log4Shell bug in VMware server products.
    https://www.zdnet.com/article/ransomware-warning-hackers-are-using-log4j-flaw-as-part-of-their-attacks-warns-microsoft/

    Reply
  8. Tomi Engdahl says:

    Developer nukes his extensively used JS libraries to protest corporate use without compensation
    Thousands of applications ceased working because of the corrupted packages
    https://www.techspot.com/news/92932-developer-nukes-extensively-used-js-libraries-protest-corporate.html

    Reply
  9. Tomi Engdahl says:

    This Reporter Used The ‘View Source’ Button On A Website, He Is Now Facing A Criminal Investigation For It
    https://wonderfulengineering.com/this-reporter-used-the-view-source-button-on-a-website-he-is-now-on-trial-for-it/

    Reply
  10. Tomi Engdahl says:

    https://appleinsider.com/articles/22/01/15/multi-platform-backdoor-discovered-targeting-macos-windows-linux

    Reply
  11. Tomi Engdahl says:

    https://pentestmag.com/ettercap-tutorial-for-windows/

    Reply
  12. Tomi Engdahl says:

    Walk-Through Metal Detectors Can Be Hacked, New Research Finds
    Garrett metal detectors, which are used in schools and government buildings, have security vulnerabilities that can be remotely exploited.
    https://gizmodo.com/walk-through-metal-detectors-can-be-hacked-new-researc-1848255555

    Reply
  13. Tomi Engdahl says:

    Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft
    https://threatpost.com/windows-bug-rdp-exploit-unprivileged-users/177599/

    Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.

    Reply
  14. Tomi Engdahl says:

    https://threatpost.com/plugins-vulnerability-84k-wordpress-sites/177654/

    On Nov. 5, 2021, the Wordfence Threat Intelligence team started a process to disclose a vulnerability researchers had found in “Login/Signup Popup,” a WordPress plug-in installed on more than 20,000 sites, Wordfence’s Chloe Chamberland wrote in a post published online Thursday.

    However, a few days later they discovered that the flaw was present in two other plug-ins by the same developer, who goes by the online name of XootiX. They are “Side Cart Woocommerce (Ajax),” which has been installed on more than 60,000 sites, and “Waitlist Woocommerce (Back in stock notifier),” which has been installed on more than 4,000.

    Reply
  15. Tomi Engdahl says:

    Ukraina saa apua kyberhyökkäyksen torjumiseen Natolta
    https://yle.fi/uutiset/3-12270497
    Yhdysvallat ja sen liittolaiset aikovat antaa kaiken avun Ukrainalle kyberhyökkäyksestä toipumiseksi tutkimusten edetessä, kertoi Valkoinen talo perjantaina. Valkoisen talon tiedotuksen mukaan Yhdysvallat “antaa kaiken tarpeellisen tuen hyökkäyksestä toipumisessa”.
    Yhdysvaltojen presidentti Joe Biden on saanut tiedot tapahtuneesta..
    Sotilasliitto Naton pääsihteeri Jens Stoltenberg kertoi aiemmin perjantaina, että sotilasliitto syventää kyberyhteistyötään kumppaninsa Ukrainan kanssa.. Also:
    https://www.bleepingcomputer.com/news/security/multiple-ukrainian-government-websites-hacked-and-defaced/.
    https://therecord.media/hackers-deface-ukrainian-government-websites/.
    https://threatpost.com/be-afraid-massive-cyberattack-downs-ukrainian-govt-sites/177659/.
    https://www.zdnet.com/article/a-massive-hacking-attack-has-hit-government-websites-in-ukraine/.
    Myös: https://www.is.fi/digitoday/tietoturva/art-2000008539389.html.
    https://www.kauppalehti.fi/uutiset/ukraina-joutui-valtavan-kyberhyokkayksen-kohteeksi-kaikki-tieto-teista-on-nyt-julkista/8335be80-edac-499e-a445-e0d2723d5c3f

    Reply
  16. Tomi Engdahl says:

    Ransomware cyberattack forces New Mexico jail to lock down https://blog.malwarebytes.com/ransomware/2022/01/ransomware-cyberattack-forces-new-mexico-jail-to-lock-down/
    Five days after the new year, the Metropolitan Detention Center (MDC) in Bernalillo County, New Mexico suddenly went on lockdown. The reason? A ransomware cyberattack has knocked the jails internet connection offline, rendering most of their data systems, security cameras, and automatic doors unusable. Prisoners were confined in their cells while MDC technicians struggled to get everything back up and running again.

    Reply
  17. Tomi Engdahl says:

    REvil ransomware crew allegedly busted in Russia, says FSB https://nakedsecurity.sophos.com/2022/01/14/revil-ransomware-crew-allegedly-busted-in-russia-says-fsb/
    According to the FSB, Russias Federal Security Bureau (), the ransomware gang known in both Russian and English by the nickname REvil has been taken down. The FSB report explicitly mentions that the investigation and the raid were initiated by a request received from US law enforcement, which had apparently identified the REvil ringleader and provided evidence of the gangs involvement in criminal extortion against US victims.. Also:
    https://www.bleepingcomputer.com/news/security/russian-government-arrests-revil-ransomware-gang-members/.
    https://therecord.media/fsb-raids-revil-ransomware-gang-members/.
    https://threatpost.com/russian-security-revil-ransomware/177660/.
    https://www.zdnet.com/article/russian-authorities-take-down-revil-ransomware-gang/.
    https://arstechnica.com/information-technology/2022/01/russia-says-it-has-neutralized-the-cutthroat-revil-ransomware-gang/

    Reply
  18. Tomi Engdahl says:

    White House reminds tech giants open source is a national security issue https://www.bleepingcomputer.com/news/security/white-house-reminds-tech-giants-open-source-is-a-national-security-issue/
    The White House wants government and private sector organizations to rally their efforts and resources to secure open-source software and its supply chain after the Log4J vulnerabilities exposed critical infrastructure to threat actors’ attacks. Discussions on this topic took place during the Open Source Software Security Summit convened by the Biden administration on Thursday.

    Reply
  19. Tomi Engdahl says:

    Three Plugins with Same Bug Put 84K WordPress Sites at Risk https://threatpost.com/plugins-vulnerability-84k-wordpress-sites/177654/
    Researchers have discovered three WordPress plug-ins with the same vulnerability that allows an attacker to update arbitrary site options on a vulnerable site and completely take it over. Exploiting the flaw does require some action from the site administrator, however. On Nov.
    5, 2021, the Wordfence Threat Intelligence team started a process to disclose a vulnerability researchers had found in Login/Signup Popup, a WordPress plug-in installed on more than 20,000 sites, Wordfences Chloe Chamberland wrote in a post published online Thursday.

    Reply
  20. Tomi Engdahl says:

    Defense contractor Hensoldt confirms Lorenz ransomware attack https://www.bleepingcomputer.com/news/security/defense-contractor-hensoldt-confirms-lorenz-ransomware-attack/
    Hensoldt, a multinational defense contractor headquartered in Germany, has confirmed that some of its UK subsidiary’s systems were compromised in a ransomware attack. The defense multinational develops sensor solutions for defense, aerospace, and security applications, is listed on the Frankfurt Stock Exchange, and had a turnover of 1.2 billion euros in 2020. It operates in the US under a special agreement that allows it to apply for classified and sensitive US government contracts.

    Reply
  21. Tomi Engdahl says:

    Analyzing an Old Bug and Discovering CVE-2021-30995
    https://www.trendmicro.com/en_us/research/22/a/analyzing-an-old-bug-and-discovering-cve-2021-30995-.html
    On April 26, 2021 Apple patched CVE-2021-1740, which was a vulnerable function inside the system daemon process cfprefsd (these types of processes usually run in the background and handle system tasks). The bug could have been exploited to read arbitrary files, write arbitrary files, and get root privilege escalation. It was addressed in Apples Security Update 2021-002 (Catalina) for a variety of Apple operating systems, including iOS and macOS. However, in early August 2021, Zhipeng Huo, Yuebin Sun, and Chuanda Ding (all from XuanwuLab) presented an exploitation demonstration for the vulnerability during the DEF CON 29 security conference.

    Reply
  22. Tomi Engdahl says:

    Dark web carding platform UniCC shuts up shop after making millions
    https://www.zdnet.com/article/dark-web-carding-platform-unicc-shuts-up-shop-after-making-millions/
    One of the largest carding platforms in the Dark Web, UniCC, has announced its “retirement” from the criminal industry. UniCC has been active since 2013. The platform specialized in what is known as
    ‘carding’: credit card fraud and the sale of stolen details which can then be used to make unauthorized transactions, to clone cards, and to potentially facilitate identity theft.. The retirement notice was posted in both Russian and English on a number of dark web forums.

    Reply
  23. Tomi Engdahl says:

    Polish army database leaked to internet, website reports
    https://www.thefirstnews.com/article/polish-army-database-leaked-to-internet-website-reports-27259
    A comprehensive list containing over 1.7 million items of equipment and supplies used or requested by the Polish armed forces has been leaked to the internet, the Onet.pl website has reported. Poland’s Ministry of National Defence commented on the matter on Friday. “The case is being analysed in details by our services,” the ministry said.

    Reply
  24. Tomi Engdahl says:

    Ukrainan mukaan Venäjä vaikuttaa olleen hallituksen sivujen hakkeroinnin takana
    https://yle.fi/uutiset/3-12272312
    Ukraina sanoo löytäneensä viitteitä siitä, että maan hallituksen sivustoihin perjantain vastaisena yönä kohdistunut kyberhyökkäys oli Venäjän valtion käsialaa. Tutkinta jatkuu, mutta Ukrainan turvallisuuspalvelut ovat löytäneet alustavia viitteitä siitä, että Venäjän salaisiin palveluihin liitetyt hakkeriryhmät olivat hallituksen sivuihin kohdistuneen massiivisen kyberhyökkäyksen takana, Ukrainan ulkoministeriön tiedottaja Oleg Nikolenko sanoi Twitterissä.

    Reply
  25. Tomi Engdahl says:

    At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates https://krebsonsecurity.com/2022/01/at-request-of-u-s-russia-rounds-up-14-revil-ransomware-affiliates/
    The Russian government said today it arrested 14 people accused of working for REvil, a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations.
    The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putins decision to station 100,000 troops along the nations border with Ukraine. Also:
    https://www.bleepingcomputer.com/news/security/russia-charges-8-suspected-revil-ransomware-gang-members/

    Reply
  26. Tomi Engdahl says:

    White House: Arrested Russian hacker was behind Colonial Pipeline attack
    https://therecord.media/biden-official-one-of-arrested-russian-hackers-carried-out-the-colonial-pipeline-attack/
    A senior Biden administration official on Friday said one of the Russian hackers arrested earlier in the day by that countrys security service is responsible for the ransomware attack that temporarily crippled the Colonial Pipeline last year. We understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring, the official told reporters during a conference call, referring to the arrests carried out by Russias Federal Security Service of members of the REvil ransomware gang.. Also:
    https://www.forbes.com/sites/zacharysmith/2022/01/14/russia-nabs-colonial-pipeline-hacker-in-raids-on-ransomware-ring-us-says/

    Reply
  27. Tomi Engdahl says:

    Qlocker ransomware returns to target QNAP NAS devices worldwide https://www.bleepingcomputer.com/news/security/qlocker-ransomware-returns-to-target-qnap-nas-devices-worldwide/
    Threat actors behind the Qlocker ransomware are once again targeting Internet-exposed QNAP Network Attached Storage (NAS) devices worldwide. Qlocker has previously targeted QNAP customers in a massive ransomware campaign that started during the week of April 19, moving victims’ files within password-protected 7-zip archives with the .7z extension after breaching their NAS devices.

    Reply
  28. Tomi Engdahl says:

    Goodwill discloses data breach on its ShopGoodwill platform https://www.bleepingcomputer.com/news/security/goodwill-discloses-data-breach-on-its-shopgoodwill-platform/
    American nonprofit Goodwill has disclosed a data breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform. ShopGoodwill’s Vice President Ryan Smith said in data breach notification letters sent to impacted individuals that some of their personal contact information was exposed due to a site vulnerability.

    Reply
  29. Tomi Engdahl says:

    Superglue: Orca Security Research Team Discovers AWS Glue Vulnerability https://orca.security/resources/blog/aws-glue-vulnerability/
    The cloud environment relies on a few core principles. One of them is the idea that each customer is isolated from other customers, and no data can be inadvertently accessed across accounts. As the Internet moves more and more to the cloud, the importance of cloud security becomes increasingly paramount. We, the Orca Security Research Team, discovered a critical security issue in the AWS Glue service that could allow an actor to create resources and access data of other AWS Glue customers. The exploit was a complex multi-step process and was ultimately possible due to an internal misconfiguration within AWS Glue.

    Reply
  30. Tomi Engdahl says:

    January 2022 Patch Tuesday: Multiple Critical Vulnerabilities and Microsoft Exchange Remote Code Execution https://www.crowdstrike.com/blog/patch-tuesday-analysis-january-2022/
    Kicking off the first Patch Tuesday of 2022, CrowdStrike continues to provide research and analysis regarding critically rated vulnerabilities and the subsequent patches offered by Microsoft. In this months updates we see the lions share of updates directed at Microsofts Windows and Extended Security Update (ESU) products, while other patches target lesser-known components of Microsofts operating system. What is noticeably missing this month is a patch for any in-the-wild exploited vulnerabilities, as there have been several in recent months.

    Reply
  31. Tomi Engdahl says:

    Linux malware sees 35% growth during 2021 https://www.bleepingcomputer.com/news/security/linux-malware-sees-35-percent-growth-during-2021/
    The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks. IoTs are typically under-powered “smart”
    devices running various Linux distributions and are limited to specific functionality. However, when their resources are combined into large groups, they can deliver massive DDoS attacks to even well-protected infrastructure.

    Reply
  32. Tomi Engdahl says:

    EXCLUSIVE Ukraine suspects group linked to Belarus intelligence over cyberattack https://www.reuters.com/world/europe/exclusive-ukraine-suspects-group-linked-belarus-intelligence-over-cyberattack-2022-01-15/
    KYIV, Jan 15 (Reuters) – Kyiv believes a hacker group linked to Belarusian intelligence carried out a cyberattack that hit Ukrainian government websites this week and used malware similar to that used by a group tied to Russian intelligence, a senior Ukrainian security official said. Serhiy Demedyuk, deputy secretary of the national security and defence council, told Reuters that Ukraine blamed Friday’s attack – which defaced government websites with threatening messages – on a group known as UNC1151 and that it was cover for more destructive actions behind the scenes.

    Reply
  33. Tomi Engdahl says:

    Destructive malware targeting Ukrainian organizations https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
    Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in Ukraine and surrounding region and encourages organizations to use the information in this post to proactively protect from any malicious activity.. Also:
    https://www.bleepingcomputer.com/news/security/microsoft-fake-ransomware-targets-ukraine-in-data-wiping-attacks/.
    https://thehackernews.com/2022/01/a-new-destructive-malware-targeting.html.
    https://therecord.media/microsoft-data-wiping-malware-disguised-as-ransomware-targets-ukraine-again/.
    https://www.wired.com/story/russia-ukraine-destructive-cyberattacks-ransomware-data-wiper/.
    Myös: https://www.is.fi/digitoday/art-2000008543579.html

    Reply
  34. Tomi Engdahl says:

    npm dependency is breaking some React apps today here’s the fix https://www.bleepingcomputer.com/news/security/npm-dependency-is-breaking-some-react-apps-today-heres-the-fix/
    Tons of users are reporting their Facebook Create React App builds are failing since yesterday. The cause has been traced down to a dependency used by create-react-app, the latest version of which is breaking developers’ apps. While a stable solution is yet to be identified, here’s a simple workaround developers can adopt.

    Reply
  35. Tomi Engdahl says:

    New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking https://thehackernews.com/2022/01/new-unpatched-apple-safari-browser-bug.html
    A software bug introduced in Apple Safari 15′s implementation of the IndexedDB API could be abused by a malicious website to track users’
    online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November 28, 2021.

    Reply
  36. Tomi Engdahl says:

    ‘Lock it down and piss people off’: How quick thinking stopped a ransomware attack from crippling a Florida hospital https://edition.cnn.com/2022/01/16/politics/florida-hospital-ransomware/index.html
    It was approaching midnight on Sunday and the head of IT at a Florida hospital had a problem. The emergency room of Jackson Hospital, a 100-bed facility on Florida’s panhandle, called to report that it couldn’t connect to the charting system that doctors use to look up patients’ medical histories. Jamie Hussey, Jackson Hospital’s IT director, soon realized that the charting software, which was maintained by an outside vendor, was infected with ransomware and that he didn’t have much time to keep the computer virus from spreading.

    Reply
  37. Tomi Engdahl says:

    Real Big Phish: Mobile Phishing & Managing User Fallibility https://threatpost.com/mobile-phishing-zero-trust-security/177594/
    According to a recent survey from Ivanti, nearly three-quarters (74
    percent) of IT professionals reported that their organizations have fallen victim to a phishing attack and 40 percent of those happened in the last month alone. Increasingly, mobile phishing is the culprit.
    Whats more, nearly half of these professionals cited a lack of the necessary IT talent as one of the core reasons for the increased risk of phishing attacks.

    Reply
  38. Tomi Engdahl says:

    Microsoft Uncovers Destructive Malware Used in Ukraine Cyberattacks
    https://www.securityweek.com/microsoft-uncovers-destructive-malware-used-ukraine-cyberattacks

    Newly detected WhisperGate malware being used by previously unknown threat group in cyberattacks against Ukraine

    Microsoft on Saturday warned of a new, destructive malware being used in cyberattacks against the Ukraine government.

    Described as a possible Master Boot Record (MBR) wiper, Microsoft says the malware is executed when an impacted device is powered down and disguises itself as ransomware—but lacks a ransom recovery mechanism and is intended to be destructive and brick targeted devices.

    The tech giant says the malware, which it refers to as “WhisperGate”, first appeared on victim systems in Ukraine on January 13, 2022 and targeted multiple organizations, all in the Ukraine.

    While Microsoft says it has not found any notable associations between the observed activity (which it tracks as DEV-0586) and other known threat groups, Ukraine said Sunday it had “evidence” that Russia was behind the attacks.

    Reply
  39. Tomi Engdahl says:

    Austrian Regulator Says Google Analytics Contravenes GDPR
    https://www.securityweek.com/austrian-regulator-says-google-analytics-contravenes-gdpr

    A new ruling from the Austrian Data Protection Authority (DPA) traps EU/U.S. data transfers between a rock and hard place. The rock is GDPR. The hard place is FISA. And the two are fundamentally incompatible.

    The purpose of GDPR is to protect the personal information of European citizens and residents. The purpose of FISA Section 702 (supported by EO 12333) is to ensure that U.S. intelligence agencies can collect data on foreign citizens for national security and cybersecurity purposes. GDPR is a consequence of the latter – a response to Edward Snowden’s revelations on the NSA’s global surveillance programs. Neither side will easily abandon its current position.

    The Schrems II ruling in 2020 annulled the Privacy Shield agreement between the US government and the EC. This had been used to ‘legalize’ data transfers between the two trade blocs. The primary reason for the annulment was FISA 702, a statute that authorizes the collection of communications content stored by U.S. service providers such as Google, Facebook and Microsoft. U.S. telecom providers can be compelled to assist.

    The Schrems II ruling effectively declares that so long as FISA 702 exists, EU personal data cannot be sent to the U.S. It does not rule out the use of standard contractual clauses to protect and legalize transfers, but insists that those clauses must solve the 702 issue. This is not possible.

    Facebook has been relying on a version of SCCs for its data transfers, and has had some support from the Irish Data Processing Controller (DPC) – but it is thought the Irish ruling will not survive complaints from other European regulators. The result of this is still awaited.

    Reply
  40. Tomi Engdahl says:

    Ukraine Hacks Add to Worries of Cyber Conflict With Russia
    https://www.securityweek.com/ukraine-hacks-add-worries-cyber-conflict-russia

    Hackers on Friday temporarily shut down dozens of Ukrainian government websites, causing no major damage but adding to simmering tensions while Russia amasses troops on the Ukrainian border. Separately, in a rare gesture to the U.S. at a time of chilly relations, Russia said it had arrested members of a major ransomware gang that targeted U.S. entities.

    The events, though seemingly unrelated, came during a frenetic period of activity as the U.S. publicly accused Moscow of preparing a further invasion of Ukraine and of creating a pretext to do so. They underscored how cybersecurity remains a pivotal concern — that the escalating animosity risks not only actual violence but also damaging digital attacks that could affect Ukraine or even the U.S.

    Ukraine Says Has ‘Evidence’ Russia Behind Cyberattack
    https://www.securityweek.com/ukraine-says-has-evidence-russia-behind-cyberattack

    Ukraine said Sunday it had evidence that Russia was behind a massive cyberattack that knocked out key government websites this past week, as Microsoft warned the hack could be far worse than first thought.

    Tensions are at an all-time high between Ukraine and Russia, which Kyiv accuses of having massed troops on its border ahead of a possible invasion. Some analysts fear the cyberattack could be the prelude to a military attack.

    On Friday, Washington also accused Russia of sending saboteurs trained in explosives to stage an incident that could be the pretext to invade its pro-Western neighbor.

    “All the evidence points to Russia being behind the cyberattack,” the Ukrainian digital transformation ministry said in a statement.

    “Moscow is continuing to wage a hybrid war.”

    Reply
  41. Tomi Engdahl says:

    Russian Court Remands Hackers in Custody
    https://www.securityweek.com/russian-court-remands-hackers-custody

    A Moscow court on Saturday remanded eight hackers in custody for two months as Russia cracks down on the REvil cybercrime group at Washington’s request.

    Eight members of the prominent hacking group REvil were ordered by Moscow’s Tverskoi district court to remain in custody until mid-March, the court said.

    They could face up to seven years in prison if convicted.

    Reply
  42. Tomi Engdahl says:

    Details Published on AWS Flaws Leading to Data Leaks
    https://www.securityweek.com/details-published-aws-flaws-leading-data-leaks

    Researchers at cloud security startup Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers’ data.

    The first of the security flaws is described as an XML External Entity (XXE) error that could have been exploited to leak sensitive files stored in the CloudFormation service, as well as to disclose credentials for internal AWS infrastructure services.

    CloudFormation is a service that helps users provision AWS resources using templates and to create and configure resources dynamically using API calls.

    The XXE vulnerability could have allowed attackers to read files and perform HTTP requests on behalf of a compromised CloudFormation server, according to an advisory from Orca Security.

    https://orca.security/resources/blog/aws-cloudformation-vulnerability/

    Reply
  43. Tomi Engdahl says:

    BSI ei löytänyt todisteita siitä, että Xiaomi sensuroi sisältöjä
    https://etn.fi/index.php/13-news/13037-bsi-ei-loeytaenyt-todisteita-siitae-ettae-xiaomi-sensuroi-sisaeltoejae

    Puhelinvalmistaja Xiaomi joutui syyskuussa melkoiseen myrskynsilmään, kun Liettuan puolustusministeriö väitti, että Xiaomin laitteet sensuroivat tiettyjä sisältöjä, jotka olisivat ikäviä Kiinan hallinnon kannalta. Väitteet ovat nyt osoittautuneet perättömiksi.

    Saksan turvallisuusviranomainen BSI (Bundesamt für Sicherheit in der Informationstechnik) raportoi eilen Xiaomin älypuhelimille Saksassa tekemäänsä auditointia. BSI toteaa raportissaan, etteivät he havainneet todisteita mistään jatkotoimenpiteitä vaativista poikkeuksesta. Auditoinnissa todetaan erikseen, ettei syytösten mukaisia tuloksia löydetty.

    Reply
  44. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    Researchers detail SysJoker, backdoor malware targeting Windows, macOS, and Linux, that remained undetected by virtually all malware scanning engines
    Backdoor RAT for Windows, macOS, and Linux went undetected until now
    Never-before-seen, cross-platform SysJoker came from an “advanced threat actor.”
    https://arstechnica.com/information-technology/2022/01/backdoor-for-windows-macos-and-linux-went-undetected-until-now/

    Reply
  45. Tomi Engdahl says:

    FingerprintJS Blog:
    A flaw in Safari 15′s IndexedDB API can leak browser activity and user identifiers, like Google ID, to other sites; Apple was alerted of the flaw on November 28

    Exploiting IndexedDB API information leaks in Safari 15
    https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/

    Reply
  46. Tomi Engdahl says:

    Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps
    https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
    Users of popular open-source libraries ‘colors’ and ‘faker’ were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.
    Some surmised if the NPM libraries had been compromised, but it turns out there’s much more to the story.
    The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on ‘colors’ and ‘faker.’
    The colors library receives over 20 million weekly downloads on npm alone and has almost 19,000 projects relying on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.
    Initially, users suspected that the libraries ‘colors’ and ‘faker’ used by these projects were compromised [1, 2, 3], similar to how coa, rc, and ua-parser-js libraries were hijacked last year by malicious actors.
    But, in fact, it was the dev behind these two packages who appears to have intentionally committed the code responsible for the major blunder, as seen by BleepingComputer.

    Reply
  47. Tomi Engdahl says:

    Amazon scams are up 500% — how to spot the red flags
    https://lm.facebook.com/l.php?u=https%3A%2F%2Fnypost.com%2F2022%2F01%2F16%2Famazon-scams-are-up-500-how-to-spot-the-red-flags%2F&h=AT1kzGtHOKfUiC7Fo8akdWW4wm9fbaZLpodrnDXzXR9HDjI1LZ4uW6jDdeGFzbTnwlgp0qCptqYwd4O4Uw8MiQGP5rCDObUT6gjn54thOH89AzwfJOBkYMbZFQJTn5_cSa3rtzK_zkR6OFkirg

    Amazon scam emails that could cost you thousands have skyrocketed by 500 percent since last year – so how can you look out for them?

    The latest scheme involves an official-looking email from ‘Amazon’ being sent out to customers of fake receipts or shipping confirmations for an order that you never placed.

    A similar trick notifies users there is a ‘problem’ with your Amazon account or payment method – again tricking victims into resubmitting their personal information to try and fix the issue.

    According to a warning by the Federal Trade Commission (FTC), reports of Amazon scams have increased by a huge 500 per cent since June 2020,

    Reply
  48. Tomi Engdahl says:

    https://apnews.com/article/technology-business-europe-russia-ukraine-404c5e751709fba66b31fd512f734d80

    Reply
  49. Tomi Engdahl says:

    https://thehackernews.com/2022/01/hackers-use-cloud-services-to.html

    Reply
  50. Tomi Engdahl says:

    What We Know and Dont Know about the Cyberattacks Against Ukraine https://zetter.substack.com/p/what-we-know-and-dont-know-about
    Last week dozens of government agencies in Ukraine were targeted in a web site defacement campaign in which hackers replaced their main web page with a politically charged message. Although the message asserted that the hackers had also stolen data from the agencies, the government was quick to announce that data had not been stolen. Over the weekend, however, Microsoft announced that it detected destructive wiper malware on the systems of dozens of government entities in Ukraine including some whose web sites were defaced.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*