Comments on: Cyber security news November 2021

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 Dec 2021 09:57:09 +0000

Rights groups petition Israel’s top court over Omicron phone tracking
https://www.reuters.com/world/middle-east/rights-groups-petition-israels-top-court-over-omicron-phone-tracking-2021-11-29/
Rights groups petitioned Israel’s top court on Monday to repeal new
COVID-19 measures that authorise the country’s domestic intelligence service to use counter-terrorism phone tracking technology to contain the spread of the Omicron virus variant. Announcing the emergency measures on Saturday, Prime Minister Naftali Bennett said the phone tracking would be used to locate carriers of the new and potentially more contagious variant in order to curb its transmission to others.

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 Dec 2021 09:56:18 +0000

AT&T takes action against DDoS botnet that hijacked VoIP servers
https://therecord.media/att-takes-action-against-ddos-botnet-that-hijacked-voip-servers/
AT&T is investigating and has taken steps to mitigate a botnet that infected more than 5, 700 VoIP servers located inside its network, a spokesperson has told The Record earlier today. All the infected devices were EdgeMarc Enterprise Session Border Controllers, a type of Voice-over-IP server designed to balance and reroute internet telephony traffic from smaller enterprise customers to upstream mobile providers. According to Netlab, a network security division of Chinese tech giant Qihoo 360, a threat actor used an old exploit
(CVE-2017-6079) to hack into unpatched EdgeMarc servers and install a modular malware strain named EwDoor.

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 Dec 2021 09:56:01 +0000

DNA testing firm discloses data breach affecting 2.1 million people
https://www.bleepingcomputer.com/news/security/dna-testing-firm-discloses-data-breach-affecting-21-million-people/
DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2102436 persons.

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 Dec 2021 09:55:42 +0000

Hackers all over the world are targeting Tasmania’s emergency services https://blog.malwarebytes.com/hacking-2/2021/11/hack-tasmania/
Emergency servicesunder which the police, fire, and emergency medical services departments fallis an infrastructure vital to any country or state. But when those services come under threat from either physical or cyber entities, it’s as good as putting the lives of citizens at risk as well.

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 Dec 2021 09:54:01 +0000

8-year-old HP printer vulnerability affects 150 printer models
https://www.bleepingcomputer.com/news/security/8-year-old-hp-printer-vulnerability-affects-150-printer-models/
Researchers have discovered several vulnerabilities affecting at least
150 multi-function (print, scan, fax) printers made by Hewlett Packard. Since the flaws discovered by F-Secure security researchers Alexander Bolshev and Timo Hirvonen date back to at least 2013, they’ve likely exposed a large number of users to cyberattacks for a notable amount of time. HP has released fixes for the vulnerabilities in the form of firmware updates for two of the most critical flaws on November 1 Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard.
Since the flaws discovered by F-Secure security researchers Alexander Bolshev and Timo Hirvonen date back to at least 2013, they’ve likely exposed a large number of users to cyberattacks for a notable amount of time.
HP has released fixes for the vulnerabilities in the form of firmware updates for two of the most critical flaws on November 1, 2021., 2021.
These are CVE-2021-39237 and CVE-2021-39238. For a complete list of the affected products, click on the tracking numbers for the corresponding advisories.
The first one concerns two exposed physical ports that grant full access to the device. Exploiting it requires physical access and could lead to potential information disclosure.
The second one is a buffer overflow vulnerability on the font parser, which is a lot more severe, having a CVSS score of 9.3. Exploiting it gives threat actors a way to remote code execution.
CVE-2021-39238 is also “wormable,” meaning a threat actor could quickly spread from a single printer to an entire network.
As such, organizations must upgrade their printer firmware as soon as possible to avoid large-scale infections that start from this often ignored point of entry.

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 Dec 2021 09:52:06 +0000

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 Dec 2021 09:49:36 +0000

Telegram channel admins who sold fake vaccine cards arrested
https://www.bleepingcomputer.com/news/legal/telegram-channel-admins-who-sold-fake-vaccine-cards-arrested/
The Italian financial crime agency (Guardia di Finanza GdF) has announced the arrest of several individuals suspected of managing Telegram channels to promote fake vaccine certificates, aka ‘Green Passes.’. The operation was supported by evidence collected by investigators at Group-IB’s high-tech crime unit, who managed to unmask the criminals despite measures to keep their identities hidden.

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 Dec 2021 09:49:01 +0000

Zoom finally adds automatic updates to Windows, macOS clients
https://www.bleepingcomputer.com/news/security/zoom-finally-adds-automatic-updates-to-windows-macos-clients/
Zoom has announced today the launch of an automatic update feature designed to streamline the update process for desktop clients. The new feature is currently available only for desktop Zoom clients on Windows and macOS, with the Linux platform not currently supported.
Zoom says that mobile device users can also keep their apps automatically updated through their respective app stores’ built-in automated updaters.

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 Dec 2021 09:48:24 +0000

Dark web market Cannazon shuts down after massive DDoS attack
https://www.bleepingcomputer.com/news/security/dark-web-market-cannazon-shuts-down-after-massive-ddos-attack/
Cannazon, one of the largest dark web marketplaces for buying marijuana products, shut down last week after suffering a debilitating distributed denial of service attack. As the admins explained in a message signed with the market’s PGP key, they are officially retiring and claim not to be pulling an exit scam on their vendors. The admins posted that message on November 23, 2021, and today, Cannazon went offline, allegedly forever.

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 Dec 2021 09:48:09 +0000

Hackers plant card-stealing malware on website that sells baron and duke titles
https://therecord.media/hackers-plant-card-stealing-malware-on-website-that-sells-baron-and-duke-titles/
A threat actor has hacked the website of the Principality of Sealand, a micronation in the North Sea, and planted malicious code on its web store, which the government is using to sell baron, count, duke, and other nobility titles. Called a “web skimmer”, the malicious code allowed the hackers to collect user and payment card details for anyone who purchased products, such as nobility titles, from the country’s online store.