This posting is here to collect cyber security news in September 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in September 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
414 Comments
Tomi Engdahl says:
VoIP company battles massive ransom DDoS attack https://www.zdnet.com/article/voip-company-battles-massive-ransom-ddos-attack/
VoIP company battles massive ransom DDoS attack. katso myös https://www.is.fi/digitoday/art-2000008284709.html
Tomi Engdahl says:
FamousSparrow: A suspicious hotel guest
https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/
ESET researchers have uncovered a new cyberespionage group targeting hotels, governments, and private companies worldwide. We have named this group FamousSparrow and we believe it has been active since at least 2019.. The group has been active since at least August 2019 and it mainly targets hotels worldwide. In addition, we have seen a few targets in other sectors such as governments, international organizations, engineering companies and law firms
Tomi Engdahl says:
How Outlook autodiscover could leak your passwords and how to stop it https://nakedsecurity.sophos.com/2021/09/23/how-outlook-autodiscover-could-leak-your-passwords-and-how-to-stop-it/
Tomi Engdahl says:
Hackers are scanning for VMware CVE-2021-22005 targets, patch now!
https://www.bleepingcomputer.com/news/security/hackers-are-scanning-for-vmware-cve-2021-22005-targets-patch-now/
Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution.
Tomi Engdahl says:
Apple fixes another zero-day used to deploy NSO iPhone spyware https://www.bleepingcomputer.com/news/apple/apple-fixes-another-zero-day-used-to-deploy-nso-iphone-spyware/
Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.
Tomi Engdahl says:
Törkeä huijaus Iltalehden nimissä valeuutinen lupaa tuhansien eurojen voittoja
https://www.iltalehti.fi/digiuutiset/a/775335c7-679c-4e6a-933c-be7785e840c6
Verkkorikolliset ovat luoneet sivuston, joka jäljittelee Iltalehden aitoa sivustoa.
Tomi Engdahl says:
100M IoT Devices Exposed By Zero-Day Bug https://threatpost.com/100m-iot-devices-zero-day-bug/174963/
A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.. see also https://www2.guardara.com/2021/09/23/guardara-uncovers-key-zero-day-vulnerability-in-popular-iot-message-broker-software/
Tomi Engdahl says:
Bitcoin.org Website Inaccessible After Being Hacked by Apparent Giveaway Scam https://www.coindesk.com/tech/2021/09/23/bitcoinorg-appears-hacked-by-giveaway-scam/
The site could not be opened as of 05:44 UTC Thursday, after falling victim earlier in the day to an attack claiming it would double funds sent to it.
Tomi Engdahl says:
Google finds adware strain abusing novel file signature evasion technique https://therecord.media/google-finds-adware-strain-abusing-novel-file-signature-evasion-technique/
One of Googles security teams said it found a malware strain abusing a new technique to evade detection from security products by cleverly modifying the digital signature of its payloads.
Tomi Engdahl says:
REVil ransomware devs added a backdoor to cheat affiliates https://www.bleepingcomputer.com/news/security/revil-ransomware-devs-added-a-backdoor-to-cheat-affiliates/
Cybercriminals are slowly realizing that the REvil ransomware operators may have been hijacking ransom negotiations, to cut affiliates out of payments.
Tomi Engdahl says:
Researchers Find Malware Hiding in Windows Subsystem for Linux https://www.tomshardware.com/news/researchers-find-windows-subsystem-linux-malware
Black Lotus Labs revealed on Thursday that it’s discovered new malware that uses the Windows Subsystem for Linux (WSL) to avoid being detected by security tools.
Tomi Engdahl says:
https://www.securityweek.com/apple-deprecates-outdated-tls-protocols-ios-macos
Tomi Engdahl says:
Apple Confirms New Zero-Day Attacks on Older iPhones
https://www.securityweek.com/apple-confirms-new-zero-day-attacks-older-iphones
Apple on Thursday confirmed a new zero-day exploit hitting older iPhones and warned that the security vulnerability also affects the macOS Catalina platform.
This is the 16th documented in-the-wild zero-day exploitation of security defects in Apple’s iOS and macOS platforms so far this year.
“Apple is aware of reports that an exploit for this issue exists in the wild,” the company said without elaborating. No other details of IOCs (indicators of compromise) were provided.
The Cupertino, Calif. software giant credited researchers at Google with intercepting the new zero-day exploit, which affects a list of older iPhones and iPads running the out-of-support iOS 13 devices like the iPad Air, the iPad mini, iPhone 5s, iPhone 6, and iPhone 6 Plus.
Tomi Engdahl says:
Bluetooth Vulnerability: Arbitrary Code Execution On The ESP32, Among Others
https://hackaday.com/2021/09/23/bluetooth-vulnerability-arbitrary-code-execution-on-the-esp32-among-others/
Bluetooth has become widely popular since its introduction in 1999. However, it’s also had its fair share of security problems over the years. Just recently, a research group from the Singapore University of Technology and Design found a serious vulnerability in a large variety of Bluetooth devices. Having now been disclosed, it is known as the BrakTooth vulnerability.
Full details are not yet available; the research team is waiting until October to publicly release proof-of-concept code in order to give time for companies to patch their devices. The basic idea however, is in the name. “Brak” is the Norweigan word for “crash,” with “tooth” referring to Bluetooth itself. The attack involves repeatedly attempting to crash devices to force them into undesired operation.
The Espressif ESP32 is perhaps one of the worst affected. Found in all manner of IoT devices, the ESP32 can be fooled into executing arbitrary code via this vulnerability, which can do everything from clearing the devices RAM to flipping GPIO pins. In smart home applications or other security-critical situations, this could have dire consequences.
BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://asset-group.github.io/disclosures/braktooth/
Tomi Engdahl says:
https://www.engadget.com/us-treasury-department-crypto-sanctions-ransomware-165049611.html
L-O-L! Fines for paying ransomware….hi-larious. Maybe now they will back up their data?
(Spoiler alert: they won’t)
Tomi Engdahl says:
Hackers breached computer network at key US port but did not disrupt operations
https://lm.facebook.com/l.php?u=https%3A%2F%2Fwww.cnn.com%2F2021%2F09%2F23%2Fpolitics%2Fsuspected-foreign-hack-houston%2Findex.html&h=AT163MKHcHCdgiCTey_-SJOUUz4mDP2djIAT6vrPUQtXEjbNWWb4mC1Qz4AucfeIa3xnJNlqthOLwbPrdEggEZ_8gQrEs_6n5iJzdq_x93e_de4OvmNLdlaxZKH9m-Q5HD0hzR23tuFnGOhjOg
(CNN) – Suspected foreign government-backed hackers last month breached a computer network at one of the largest ports on the US Gulf Coast, but early detection of the incident meant the intruders weren’t in a position to disrupt shipping operations, according to a Coast Guard analysis of the incident obtained by CNN and a public statement from a senior US cybersecurity official.
The incident at the Port of Houston is an example of the interest that foreign spies have in surveilling key US maritime ports, and it comes as US officials are trying to fortify critical infrastructure from such intrusions.
Tomi Engdahl says:
Illusionofchaos / Habr:NEW
Researcher discloses three iOS zero-days, says they were reported to Apple before May 4 and are still exploitable in iOS 15 after Apple failed to fix them — Information Security *Development for iOS *Development of mobile applications *Reverse engineering *
Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program
https://habr.com/en/post/579714/
Tomi Engdahl says:
https://www.zdnet.com/article/turla-hacking-group-launches-new-backdoor-in-attacks-against-us-afghanistan/
Tomi Engdahl says:
EU warns Russia over ‘Ghostwriter’ hacking ahead of German elections
https://techcrunch.com/2021/09/24/european-council-russia-ghostwriter/?tpcc=ECFB2021
The European Union has warned it may take action over Russia’s involvement in “malicious cyber activities” against several EU member states.
The “Ghostwriter” campaign targeted “numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU”, according to a press release from the European Council on Friday, and was carried out “by accessing computer systems and personal accounts and stealing data.”
The statement by the European executive, comprised of the bloc’s heads of state, said the EU was considering “taking further steps,” but did not elaborate what actions it would take.
Tomi Engdahl says:
https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
Tomi Engdahl says:
https://www.zdnet.com/article/cyberattacks-against-the-aviation-industry-that-flew-under-the-radar-linked-to-nigerian-threat-actor/
Tomi Engdahl says:
REvil: We Accidentally Leaked Kaseya Universal Decryptor Key
https://www.crn.com/news/security/revil-we-accidentally-leaked-kaseya-universal-decryptor-key
‘One of our coders misclicked and generated a universal key, and issued the universal decryptor key along with a bunch of keys for one machine. That’s how we sh*t ourselves,’ says REvil on a Russian-language forum.
Tomi Engdahl says:
https://www.forbes.com/sites/thomasbrewster/2021/09/14/google-chrome-update-now-to-stop-browser-hacks/
Tomi Engdahl says:
https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/
Tomi Engdahl says:
Russia’s Yandex says it repelled biggest DDoS attack in history
https://www.reuters.com/technology/russias-yandex-says-it-repelled-biggest-ddos-attack-history-2021-09-09/
Tomi Engdahl says:
https://www.zdnet.com/article/fujitsu-confirms-stolen-data-marketed-on-dark-web-not-connected-to-cyberattack-on-its-systems/
Tomi Engdahl says:
https://securityaffairs.co/wordpress/121899/security/netgear-vulnerabilities.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/
Tomi Engdahl says:
BrakTooth vulnerabilities impact closed-source Bluetooth stacks used in chips from Espressif, Intel, Qualcomm…
https://www.cnx-software.com/2021/09/13/braktooth-vulnerabilities-bluetooth-espressif-intel-qualcomm/
BrakTooth is a family of new security vulnerabilities in commercial, closed-source Bluetooth Classic stacks that range from denial of service (DoS) via firmware crashes and deadlocks to arbitrary code execution (ACE) in certain IoT devices.
Tomi Engdahl says:
Delete Your Windows 10 Password Now: Microsoft Suddenly Issues Security Update For Millions
https://www.forbes.com/sites/daveywinder/2021/09/18/delete-your-windows-10-password-now-microsoft-suddenly-issues-security-advisory-for-millions/
Tomi Engdahl says:
Researchers Find Malware Hiding in Windows Subsystem for Linux
By Nathaniel Mott 9 days ago
The malware targeted WSL to evade detection mechanisms.
https://www.tomshardware.com/news/researchers-find-windows-subsystem-linux-malware
Tomi Engdahl says:
https://www.zdnet.com/article/microsoft-september-2021-patch-tuesday-remote-code-execution-flaws-in-mshtml-open-management-fixed/
Tomi Engdahl says:
Google Issues Warning For 2 Billion Chrome Users
https://www.forbes.com/sites/gordonkelly/2021/09/25/google-chrome-warning-zero-day-hack-new-attack-upgrade-chrome-now/
Chrome users beware, just days after I warned attacks on Google’s browser are increasing, another critical hack has been confirmed.
Google published the news in a new blog post, where it revealed Chrome’s 11th ‘zero day’ exploit of the year has been found (CVE-2021-37973) and it affects Linux, macOS and Windows users. A zero-day classification means hackers have been able to exploit the flaw before Google could release a fix, which makes it significantly more dangerous than most security flaws. Google confirmed this saying it “is aware that an exploit for CVE-2021-37973 exists in the wild”.
Interestingly, the new zero-day is yet another ‘Use-After-Free’ (UAF) vulnerability
When you are able to update, remember Chrome must be restarted for the fix to take effect. Chrome is now used by over 2.65 billion users worldwide making it a huge target for hackers and, while Google is doing its part to counter attacks, they can find easy prey among users who fail to complete that crucial final step. Don’t be one of them.
Tomi Engdahl says:
SonicWall warns users to patch critical vulnerability as soon as possible https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwall-warns-users-to-patch-critical-vulnerability-as-soon-as-possible/
SonicWall has issued a security notice about its SMA 100 series of appliances. The vulnerability could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from a SMA 100 series appliance and gain administrator access to the device.
Tomi Engdahl says:
Uusi pankkihuijaus haluaa tunnukset 8 tunnissa erottaisitko itse tämän sivun aidosta?
https://www.is.fi/digitoday/tietoturva/art-2000008286937.html
SÄHKÖPOSTITSE levitetään parhaillaan Nordean nimissä huijausta, jossa käyttäjälle esitetään vaatimus tunnistautua uudelleen kahdeksan tunnin kuluessa sähköpostin saamisesta lukien.
Tomi Engdahl says:
Uudenlainen huijaus: Varo maksupyyntöä MobilePayssa Kelan nimissä https://www.is.fi/digitoday/tietoturva/art-2000008287326.html
KELA varoittaa nimissään MobilePay-rahansiirtosovelluksessa tehtävästä huijauksesta. Maksupyyntö on naamioitu etuisuuden takaisinmaksupyynnöksi.. katso myös https://www.kela.fi/ajankohtaista-henkiloasiakkaat/-/asset_publisher/kg5xtoqDw6Wf/content/kelan-nimissa-huijataan-rahaa-mobilepay-sovelluksessa
Tomi Engdahl says:
Major European call center provider goes down in ransomware attack https://therecord.media/major-european-call-center-provider-goes-down-in-ransomware-attack/
GSS, the Spanish and Latin America division of Covisian, one of Europes largest customer care and call center providers, has suffered a debilitating ransomware attack that froze a large part of its IT systems and crippled call centers across its Spanish-speaking customerbase.
Tomi Engdahl says:
German Election: Phishing Attacks and Disinformation Campaigns Target Parliament Members https://quointelligence.eu/2021/09/cybersecurity-and-german-election/
Tomi Engdahl says:
EU officially blames Russia for ‘Ghostwriter’ hacking activities https://www.bleepingcomputer.com/news/security/eu-officially-blames-russia-for-ghostwriter-hacking-activities/
The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public.. “These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data,” European Council officials said in a press release today.. see also https://www.consilium.europa.eu/en/press/press-releases/2021/09/24/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-respect-for-the-eu-s-democratic-processes/
Tomi Engdahl says:
Researcher drops three iOS zero-days that Apple refused to fix https://www.bleepingcomputer.com/news/security/researcher-drops-three-ios-zero-days-that-apple-refused-to-fix/
Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher.
Tomi Engdahl says:
Emergency Google Chrome update fixes zero-day exploited in the wild https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-exploited-in-the-wild/
Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild.
Tomi Engdahl says:
Bug in macOS Finder allows remote code execution https://www.welivesecurity.com/2021/09/23/bug-macos-finder-remote-code-execution/
While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented
Tomi Engdahl says:
State-sponsored hacking group targets Port of Houston using Zoho zero-day https://therecord.media/state-sponsored-hacking-group-targets-port-of-houston-using-zoho-zero-day/
A suspected state-sponsored hacking group has attempted to breach the network of the Port of Houston, one of the largest port authorities in the US, using a zero-day vulnerability in a Zoho user authentication appliance, CISA officials said in a Senate hearing today.
Tomi Engdahl says:
Exploits imminent for critical VMware vCenter CVE-2021-22005 bug https://www.bleepingcomputer.com/news/security/exploits-imminent-for-critical-vmware-vcenter-cve-2021-22005-bug/
Exploit code that could be used to achieve remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 is currently spreading online.
Tomi Engdahl says:
Onko kiinalainen puhelin vaarallinen? Näin kommentoivat viranomainen ja tietoturva-asiantuntija https://www.is.fi/digitoday/tietoturva/art-2000008283666.html
Liettualaisten löydökset herättivät pelkoa kiinalaispuhelimiin.
Asiantuntijoiden mukaan kyse ei ole yhteen maahan liittyvästä ongelmasta. Kuluttajan asema on kuitenkin vaikea.
Tomi Engdahl says:
VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/vmware-vcenter-server-vulnerability-cve-2021-22005-under-active
On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerabilityCVE-2021-22005in the Analytics service. A malicious cyber actor with network access to port
443 can exploit this vulnerability to execute code on vCenter Server.
Tomi Engdahl says:
FBI decision to withhold Kaseya ransomware decryption keys stirs debate https://www.zdnet.com/article/fbi-decision-to-withhold-kaseya-ransomware-decryption-keys-stirs-debate/
Many security experts defended the FBI’s decision to leave Kaseya victims struggling with ransomware infections for weeks.
Tomi Engdahl says:
United Health Centers ransomware attack claimed by Vice Society https://www.bleepingcomputer.com/news/security/united-health-centers-ransomware-attack-claimed-by-vice-society/
California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft.
Tomi Engdahl says:
Russian missile fuel maker targeted with recent Office zero-day https://therecord.media/russian-missile-fuel-maker-targeted-with-recent-office-zero-day/
Russian organizations, including a major defense contractor, have been targeted in a suspected cyber-espionage operation that is abusing a recently disclosed Office zero-day.
Tomi Engdahl says:
Large-Scale Phishing-as-a-Service Operation Exposed https://threatpost.com/phishing-as-a-service-exposed/174932/
Discovery of BulletProofLinkwhich provides phishing kits, email templates, hosting and other toolssheds light on how wannabe cybercriminals can get into the business.