IT Security Newsletter - 03/19/2021
Hackers target Apple developers with backdoor
Hackers appear to be targeting Apple developers with a backdoor that has worked its way into a shared Xcode project, according to SentinelOne research published Thursday. In a blog post, SentinelOne says an external researcher alerted the company about malicious code that was tainting a development project in Xcode, Apple's integrated development environment (IDE) for macOS. The nefarious project, which the researchers say abuses the Run Script feature in Xcode. READ MORE...
Beware the Package Typosquatting Supply Chain Attack
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones. When typosquatting is mentioned, most people think of domain typosquatting, which according to the Anticybersquatting Consumer Protection Act (ACPA) of 1999 means registering, trafficking in, or using an Internet domain name with bad-faith intent. READ MORE...
Swiss hacker charged for leaking proprietary source code
Swiss national Till Kottmann, 21, has been charged for conspiracy, wire fraud and aggravated identity theft, the U.S. Department of Justice announced. Kottmann has been at the forefront of numerous leaks involving source code, some of it proprietary or confidential, from dozens of large companies. In a public repository, Kottmann published code from Intel, Nissan, Lenovo, Nintendo, Motorola, AMD, Qualcomm [1]. The indictment says that the leaks included internal files. READ MORE...
New Windows 10 emergency updates fix remaining printing issues
Microsoft has released the Windows 10 KB5001649 emergency update to fix printing issues plaguing users since the March 2021 Patch Tuesday updates. On March 9th, Microsoft released their March 2021 Patch Tuesday security updates and cumulative updates for Windows. Since then, many users have reported that Windows 10 would crash when printing with an "APC_INDEX_MISMATCH for win32kfull.sys" error or printed pages would have missing graphics, black bars, or blank pages. READ MORE...
Automatically mitigate ProxyLogon, detect IoCs associated with SolarWinds attackers' activities
Microsoft has updated its Defender Antivirus to mitigate the ProxyLogon flaw on vulnerable Exchange Servers automatically, while the Cybersecurity and Infrastructure Security Agency (CISA) has released CHIRP, a forensic tool that can help defenders find IoCs associated with the SolarWinds attackers' activities. "Similar to the CISA-developed Sparrow tool-which scans for signs of APT compromise within an M365 or Azure environment-CHIRP scans for signs of APT compromise." READ MORE...
US taxpayers targeted with RAT malware in ongoing phishing attacks
US taxpayers are being targeted by phishing attacks attempting to take over their computers using malware and steal sensitive personal and financial information. According to the Treasury Department, the IRS received over 141 million individual income tax returns [PDF] during the 2019 filing season, with roughly 90.4 percent of them (around 127 million) having been filed electronically. "Social engineering via phishing emails continues to be the preferred infection method[...]" READ MORE...
New CopperStealer Malware Hijacks Social Media Accounts
Proofpoint researchers say it steals logins and spreads more malware. Researchers with Proofpoint released details today on new undocumented malware called CopperStealer. CopperStealer has many of the same targeting and delivery methods as SilentFade, a Chinese-sourced malware family first reported by Facebook in 2019. Proofpoint believes Copperstealer is a previously undocumented family within the same class of malware as SilentFade. READ MORE...
Feds aren't well prepared to spot SolarWinds-style hacks at agencies, CISA official says
In one of the bluntest assessments of U.S. government security shortcomings around the SolarWinds hack, a top Department of Homeland Security official told senators on Thursday that federal defenses simply aren't aligned properly to detect advanced attackers. The testimony before the Senate Homeland Security and Governmental Affairs Committee on federal cybersecurity weaknesses points to a forthcoming reorientation of how DHS's Cybersecurity and Infrastructure Security Agency protects agencies. READ MORE...
The benefits and challenges of passwordless authentication
More and more organizations are adopting passwordless authentication. Gartner predicts that, by 2022, 60% of large and global enterprises as well as 90% of midsize enterprises will implement passwordless methods in more than half of use cases. Passwordless authentication swaps traditional passwords for a system that identifies users by more secure methods such as "possession factor" or "inherent factor." READ MORE...
Here's How Security Flaws in GE Relays Could Be Exploited in Real World Attacks
Organizations using Universal Relay (UR) products made by GE's Grid Solutions have been informed this week that many of the devices in this product line are affected by nearly a dozen vulnerabilities. Grid Solutions is a GE Renewable Energy business that provides electricity management solutions for the energy sector, including oil and gas, as well as industry and infrastructure organizations. READ MORE...
Zoom Screen-Sharing Glitch 'Briefly' Leaks Sensitive Data
A glitch in Zoom's screen-sharing feature shows parts of presenters' screens that they did not intend to share - potentially leaking emails or passwords. A security blip in the current version of Zoom could inadvertently leak users' data to other meeting participants on a call. However, the data is only leaked briefly, making a potential attack difficult to carry out. The flaw (CVE-2021-28133) stems from a glitch in the screen sharing function of video conferencing platform Zoom. READ MORE...
- ...in 1918, the US Congress establishes time zones and approves daylight savings time.
- ...in 1928, Irish actor and screenwriter Patrick McGoohan, famous as "Number Six" in the 1960s TV series "The Prisoner", is born in New York City.
- ...in 1931, gambling is legalized in Nevada.
- ...in 1979, the US House of Representatives begins broadcasting its proceedings via the cable TV network C-SPAN.