IT Security Newsletter - 11/16/2021
High severity BIOS flaws affect numerous Intel processors
Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device. The flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high). The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors. READ MORE...
Emotet Resurfaces on the Back of TrickBot After Nearly a Year
Emotet, one of the most prolific and disruptive botnet malware-delivery systems, appears to be making a comeback after nearly a year of inactivity, researchers have found. A team of researchers from Cryptolaemus, G DATA and AdvIntel recently observed the TrickBot trojan launching what appears to be a new loader for the notorious malware, they said separately on Twitter and in a blog post. READ MORE...
Microsoft Says HTML Smuggling Attacks On The Rise
Microsoft says it has observed an increase in the use of HTML smuggling in malicious attacks distributing remote access Trojans (RATs), banking malware, and other malicious payloads. HTML smuggling leverages HTML5/JavaScript for the download of files onto a victim machine, which in this case of these attacks is an encoded malicious script designed to assemble the final payload directly on the victim computer. READ MORE...
The Troubling Rise of Internet Access Brokers
A recent discovery of three separate threat groups using the same infrastructure to carry out a range of malicious activity has focused fresh attention on the growing role of so-called initial access brokers (IABs) in the underground cybercrime economy. IABs are threat groups that typically break into a target network and then sell access to that network to the highest bidder in Dark Web markets. READ MORE...
DDR4 memory protections are broken wide open by new Rowhammer technique
Rowhammer exploits that allow unprivileged attackers to change or corrupt data stored in vulnerable memory chips are now possible on virtually all DDR4 modules due to a new approach that neuters defenses chip manufacturers added to make their wares more resistant to such attacks. Rowhammer attacks work by accessing-or hammering-physical rows inside vulnerable chips millions of times per second in ways that cause bits in neighboring rows to flip, meaning 1s turn to 0s and vice versa. READ MORE...
MacOS Zero-Day Used in Watering-Hole Attacks
Apple fixed a zero-day vulnerability in September after being notified that attackers had used the security issue in macOS Catalina - along with a previously known vulnerability - to compromise visitors to the website of a "prominent pro-democracy group" and a media outlet in Hong Kong, Google said in an analysis of the attack published on Nov. 11. Google detected the attack in late August 2021, which used two iframes to serve exploits to computers running macOS and devices running iOS. READ MORE...
- ...in 1914, the federal reserve bank of the United States officially opens.
- ...in 1916, actor Daws Butler, the voice of Yogi Bear, Huckleberry Hound and dozens of other characters, is born in Toledo, OH.
- ...in 1952, game designer Shigeru Miyamoto, who created both "Super Mario Bros." and "The Legend of Zelda", is born in Kyoto, Japan.
- ...in 1973, NASA launches Skylab 4. It was the final and longest manned mission of the Skylab program, lasting over 84 days in orbit.