IT Security Newsletter

IT Security Newsletter - 9/30/2021

Written by Cadre | Thu, Sep 30, 2021

SAS 2021: 'Tomiris' Backdoor Linked to SolarWinds Malware

Researchers have discovered a campaign delivering a previously unknown backdoor they're calling Tomiris. Analysis of the new malware suggests that we may not have heard the last from the Nobelium advanced persistent threat (APT) behind the sprawling SolarWinds supply-chain attacks of 2020. Namely, Tomiris has a number of similarities to the Sunshuttle second-stage malware (aka GoldMax) that was distributed by Nobelium (aka DarkHalo). READ MORE...

WireX DDoS botnet admin charged for attacking hotel chain

The US Department of Justice charged the admin of the WireX Android botnet for targeting an American multinational hotel chain in a distributed denial-of-service (DDoS) attack. Izzet Mert Ozek, the defendant, used the botnet which consisted of tens of thousands of enslaved Android devices - more than 120,000 based on the unique IP addresses observed in some WireX attacks - to target the company's online booking system website in August 2017. READ MORE...

Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords

Fraudsters are posing as human rights group Amnesty International to trick individuals into downloading malicious software, researchers at Cisco's threat intelligence unit Talos report. Masquerading as the human rights group, hackers registered multiple domains using variations on the Amnesty name to advertise a demo for "Amnesty Anti Pegasus" software that could allegedly scan devices for the NSO Group spyware, which Amnesty has closely examined. READ MORE...

Trucking giant Forward Air reports ransomware data breach

Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. In December 2020, Forward Air suffered a ransomware attack by what was believed to be a new cybercrime gang known as Hades. This attack caused Forward Air to shut down its network, which led to business disruption and the inability to release freight for transport. READ MORE...

GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride

More than 10 million Android users have been saddled with a malware called GriftHorse that's trojanizing various applications and secretly subscribing victims to premium mobile services - a type of billing fraud that researchers categorize as "fleeceware." Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. READ MORE...

API Flaw Exposes Elastic Stack Users to Data Theft and DoS

Security researchers have disclosed a serious and wide-ranging API vulnerability stemming from the incorrect implementation of Elastic Stack, which could create serious business risk for customers. Elastic Stack is a popular collection of open source search, analytics and data aggregation products, including Elasticsearch. Salt Security claimed that nearly every provider customer is affected by the vulnerability - which relates to design implementation flaws rather than a bug in Elastic Stack code itself. READ MORE...

Contactless Payment Card Hack Affects Apple Pay, Visa

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities exploited in the attack remain unpatched, but the impacted vendors say they are not concerned. They discovered that if an iPhone is configured to use Apple Pay and a Visa card in "transit mode," an attacker can remotely steal money from the targeted individual without any authentication or authorization being required. READ MORE...

Unpatched flaw 'weaponises' Apple AirTags to turn them into the phisherman's friend

Apple has been accused of ignoring a vulnerability in the Lost Mode functionality of its AirTags location-tracking accessories which would allow an attacker to seed "weaponised AirTags" for harvesting the iCloud credentials of anyone who find them. Launched back in April, AirTags are compact battery-powered devices you stick to your belongings in order to locate them when misplaced. READ MORE...

  • ...in 1927, Babe Ruth hits his 60th home run of the 1927 season and with it sets a record that would stand for 34 years.
  • ...in 1954, the USS Nautilus, the world's first nuclear submarine, is commissioned by the U.S. Navy.
  • ...in 1972, Pro baseball great Roberto Clemente hits his 3,000th and final hit of his career
  • ...in 1980, the original specifications for Ethernet computer networking technologies are published by Xerox with Intel and Digital Equipment Corporation.