Thursday, March 28, 2024

Cyber Today: Urgent iPhone update, ZIP password fault, Hacking decommissioned satellites

iPhone users urged to update to patch 2 zero-days

Apple is urging macOS, iPhone and iPad users to immediately install updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices. Patches are available for affected devices running iOS 15.6.1 and macOS Monterey 12.5.1. The patches address two flaws, which basically impact any Apple device that can run either iOS 15 or the Monterey version of its desktop OS. The vulnerability allows an application to execute arbitrary code with kernel privileges, according to Apple, which says there is a report that it “may have been actively exploited.”

(ThreatPost)

Encrypted ZIP files can have two correct passwords

Password-protected ZIP archives are common means of compressing and sharing sets of files, but Arseniy Sharoglazov, a cybersecurity researcher at Positive Technologies has demonstrated that it is possible for an encrypted ZIP file to have two correct passwords. This vulnerability comes about when passwords are set at more than 64 characters, in which case ZIP uses an algorithm to hash the password. Sharoglazov showed that by trying a different password of more than 64 characters results in ZIP creating the same hash and therefore accepting the second password as legitimate. A full report on this issue is available at Bleeping Computer, who, incidentally were able to replicate this procedure.

Recommended:  Linode + Kali Linux: Added security for cloud instances

(Bleeping Computer)

White hat hackers broadcast through decommissioned satellite

A group of white hat hackers demonstrated at DEF CON how to take control of a satellite in geostationary orbit. The group used a satellite called Anik F1R, which had been decommissioned in 2020. The group was authorized to perform the hack and had also been given permission and access to an unused uplink facility which included the hardware to connect to a satellite. The group sought to demonstrate how easy it could be to physically take control of decommissioned satellites using software that costs just $300.

(Security Affairs)

Hackers target hotel and travel companies with fake reservations

A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space. Their email topics revolve around making a booking on the target organization, pretending to come from conference organizers, tourist office agents, and other sources that the recipients can’t easily dismiss. Victims who click on the URL in the message body, which is purported to be a reservation link, will receive an ISO file from a remote resource. The archive contains a batch file that launches a PowerShell script which eventually drops the RAT payload onto the victim’s computer and creates a scheduled task for persistence.

(Bleeping Computer)

Grandoreiro banking malware targets Mexico and Spain

Zscaler ThreatLabz researchers have observed the malware targeting organizations in Mexico and Spain. It is is a modular backdoor that supports keylogging, command execution, guiding victim’s browsers to specific URLs, imitating mouse and keyboard movements, and more. The threat actors behind this campaign impersonate Mexican government officials, the malware uses multiple anti-analysis techniques along with implementation of Captcha for evading Sandboxes.

Recommended:  UK's Leading Cybersecurity Agency Urges Business Leaders to Take Cyber Risks Seriously

(Security Affairs)

Amazon quietly fixes Ring Android app bug

Amazon has resolved a vulnerability discovered in May that exposed the data and camera recordings of Ring app users on Android devices. The bug was reported to the Amazon Vulnerability Research Program by researchers with cybersecurity firm Checkmarx on May 1. In a report released on Thursday, the researchers showed how in a series of steps, they were able to use Ring’s APIs to extract the customer’s personal data, including full name, email, and phone number, and their Ring device’s data, including geolocation, address, and recordings. 

(The Record)

Fears over China’s access to genetic data of UK citizens

Rising political and security tensions between Beijing and the west have prompted calls for a review of the transfer of genetic data to China from a biomedical database containing the DNA of half a million UK citizens. The UK Biobank said it had about 300 projects under which researchers in China were accessing “detailed genetic information” or other health data on volunteers. The anonymized data is shared under an open-access policy for use in studies into diseases from cancer to depression. There is no suggestion it has been misused or participants’ privacy compromised. Data-sharing is facing scrutiny amid a shift in geopolitical relations, with analysts raising concerns about the challenges of monitoring usage beyond UK borders and a lack of reciprocal data-sharing by China.

(The Guardian)

Last week in ransomware 

Last week saw the return of the BlackByte ransomware operation, which launched a new data leak site using extortion tactics similar to LockBit 3.0. Last week’s attacks were on Argentina’s Judiciary of Córdoba, a UK water supplier (though Clop attributed to the wrong company), and LockBit claiming to be behind the attack on Entrust. Finally, researchers found a new variant of the SOVA Android malware that includes a ransomware feature to encrypt mobile devices.

Recommended:  Microsoft Defender for Endpoint brings remote deployment to iOS

(Bleeping Computer)

source

Suggest an edit to this article

Go to Cybersecurity Knowledge Base

Got to the Latest Cybersecurity News

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
RiSec.Mitch
Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security