Cyber Security Headlines – January 12, 2022

Apple to allow third-party app payment options in South Korea

The Korea Communication Commission (KCC) said on Tuesday that Apple has submitted its compliance plans to allow developers to use third-party payment options in South Korea at a reduced service fee. In September 2021, South Korea’s parliament passed the world’s first bill preventing global tech giants from forcing developers to use their in-app billing systems. An Apple spokesperson touted the company’s respect for Korean law and history of collaboration with their developers adding, “Our work will always be guided by keeping the App Store a safe and trusted place for our users to download the apps they love.” Meanwhile, Google responded to the legislation, alternatively dubbed the “Anti Google law”, by proposing to reduce developer service fees by 4%, while continuing to utilize their own billing systems. 

(TechCrunch)

Hotel chain switches to Chrome OS to recover from ransomware attack

Last month, Nordic Choice Hotels was hit with Conti ransomware disrupting operations, but instead of paying the ransom, the company was able to recover from the incident by migrating its entire PC fleet from Windows to Chrome OS. The hotel chain indicated that by using a tool called CloudReady, it was able to convert 2,000 computers to its Chrome OS ecosystem in just two days, restoring operations to 212 hotels in five countries. Prior to the attack the hotel had already run a pilot program to test the tool as a way of reusing old computers with a less-demanding OS. The hotel chain said they expect to migrate 2,000 more computers and estimate savings of $6.7 million by avoiding the need to buy new hardware.

(The Record)

Hackers leveraging Log4j to install NightSky ransomware

Microsoft says that suspected China-based cyber criminals, which it tracks as DEV-0401, are targeting the ‘Log4Shell’ flaw in internet-facing systems running VMware’s Horizon product to install NightSky, a new ransomware strain that emerged on December 27. The financially motivated attacks target the original Log4Shell flaw tagged as CVE-2021-44228. Microsoft said customers should use scripts and scanning tools to assess their risk and impact but warned that attackers may be using the same inventory techniques to locate targets.

(ZDNet)

Microsoft Patch Tuesday addresses six zero-days

Microsoft’s January Patch Tuesday bug fixes address 96 security flaws including updates for six zero-day vulnerabilities. Microsoft has fixed problems including remote code execution (RCE) exploits, privilege escalation flaws, spoofing issues, and cross-site scripting (XSS) vulnerabilities affecting a number of its products including Microsoft Exchange Server, Office applications, Windows Defender, Windows Kernel, RDP, Cryptographic Services, Windows Certificate, and Microsoft Teams. While the zero-day flaws should be patched as soon as possible, Microsoft indicates that none of them have been observed being exploited in the wild. 

(ZDNet)

Thanks to our episode sponsor, BlackBerry

Cybersecurity Professionals… Listen up. Ransomware is on the rise and you can’t afford to rely on ineffective endpoint technology to PREVENT attacks. With BlackBerry’s 7th generation Artificial Intelligence(AI) and Machine Learning(ML) technology powered by Cylance, malicious attacks are detected and prevented on average of 25 months BEFORE appearing online.   With our prevention-first approach, Cylance technology neutralizes malware before the exploitation stage of the kill-chain. Can your cyber solution do that? Get Prevention-First security. Visit BlackBerry.com to see the Cylance AI/ML demo prevent malware.

Millions of routers remotely exposed by USB kernel bug

SentinelOne has discovered a high-severity Remote Code Execution (RCE) flaw in the KCodes NetUSB kernel module, affecting millions of routers from manufacturers including Netgear, TP-Link, DLink, and Western Digital. The module enables remote devices to connect to routers over IP and access any USB devices that are plugged into them. The researchers noted that attackers could remotely exploit the vulnerability to execute code in the kernel via a pre-authentication buffer overflow security vulnerability. SentinelLabs has distributed a patch to all impacted vendors who have either fixed it or are in the process of fixing the issue, noting that end-of-life routers may not receive an update.

(Threatpost)

Security shortfalls ranked top roadblock to IT modernization

According to the 2022 Intelligent Technology Report from Insight Enterprises, Inc., 400 IT leaders have ranked the top internal hindrance to organizational IT modernization as security shortcomings (40%), followed by shadow IT (36%) and competing internal priorities (35%). 51% of IT leaders named security as their top organizational priority when it comes to cloud integration. The survey also indicates that the COVID-19 pandemic may be amplifying the barriers to modernization, as 78% of IT leaders reported taking on new cybersecurity tasks in 2021.

(Security Magazine)

Hacking group accidentally infects itself with Remote Access Trojan 

An Indian hacking group known as Patchwork and also known as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, have been observed successfully using spearphing attacks to compromise numerous Pakistani institutions, including the Ministry of Defense and multiple universities. However, Malwarebytes researchers have uncovered that back in January, Patchwork managed to infect themselves with their very own BADNEWS Remote Access Trojan (RAT), exposing the criminals’ own keystrokes, as well as keyboard layouts, virtual applications, and screenshots of their computers revealing the weather report at the time and that their Java applications were in need of updates.

(Graham Cluley)

Police caught chasing Snorlax instead of robbers

Two Los Angeles police officers were fired for chasing a relatively rare Pokémon Go character called Snorlax rather than chasing fleeing robbers. Back in 2017, Louis Lozano and Eric Mitchell had been on patrol when Macy’s department store was robbed and after which they ignored a call for backup. The pair denied playing the game but court documents reveal that, “for approximately the next 20 minutes, captured [the] petitioners discussing Pokémon as they drove to different locations where the virtual creatures apparently appeared on their mobile phones.” Their representation argued that their private conversations captured by in-car recordings should not have been used as evidence, but the argument was denied.

(BBC)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.