Cyber Security Headlines – March 29, 2021

Apple releases emergency update for iPhones, iPads, and Apple Watch

The patches are iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3, respectively, and have been released to address a serious zero-day vulnerability in all three platforms, discovered by Google’s Threat Analysis Group, and which affects Apple’s WebKit browser engine. The vulnerability is being actively exploited and may be used to carry out malicious actions such as directing users to phishing sites. Underlining the seriousness of this vulnerability is the fact that Apple has pushed out iOS 12.5.2 for older devices as well

(ZDNet)

Android system update may contain spyware

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. This sophisticated new malicious app masquerades itself as a System Update application to take control of compromised devices. The identity of the malware authors, the targeted victims, and the ultimate motive behind the campaign remain unclear as yet.

(The Hacker News)

Senators offer to let NSA hunt cyber actors inside the US

A bipartisan group of senators offered to help expand the National Security Agency’s authority allowing the spy agency to hunt domestically for signals intelligence against foreign adversaries that U.S. officials have said are behind a string of recent attacks, like SolarWinds and the Microsoft Exchange Servers hacks. Gen. Paul Nakasone, who leads both the NSA and U.S. Cyber Command told senators that the U.S. was unable to keep up with the threat in large part because laws prevent NSA and Cyber Command from adequately observing adversaries operating on U.S. networks. “They’re no longer just launching their attacks from different parts of the world. They understand that they come into the United States, use our infrastructure, and there’s a blind spot for us not being able to see them.”

(DefenseOne)

OpenSSL fixes two high-severity crypto bugs

Open-source cryptography library OpenSSL, which is used on Linux, Windows and macOS, has announced two high severity vulnerabilities that require immediate patching. One of these bugs can force a crash and DDoS situation by exploiting a TLS feature called renegotiation. The second bug could end up being more damaging than a DDoS attack, because it allows security checks to be circumvented. It is recommended that systems using OpenSSL receive up-to-date patches, as well as turning off both TLS 1.2 renegotiation and strict certificate checking.

(Naked Security)

Thanks to our sponsor, Remediant

Did you know the average large enterprise workstation has 480 admins with 24×7 access to it? This access is called standing privilege and is an adversary’s favorite tool and a security team’s biggest undiscovered risk. Precision PAM leader Remediant addresses this risk by providing just enough access just in time, eliminating standing privilege with continuous scanning and agentless, vaultless simplicity.

To learn more, visit remediant.com.

FatFace hides ransomware attack, bargains down and gets tech support from pirates

UK fashion retailer FatFace, which made headlines last week by appearing to ask its customers to keep its cyberattack “strictly private and confidential”, has reportedly paid a $2 million ransom. Conti, the gang behind the attack, initially demanded an $8 million ransom based on its assessment of what FatFace’s insurance would cover, but the company talked them down after explaining revenues had tumbled due to the Coronavirus lockdown. In accepting the payment, Conti offered advice to FatFace’s IT team about how to harden its defenses against future attacks.

(Graham Cluley)

Insurance giant CNA hit by new Phoenix CryptoLocker ransomware

The threat actors deployed the ransomware on CNA’s network on March 21, where it proceeded to encrypt over 15,000 devices on their network, including the computers of employees working remotely who were logged into the company’s VPN at the time of the attack. Analysis by CrowdStrike has shown that the software used, based on a product family called Hades, is simply a rebranded version of their previously used WastedLocker ransomware, which makes it likely that this hit is connected to the Evil Corp hacking group.

(Bleeping Computer)

Cyber-attack disrupts live broadcasts in Australia

Australia’s Channel Nine TV said it was unable to air several shows on Sunday, following a cyberattack. The broadcaster said it was investigating whether the hack was “criminal sabotage or the work of a foreign nation”. This occurred at the same time as another possible attack on Australia’s Parliament in Canberra. It’s not clear if the parliamentary outage and the cyber attack on Channel Nine were connected. Sources believe that China is behind the attacks, since relations between Australia and China have grown increasingly acrimonious amid disputes about trade and the coronavirus.

(BBC News)

New York launches blockchain based Covid passports

New Yorkers will now be able to pull up a code on their cell phone to prove they’ve been vaccinated against COVID-19 or recently tested negative for the virus that causes it. The first-in-the-nation certification, called the Excelsior Pass, will be useful first at large-scale venues like Madison Square Garden, as well as at dozens of event, arts and entertainment venues statewide, and even weddings and catered events. The data will come from the state’s vaccine registry and also will be linked to testing data from a number of pre-approved testing companies. It is built on IBM’s digital health pass platform and is provided via blockchain technology, so neither IBM nor any business will have access to private medical information.

(USA Today)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.