cRyPtHoN™ INFOSEC (EN)

2022-05-17 10:25:43 Researchers Find Potential Way to Run Malware on iPhone Even When it's OFF.

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off."

The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate while iOS is shut down when entering a "power reserve" Low Power Mode (LPM).

While this is done so as to enable features like Find My and facilitate Express Card transactions, all the three wireless chips have direct access to the secure element, academics from the Secure Mobile Networking Lab (SEEMOO) at the Technical University of Darmstadt said in a paper.

https://thehackernews.com/2022/05/researchers-find-way-to-run-malware-on.html

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 10:24:04 Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part I.

Fortinet’s FortiGuard Labs captured a phishing campaign that was delivering three fileless malware onto a victim’s device. Once executed, they are able to steal sensitive information from that device.

In this analysis, I’ll reveal how the phishing campaign manages to transfer the fileless malware to the victim’s device, what mechanism it uses to load, deploy, and execute the fileless malware in the target process, and how it maintains persistence on the victim’s device.

Affected platforms: Microsoft Windows

Impacted parties: Microsoft Windows Users

Impact: Controls victim’s device and collects sensitive information

Severity level: Critical

https://www.fortinet.com/blog/threat-research/phishing-campaign-delivering-fileless-malware

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 10:20:07 Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys.

We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys

We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys. Because of the number and popularity of these apps — some of them have been installed over a hundred thousand times — we decided to shed some light on what these apps actually do by focusing on some of the more notable examples.

https://www.trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 10:18:06 SharePoint RCE bug resurfaces three months after being patched by Microsoft.

Deserialization vulnerabilities are hard to fix

A security researcher found a fresh way to exploit a recently patched deserialization bug in Microsoft SharePoint and stage remote code execution (RCE) attacks.

The flaw, a variant on an issue that was patched in February, uses the site creation features of SharePoint, Microsoft’s intranet platform, to upload and run malicious files on the server.

Many languages use serialization and deserialization to pass complex objects to servers and between processes. If the deserialization process is insecure, an adversary will be able to exploit it to send malicious objects and run them on the server.

https://portswigger.net/daily-swig/sharepoint-rce-bug-resurfaces-three-months-after-being-patched-by-microsoft

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 10:16:07 Ransomware: How executives should prepare given the current threat landscape.

Top executives are increasingly dreading the phone call from their fellow employees notifying them that their company has been hit by a cyber attack. Nearly every week in 2021 and early 2022, a prominent organization has been in the media spotlight as their public relations team struggles to explain how they were attacked and how they can regain consumer confidence. A recent survey showed that 37 percent of organizations surveyed had been affected by ransomware attacks in the last year.

Worse, the days when executive leadership teams could fully delegate responsibility to a CISO are over.

https://blog.talosintelligence.com/2022/05/ransomware-how-executives-should.html

#oscp #iocteams #spread #snortteams
@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 10:10:10 Apple emergency update fixes zero-day used to hack Macs, Watches.

Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices.

Zero-days are security flaws that the software vendor is unaware of and hasn't yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch arrives or may be actively exploited in the wild.

In security advisories issued on Monday, Apple revealed that they're aware of reports this security bug "may have been actively exploited."

https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-day-used-to-hack-macs-watches/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 10:08:07 China reveals its top five sources of online fraud.

'Brushing' tops the list, as quantity of forbidden content continue to rise

China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone.

The e-commerce scam known as “brushing” topped the list and accounted for around a third of all internet fraud activity in China. Brushing sees victims lured into making payment for goods that may not be delivered, or are only delivered after buyers are asked to perform several other online tasks that may include downloading dodgy apps and/or establishing e-commerce profiles. Victims can find themselves being asked to pay more than the original price for goods, or denied promised rebates.

https://www.theregister.com/2022/05/17/china_internet_fraud_sources/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 10:05:08 How to track down your lost Samsung phone.

Because smartphones are hella expensive

Smartphones are expensive and accidents happen. Now that we've stated the obvious, it is perhaps useful to also mention that most of us carry a lot of private information in our mobile devices. Whether it is a company-issued phone or a flagship purchased after months of savings, odds are that the data within the device is actually more valuable than the device itself.

There have been many independent developers who've created apps designed to help users find lost phones, or at the very least to wipe them remotely. Many of those apps required root access to work properly (and to avoid being removed through a malicious wipe), so they never became mainstream.

https://www.androidpolice.com/how-to-find-your-samsung-phone/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 09:58:17 Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors.

Microsoft’s May Patch Tuesday update is triggering authentication errors.

Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. In a Friday update, Microsoft said it was investigating the issue.

The warning comes amid shared reports of multiple services and policies failing after installing the security update. “Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing account or the password was incorrect.” posted an admin to a Reddit thread on the topic.

https://threatpost.com/microsofts-may-patch-tuesday-updates-cause-windows-ad-authentication-errors/179631/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 09:56:18 Venezuelan cardiologist charged with designing and selling ransomware.

If his surgery was as bad as his opsec, this chap has caused a lot of trouble

The US Attorney’s Office has charged a 55-year-old cardiologist with creating and selling ransomware and profiting from revenue-share agreements with criminals who deployed his product.

A complaint [PDF] filed on May 16th in the US District Court, Eastern District of New York, alleges that Moises Luis Zagala Gonzalez – aka “Nosophoros,” “Aesculapius” and “Nebuchadnezzar” – created a ransomware builder known as “Thanos”, and ransomware named “Jigsaw v. 2”.

https://www.theregister.com/2022/05/17/zagala_venezuelan_cardiologist_ransomware_charges/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment