21-Aug-23: In Security News Today

Researchers Discover Fake Airplane Mode Attack on iPhones

Researchers at Jamf have discovered a technique called ‘fake airplane mode’ that allows attackers to maintain connectivity on iPhones while making users believe they are offline. The attack involves intercepting the API call triggered by tapping on the airplane mode icon in the Control Center, which turns off Wi-Fi but not the mobile network. The researchers found a way to misrepresent the state of connectivity on the device, but the attack can be mitigated by checking the settings page directly instead of relying on the Control Center or browser notifications.

Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer

Cyfirma security researchers have identified the real identity of the developer behind the CypherRAT and CraxsRAT malware. The individual, operating under the online handle ‘EVLF DEV’ and based in Syria, has been selling these remote access trojans (RATs) to various threat actors for the past eight years, earning over $75,000. The developer is also a malware-as-a-service (MaaS) operator, offering the dangerous Android RAT, CraxsRAT, on a surface web store.

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

A high-severity security flaw has been discovered in the WinRAR utility that could allow remote code execution on Windows systems. The vulnerability, tracked as CVE-2023-40477, is caused by improper validation while processing recovery volumes. Users are advised to update to the latest version of WinRAR to mitigate potential threats.

Australian Lender Latitude Financial Reports AU$76 Million Cyberattack Costs

Australian lender Latitude Financial has reported that a recent ransomware attack has cost the company AU$76 million. The attack resulted in the exposure of information belonging to approximately 7.9 million people in Australia and New Zealand, including contact details, dates of birth, driver’s license and passport numbers, and bank account and payment card numbers. The incident has sparked a debate on whether the Australian government should ban payments to ransomware groups to discourage cybercriminals from targeting organizations in the country.

US Gov Warns of Foreign Intelligence Cyberattacks Against US Space Industry

The FBI, NCSC, and AFOSI have issued an alert warning US space industry organizations of increased targeting and exploitation by foreign intelligence entities (FIEs). These entities use tactics such as cyberattacks, supply chain compromise, and strategic investments to gain access to the US space industry. The targeting and exploitation not only impact national security, but also economic security and global competition in the sector.

Beware of Fake AI Bots Installing Malware

A recent scam involves fake AI bots that try to install malware on users’ devices. The scam starts with an ad on Facebook promoting a fake AI tool called ‘Google Bard AI’. The ad leads to a suspicious website that tricks users into downloading a malicious file, which is flagged as malware by security vendors. This campaign highlights the need for users to be cautious and vigilant when encountering ads or offers related to AI technology.

Brazilian Hacker Claims Bolsonaro Asked Him to Hack Into the Voting System Ahead of 2022 Vote

A Brazilian hacker testified at a congressional hearing that former President Jair Bolsonaro asked him to hack into Brazil’s electronic voting system to expose its alleged weaknesses before the 2022 presidential election. The hacker, Walter Delgatti Neto, provided detailed testimony but did not present any evidence. Bolsonaro’s lawyers plan to take legal action against Delgatti, accusing him of making false claims without evidence.

Vulnerabilities in Juniper Switches and Firewalls Allow Remote Code Execution

Juniper Networks has released patches for four vulnerabilities in the J-Web interface of Junos OS that can be chained together to achieve unauthenticated, remote code execution. The vulnerabilities, rated as ‘medium’ severity individually but ‘critical severity’ when exploited together, allow attackers to control environment variables and upload arbitrary files, leading to loss of integrity and potential impact on file system integrity. Users are advised to update their appliances to the latest Junos OS versions to mitigate the risk of exploitation.

HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack

The HiatusRAT malware has returned with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system. The threat actors have recompiled malware samples for different architectures and hosted them on new virtual private servers. The attacks, described as audacious, have targeted commercial firms and a U.S. Department of Defense server, with the goal possibly being to gather information on military contracts.

Energy One Probes Cyberattack Impact

Wholesale energy software provider Energy One has confirmed a cyberattack that impacted certain corporate systems in Australia and the UK. The company is currently investigating the extent of the breach, including whether customer-facing systems were affected and whether any personal information has been compromised. Energy One has taken immediate measures to limit the incident’s impact, engaged cybersecurity specialists, and notified relevant authorities while temporarily disabling links between corporate and customer-facing systems.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.