24-Apr-24: In Security News Today

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

The U.S. Treasury Department sanctioned two Iranian firms and four individuals for engaging in cyber activities on behalf of the Iranian Revolutionary Guard Corps Cyber Electronic Command. The individuals targeted U.S. companies and government entities through cyber operations, leading to indictments and a reward for information. The defendants face charges including conspiracy to commit computer fraud and wire fraud, with potential prison sentences of up to 20 years.

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Security researchers have uncovered an ongoing attack campaign, codenamed FROZEN#SHADOW, utilizing phishing emails to distribute SSLoad malware, Cobalt Strike, and ConnectWise ScreenConnect. SSLoad is designed to infiltrate systems, deploy backdoors, and maintain persistence while avoiding detection. The attackers pivot to other systems in the network, including the domain controller, creating their own domain administrator account to achieve high levels of persistence and access within the victim’s Windows domain.

Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users

Security vulnerabilities in cloud-based pinyin keyboard apps used by over 1 billion Chinese users were discovered by Citizen Lab, exposing their keystrokes to potential exploitation. Eight out of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi were found to have weaknesses, with Huawei being the only exception. The vulnerabilities could allow adversaries to decrypt keystrokes passively, prompting recommendations for users to update their apps, switch to on-device keyboard apps, and for developers to use standard encryption protocols.

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

A new malware campaign is exploiting the eScan antivirus software’s update mechanism to distribute backdoors and cryptocurrency miners, targeting large corporate networks. The threat, known as GuptiMiner, is believed to be connected to a North Korean hacking group called Kimsuky. The malware campaign involves a sophisticated infection chain that leverages a security flaw in eScan’s update mechanism, allowing the attackers to deploy malicious payloads undetected for at least five years.

US Charges Samourai Cryptomixer Founders for Laundering $100 Million

The U.S. Department of Justice has charged Keonne Rodriguez and William Lonergan Hill for laundering over $100 million through their cryptocurrency mixer service, Samourai. Criminals utilized Samourai’s services to process more than $2 billion in illicit funds, with the founders allegedly earning $4.5 million in fees. The founders are facing charges of money laundering and operating an unlicensed money-transmitting business, with Rodriguez in custody and Hill arrested in Portugal awaiting extradition to the U.S.

Medical Diagnostics Provider Synlab Halts Services Over Ransomware Attack

Synlab Italia, part of a major medical diagnostics firm, had to shut down its IT systems nationwide following a cyberattack, suspected to be ransomware, which potentially compromised sensitive customer data. Nearly 400 labs across Italy halted all operations, including patient services and data access. The disruption persisted for several days as the company worked to isolate and address the security breach.

CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation

CISA has updated its Known Exploited Vulnerabilities catalog to include a critical Windows Print Spooler flaw, CVE-2022-38028, after Microsoft reported its exploitation by Russian cyberespionage group APT28. This vulnerability, discovered in 2022, allows for privilege escalation and has been actively used to deploy malware and harvest credentials across multiple sectors. Organizations are urged to patch this vulnerability promptly to mitigate potential cyber threats.

US Congress Passes Bill to Ban TikTok

The US Senate voted on a bill that could ban TikTok or force ByteDance to relinquish ownership of the app, with 79 senators in favor and 18 against. The bill, titled Protecting Americans from Foreign Adversary Controlled Applicants Act, now awaits President Biden’s signature. ByteDance has a year to disassociate from TikTok in the US or face legal prohibitions, while TikTok’s ties with Chinese intelligence are under scrutiny.

ArcaneDoor Hackers Exploit Cisco Zero-days to Breach Government Networks

Cisco has warned of a state-backed hacking group, identified as UAT4356 and STORM-1849, exploiting two zero-day vulnerabilities in Cisco firewalls since November 2023 to breach government networks worldwide. The vulnerabilities allowed the threat actors to deploy malware implants like ‘Line Dancer’ and ‘Line Runner’ for malicious actions, including configuration modification and network traffic capture. Cisco has released security updates to fix the zero-days and urges customers to upgrade their devices and monitor for any signs of unauthorized activity.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *