Roundup It's time to dig into another Register security roundup.
Sophos XG Firewall hacked into the wild – patch available
Sophos rushed a corrective to have its XG Firewall products fix an SQL injection vulnerability – after hackers have been spotted exploiting the hole in the wild. The flaw can be misused to steal firewall configuration, such as hashed usernames and passwords.
The fix, while fixing the bug, will tell administrators if their boxes have been compromised by disbelievers before the fix can be applied. Make sure that automatic patch deployment is enabled to receive the update. All XG physical and virtual firewalls are vulnerable, we are told, and all supported versions (SFOS 17.1, 17.5, 18.0) will receive a fix.
“The attack used an unknown SQL injection vulnerability to access exposed XG devices,” said Team Sophos.
“It was designed to download payloads to exfiltrate resident data from the XG firewall. Data for any specific firewall depends on the specific configuration and may include hashed usernames and passwords for local device administrators, portal administrators, and user accounts used for remote access Passwords associated with external authentication systems such as AD or LDAP are not affected.
“For the moment, there is nothing to indicate that the attack accessed anything on the local networks behind an impacted XG firewall.”
Multilingual texts crash Apple iThings
A seemingly random text string in a text message could crash the iOS devices that receive it, which means you can drive an Apple fan by remotely hitting their handheld while sending the text. 9to5mac reported the channel is a mixture of the Italian flag icon and text in the Sidhi language, and triggers a bug in Messages for iPhone, iPad, Mac and Apple Watch. The effect of the flaw is supposed to vary depending on the device: the crash can cause the chat application to unexpectedly close up on the touch screen.
The craziest iOS crash text bug 💀 pic.twitter.com/29LJPb67WP
– EverythingApplePro (@EveryApplePro) April 23, 2020
Apple has yet to comment publicly on the problem. What's with this and its Mail bug not corrected, it has not been a good week for Cupertino's safety case.
Ransomware brains seem to be honoring vows not to infect hospitals
At the start of COVID-19 Coronavirus pandemic, a handful of ransomware crooks promised don't aim health care providers. Yes, that's right, we all thought. Well, it seems that malware gangs are living up to their word, as ransomware attacks in general are on the decline and file jamming infections in healthcare facilities are almost nonexistent, we are told.
Security software publisher Emsisoft claims it has only had 25 reported attacks on healthcare facilities in the past quarter, a drop from the 191 hits it sees on average per quarter. Sounds nice, but …
“This reduction is entirely due to the fact that in 2019, many managed service providers (MSPs) were operated, allowing several health facilities to be compromised simultaneously in a single incident,” said Emsisoft. “So far in 2020, no such attack has affected health care providers.”
So maybe there was something to this engagement after all, sort of.
Prosecutors crack down on COVID-19 scams
The United States Department of Justice is fighting summary hawkers who seek revenge quickly by scamming the public with false information and treatment for coronaviruses.
Prosecutors have picked up hundreds of fraudulent transactions, we are told. These range from fake donation web pages – one of which claims to be the Red Cross – to phishing pages that have usurped the identity of government relief programs.
“The ministry will continue to work with our law enforcement and private sector partners to help tackle COVID-19-related crimes online,” said Brian Benczkowski, Deputy Attorney General. “We applaud responsible Internet companies for taking swift action to prevent their resources from being used to exploit this pandemic.”
Crown Sterling settles case over Black Hat auto accident
One of the weirdest stories to come out of last year's Black Hat infosec conference in Las Vegas was the paid presentation of “Time AI” in an outfit called Crown Sterling. The sponsored session unfolded like a lead balloon: rowdies dismantled the company's extravagant boastings on encryption and artificial intelligence.
Times being what they are, this has led to a trial by Crown Sterling against Black Hat, alleging that the conference organizers violated the sponsorship agreement by allowing the presentation to be derailed by angry members of the public. This trial has been settled recently, but we will not know the terms because everything has been kept confidential.
Unfortunately, there will probably be no presentations this year, at least not in person, as Black Hat is very likely to be canceled due to the virus epidemic. BSides Las Vegas called of his event this summer due to the pandemic.
Team Fortress 2, Counter Strike: leak of the Global Offensive code
Someone, apparently after a quarrel between members of the game's modding community, online leak the source code to part of the engine that was previously leaked in the successful video games of Team Fortress 2 and Counter Strike: Global Offensive. Shortly after, another claimed to have found a remote code execution bug in the software. As scary as it sounds, there are actually not much be worried here.
Bankers victims of an email scam
Checkpoint a yet another report on scumbags hijacking an email account within an organization to usurp the identity of a staff member so that account numbers are changed on invoices and payments in order to redirect funds to the pockets of scammers. In the latter case, $ 650,000 was stolen by criminals via sunk transfers from British and Israeli finance companies.
PAAY reverses card payment logs
Inadvertent biz PAAY payments publicly exposed about 2.5 million card transactions, thanks to a misconfigured Internet database. There is some debate over whether actual payment card numbers have been revealed, and so far there is no evidence that fraudsters have accessed them before the data silo is taken offline.
Californian Man Charged With Cyber Harassment
Carl Bennington, 33, from Covina, has been accused use multiple social media accounts to track young women over a four-year period, including death threats. If convicted, he faces up to five years in prison.
Kinomap exercise app reveals user information
Elsewhere in the news of poorly secured databases, Kinomap exercise app forgot to set a password on one of its storage compartments accessible on the Internet and, consequently, certain basic information of the user profile such as names, usernames, e-mail address and drive timestamps were exposed.
Microsoft Releases Office Update
Microsoft released a out of band update for Office 2016 and 2019 thanks to a remote code execution bug found in an integrated AutoDesk library. This can be exploited by opening a file containing a trapped 3D model that triggers the execution of malicious code.
Autodesk patched the flaw earlier this month, so make sure you're up to date.
Nintendo Warns About Account Theft
Nintendo had to reset credentials out of around 160,000 user accounts after it was discovered that criminals were using a leaked connection set from an old service called Nintendo Network ID to enter profiles and, in some cases, accumulate fraudulent purchases.
Winnti group blamed for new attack in Germany
The infamous Winnti DPRK hacking team is said to be back. This time, North Korean pirates are said to have entered a German company using a technique called DNS tunneling.
“The sophistication of the techniques we discovered confirms that the Winnti group is a highly sophisticated and very committed advanced persistent group targeting a plethora of different industrial sectors in Europe and South Asia,” said eggheads at Quo Intelligence, which analyzed the reported rupture. in.
Researchers Show How GPUs Can Disclose System Data
Not the most practical attack, but it's worth the time to read this interesting report from Duo security on how malware could program a PC's graphics processor to transmit data wirelessly using its high frequency shader clock. This leaked information could be received by a nearby disbeliever, bypassing any air space.
Boffins Mikhail Davidov and Baron Oldenburg produced a configuration that could “exfiltrate data from a workstation without radio and limited air through a wall and 50 feet away”.
VictoryGate botnet threatens South America
ESET has discovered a cryptocurrency mining botnet that appears to be largely focused on South America. Known as VictoryGate, malware infects a mixture of personal and business Windows computers and Internet of Things devices.
“Active since at least May 2019, it mainly consists of devices in Peru, where more than 90% of infected devices are found”, said ESET. “The main activity of the botnet is the exploitation of the Monero cryptocurrency.”
IB group spot card cover for sale on the darknet market
Group-IB a sounded the alarm following the discovery of a cache of bank card data for sale on the dark web. The cards, which are said to come exclusively from banks in South Korea and the United States, are estimated to be around 400,000 people and are offered at $ 5 each. And, according to the seller, between 30 and 40% are still valid.
“It should be noted,” said Group IB, “that this is the largest sale of South Korean records on the dark web in 2020, which contributes to the growing popularity of card dumps issued by the APAC in the metro “. ®
Webcast: Build the Next Generation of Your Business in the Public Cloud