Hackers Attack Apple Prior to Launch Event, Demand Ransom
On the day when Apple was ready to declare a new series of products at its Spring Load Event, there happened a leak from an unexpected quarter. The infamous cybercrime gang REvil took the responsibility for stealing data and schematics from Apple’s supplier ‘Quanta computer’ relating unreleased products. The gang also threatened to sell the data to the highest bidder if the target failed to pay a ransom of $50 Million. Hackers have evolved through years of developing their mass data encryption techniques to log targets out of their own devices.
Presently, these gangs are more focused towards data theft and extortion as their primary means of attacks, while demanding hefty ransoms in the process. “”Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands. “ We recommend that Apple buy back the available data by May 1,” said REvil in the stolen data post. Even if the victim recovers his data, the risk of a hacker leaking his data still persists
Source — https://www.ehackingnews.com/2021/05/hackers-attack-apple-prior-to-launch.html
Flaws in the BIND software expose DNS servers to attacks
The most serious vulnerability, tracked as CVE-2021–25216, is a buffer overflow issue that can lead to a server crash and under specific conditions to remote code execution. «GSS-TSIG is an extension to the TSIG protocol which is intended to support the secure exchange of keys for use in verifying the authenticity of communications between parties on a network.» reads the advisory published by the organization. «SPNEGO is a negotiation mechanism used by GSSAPI, the application protocol interface for GSS-TSIG. » The issue only affects servers configured to use GSS-TSIG features which are very common, for this reason, the flaw has been rated with a CVSS score of 8.1.
Versions affected are BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch. The second vulnerability, tracked as CVE-2021–25215, can be exploited by a remote attacker to cause the BIND name server process to terminate due to a failed assertion check triggering a DoS condition. The vulnerability has been rated with a CVSS score of 7.5. The third vulnerability fixed by the organization is a medium-severity issue tracked as CVE-2021–25214 that can be exploited to trigger DoS attacks.
The flaw is remotely exploitable only the target server accepts zone transfers from the potential attacker.
Source — https://securityaffairs.co/wordpress/117414/security/bind-dns-servers-flaws.html
Linux Mint 18.x Hits End Of Life, Users Should Upgrade Now
Clement Lefebvre, head of the Linux Mint project, announced in the monthly newsletter that the Linux Mint 18.x series has reached EOL .
Announced in June 2016, Linux Mint 18.x series follows the pattern set by the 17.x series, by using Ubuntu 16.04 LTS as a base.
After 5 good years of service, Linux Mint 18, 18.1, 18.2, and 18.3 has now reached EOL this month and will no be longer supported with security or software updates.
If you are running one of these releases, your operating system will continue to work but you will no longer receive security updates from the repositories, says Clement.
Users are recommended to back up their data and perform a fresh installation of Linux Mint 20.1, which is supported until 2025.
According to Clement, the minor upgrades are quite simple, easy, and fast.
On the other hand, the upgrade from 18.3 to 19 is a major upgrade, as it is longer and more complicated.
For this reason, users are recommended to take their time with this one and not hesitate to seek assistance within the community, in the chat room, or on the forums
Source — https://www.techworm.net/2021/05/linux-mint-18-x-end-of-life.html
Linux kernel Bug Let Attackers Insert Malicious Code Into The Kernel Address Space
The cybersecurity researchers have detected that the Linux kernel bug is allowing the threat actors to implement some malicious code into the kernel address space.
Attacks
This is not the first time when Kernel gets attacked, as it has been attacked by various threat actors and with different methods. To attack Kernel, the initial thing for an attacker is to find if it has any kind of bug in the system or not.
Randomizing the location of Kernel
After investigating the procedure, the security analysts came to know that ASLR is currently randomized where the kernel code is placed at boot time.
Accomplishment
Among all the malicious code, KASLR is one of the most minor problematic codes that the experts came across. However, cybersecurity researchers have claimed that there are a few steps that will help the user to bypass such a situation
Source — https://gbhackers.com/linux-kernel-bug/
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT