Cyber Security News — Past 24 hours | 22.06.2021
Beware! Connecting to This Wireless Network Can Break Your iPhone’s Wi-Fi Feature
A wireless network naming bug has been discovered in Apple’s iOS operating system that effectively disables an iPhone’s ability to connect to a Wi-Fi network.
The issue was spotted by security researcher Carl Schou, who found that the phone’s Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name «%p%s%s%s%s%n» even after rebooting the phone or changing the network’s name .
The bug could have serious implications in that bad actors could exploit the issue to plant fraudulent Wi-Fi hotspots with the name in question to break the device’s wireless networking features.
«For the exploitability, it doesn’t echo and the rest of the parameters don’t seem like to be controllable. Thus I don’t think this case is exploitable,» Zhou noted. «After all, to trigger this bug, you need to connect to that WiFi, where the SSID is visible to the victim. A phishing Wi-Fi portal page might as well be more effective».
DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps
A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. «Malware writers use stealthy mutations to continuously develop malware clones, thwarting detection by signature based detectors,» the researchers said. The findings were published in a study last week by researchers from Adana Science and Technology University, Turkey, and the National University of Science and Technology, Islamabad, Pakistan. In a test conducted using 1,771 morphed APK variants generated through DroidMorph, the researchers found that 8 out of 17 leading commercial anti-malware programs failed to detect any of the cloned applications, with an average detection rate of 51.4% for class morphing, 58.8% for method morphing, and 54.1% for body morphing observed across all programs.
The anti-malware programs that were successfully bypassed include LineSecurity, MaxSecurity, DUSecurityLabs, AntivirusPro, 360Security, SecuritySystems, GoSecurity, and LAAntivirusLab. As future work, the researchers outlined that they intend to add more obfuscations at different levels as well as enable morphing of metadata information such as permissions that are embedded in an APK file with an aim to bring down the detection rates.
5 Critical Steps to Recovering From a Ransomware Attack
Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities.
A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Venture predicts that a ransomware attack will occur every 11 seconds in 2021.
Businesses must prepare for the possibility of a ransomware attack affecting their data, services, and business continuity.
The first important step is to isolate and shut down business-critical systems. There is a chance the ransomware has not affected all accessible data and systems. Shutting down and isolating both infected systems and healthy systems helps contain malicious code.
From the first evidence of ransomware on the network, containment should be a priority.
Remediate common entry points for ransomware
As businesses look to bolster the environment against ransomware and other malicious threats, it is crucial to look at the common entry points for these types of attacks.
Prevention and next steps
Businesses must not be careless in handling password security, especially with Active Directory user accounts. Unfortunately, Active Directory does not have good native security tools for securing passwords in line with today’s password security policy requirements.
Vigilante Malware Blocks Access To The Pirate Bay & Other Torrent Sites
A new type of malware campaign has been discovered that apparently blocks access to the most popular torrent site, The Pirate Bay, and a number of other sites known for redistributing pirated content.
According to a recent report published by the cybersecurity firm SophosLabs, the malware dubbed as «vigilante» instead of stealing passwords or extorting a computer’s owner for ransom prevents victims from accessing pirated software platforms.
The files discovered by the researchers are named in formats such as «Left 4 Dead 2 » and «Minecraft 1.5.2 Cracked » to imitate the naming conventions commonly used to label pirated software.
«The files that appear to be hosted on Discord’s file sharing tend to be lone executable files. The ones distributed through Bittorrent have been packaged in a way that more closely resembles how pirated software is typically shared using that protocol: Added to a compressed file that also contains a text file and other ancillary files, as well as an old-fashioned Internet Shortcut file pointing to ThePirateBay,» added Brandt.
Most of the malware triggered Windows to elevate its privileges. When this escalation did not occur, the samples failed to modify the HOSTS file.
«Modifying the HOSTS file is a crude but effective method to prevent a computer from being able to reach a web address,» Brandt says. «It’s crude because, while it works, the malware has no persistence mechanism. Anyone can remove the entries after they’ve been added to the HOSTS file».
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT