Cyber Security News — Past 24 hours | 27.04.2021

Apple has been targeted in a $50 million ransomware attack following the theft of a sizeable amount of schematics related to manufacturing and engineering of current and future products from Quanta, a Taiwan-based company that serves as one of Apple’s suppliers for MacBooks and other products. The ransomware gang posted a message on the dark web portal claiming to have stolen the blueprints of various Apple gadgets. Almost every page of the schematics included the phrase, «This is the property of Apple and it must be returned» confirming the documents were legitimate. The leak also included manufacturing diagrams for Apple’s 2021 M1 MacBook Air as well as of an unreleased laptop.

REvil is now trying to get Apple itself to pay up by May 1st. The group plans to leak more schematics and images of Apple’s future potential products every day on the dark web until the ransom is paid by Apple or Quanta. «We recommend that Apple buy back the available data by May 1».

source —

Following a cyberattack on the corporate password manager Passwordstate, Click Studios, an Australian software house, has advised consumers to reset passwords across their organizations. According to an email sent to consumers by Click Studios, attackers had «compromised» the password manager’s software upgrade function in order to extract user passwords.
In an advisory, ClickStudios detailed the assault.
The company said, «Initial analysis indicates that a bad actor using sophisticated techniques compromised the In-Place Upgrade functionality. The initial compromise was made to the upgrade director located on Click Studios website The upgrade director points the In-Place Upgrade to the appropriate version of software located on the Content Distribution Network. The compromise existed for approximately 28 hours before it was closed down. Only customers that performed In-Place Upgrades between the times stated above are believed to be affected. Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested».
The attacker’s servers were also taken down on April 22, according to the company. However, if the attackers are able to reactivate their infrastructure, Passwordstate users can be at risk.
Employees can exchange passwords and other personal information through their company’s network computers, such as firewalls and VPNs, shared email addresses, internal directories, and social media accounts, using enterprise password managers. According to Click Studios, Passwordstate is used by «more than 29,000 customers,» including Fortune 500 companies, federal agencies, banks, military and aerospace companies, and businesses in most sectors.

source —

Flubot can Spy on Phones and can Gather Online Banking Details

Experts cautioned that a text message scam infecting Android phones is expanding across the UK. The message, which appears to be from a parcel delivery company and instructs users to download a tracking program, is actually a malicious piece of spyware. Flubot can seize over smartphones and spy on phones in order to collect sensitive data, such as online banking information. Flubot is distributed by cybercriminals through SMS messages that include links to download websites for a bogus FedEx program . These websites download a malicious APK file that installs the banking malware Flubot.
«We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it’s something that needs awareness to stop the spread,» a spokesman said. «If users have clicked a malicious link it’s important not to panic — there are actionable steps they can take to protect their devices and their accounts,» the NCSC said in a statement. The ransomware may also send further text messages to the contacts of an infected person, aiding its propagation.
«The seriousness of these malicious text messages is underlined by Vodafone making the decision to alert its customers,» said Ben Wood, chief analyst at CCS Insight.

source —

VPN Hacks Are a Slow-Motion Disaster Link

Security firm FireEye this week revealed that it had found a dozen malware families, spread across multiple hacking groups, feasting on vulnerabilities in Pulse Secure VPN. Since the whole point of a VPN is to create a secure connection to a network, worming into one can save hackers a lot of hassle. «Once hackers have those credentials, they don’t need to use spearphishing emails, they don’t need to bring in custom malware,» says Sarah Jones, senior principal analyst at FireEye. «The new issue, discovered this month, impacted a very limited number of customers,» said Pulse Secure parent company Ivanti in a statement.

Some of the intrusions FireEye spotted, in fact, appear related to vulnerabilities that had been reported as far back as 2019. That same year, a Pulse Secure VPN flaw offered an inroad for a ransomware group to hold up Travelex, a travel insurance company, for millions of dollars. VPNs used to typically rely on a set of protocols known as Internet Protocol Security, or IPsec. While IPsec-based VPNs are considered secure and reliable, they can also be complicated and clunky for users.

In recent years, as remote work expanded then exploded, more and more VPNs have been built instead on ubiquitous encryption technologies known as single sockets layer and transport layer security. «That was a big step for convenience,» says Vijay Sarvepalli, a senior security solutions architect with the CERT Coordination Center at Carnegie Mellon University. CERT helps catalog vulnerabilities and coordinate their public disclosure. Software of all stripes have vulnerabilities, but because VPNs by definition act as a conduit for information that’s intended to be private, their bugs have serious implications.

«It makes it harder to monitor when you have a lot more events going on,» says Sarvepalli. To the extent that there’s a silver lining here, it’s that the hackers behind the latest set of Pulse Secure-related intrusions are incredibly sophisticated. «It’s rather specific in the knowledge you need to exploit it,» say Stephen Eckels, a reverse engineer at FireEye. «For us to understand what their malware was doing, we had to be in contact with the authors of the code from Pulse Secure. »

Hackers will eventually reverse engineer this one after the patch comes out. And corporations continue not to address the exposure to their networks, despite frantic warnings from the security community. «There’s a lot to be done still,» says Sarvepalli of the work required to shore up VPNs.

source —

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Commiunity @ SLIIT



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store