Weekly Cybersecurity Roundup #11

“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted; none of these measures address the weakest link in the security chain.”Kevin Mitnick


Build Your Own Botnet – Web App

I made a web GUI for the BYOB (Build Your Own Botnet) project – what do you guys think?
You can check out a preview at https://buildyourownbotnet.com or get the code on GitHub at https://github.com/malwaredllc/byob.

0x00sec

BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool

In 2016, a sophisticated malware campaign targeting Pakistani nationals made headlines. Dubbed Bitter, the Advanced Persistent Threat group (also known as APT-C-08) has been active both in desktop and mobile malware campaigns for quite a long time, as their activity seems to date back to 2014.

The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions for Android (released in 2014) were based on the AndroRAT framework. Over time, they switched to a custom version that has been known as BitterRAT ever since.

BitDefender

79 Netgear router models risk full takeover due to unpatched bug

An unpatched zero-day vulnerability exists in 79 Netgear router models that allow an attacker to take full control over vulnerable devices remotely.

Discovered independently by both Adam Nichols of cybersecurity firm Grimm and d4rkn3ss from Vietnam’s VNPT ISC (through Zero Day Initiative), the vulnerability lies in the HTTPD daemon used to manage the router.

While ZDI’s report includes brief information about the vulnerability, Nichols has released a detailed explanation of the vulnerability, a PoC exploit, and scripts to find vulnerable routers.

BleepingComputer

Cognizant Confirms Data Breach After Ransomware Attack

IT services giant cognizant suffered a ransomware attack last April which cause service disruptions to its clients.

Cognizant is one of the IT giants that has more than 300,000 employees and it provides IT services, including digital, technology, consulting, and operations services.

GBHackers

Expert Insight On Massive Spying On Users Of Google’s Chrome Shows New Security Weakness

It has been reported that a newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions. Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools. Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date. Google declined to discuss how the latest spyware compared with prior campaigns, the breadth of the damage, or why it did not detect and remove the bad extensions on its own despite past promises to supervise offerings more closely. It is unclear who was behind the effort to distribute the malware. Awake said the developers supplied fake contact information when they submitted the extensions to Google.

Information Security Buzz

Shlayer Mac Malware now has advanced capabilities

Spreading via poisoned Google search results, this new version of Mac’s No. 1 threat comes with added stealth.

A fresh variant of the Shlayer Mac OSX malware with advanced stealth capabilities has been spotted in the wild, actively using poisoned Google search results in order to find its victims.

According to researchers at Intego, the malware, like many malware samples before it, is purporting to be an Adobe Flash Player installer. However, it has its own unique characteristics: It takes a crafty road to infection once it’s downloaded, all in the name of evading detection.

To start with, the masquerading “installer” is downloaded as a .DMG disk image, according to Intego’s analysis.

IT Security Guru

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage, the threat actors used Cobalt Strike’s Malleable C2 feature to download the final payload and perform C2 communications.

This attack is particularly clever for its evasion techniques. For instance, we observed an intentional delay in executing the payload from the malicious Word macro. The goal is not to compromise the victim right away, but instead to wait until they restart their machine. Additionally, by hiding shellcode within an innocuous JavaScript and loading it without touching the disk, this APT group can further thwart detection from security products.

Malwarebytes

Do cybercriminals play cyber games during quarantine?

Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. Some of these changes are definitely for the better, some are not very good, but almost all of them in some way affect digital security issues.

We decided to take a closer look at the changes around us through the prism of information security, starting with the video game industry.

SecureList

Maze Ransomware gang breached the US chipmaker MaxLinear

U.S. system-on-chip maker MaxLinear is the last victim of the Maze ransomware operators, the company revealed that the systems were infected last month, but the threat actors first compromised the company on April 15.

MaxLinear is an American hardware company that provides highly integrated radio-frequency (RF) analog and mixed-signal semiconductor solutions for broadband communications applications

The company already sent a data breach notification to the impacted individuals.

“On May 24, 2020, we discovered a security incident affecting some of our systems. We immediately took all systems offline, retained third-party cybersecurity experts to aid in our investigation, contacted law enforcement, and worked to safely restore systems in a manner that protected the security of information on our systems.” reads the data breach notification. “Our investigation to-date has identified evidence of unauthorized access to our systems from approximately April 15, 2020 until May 24, 2020. Our investigation has also identified evidence of unauthorized access to files containing personal information relating to you.”

Security Affairs

InvisiMole Hackers Target High-Profile Military and Diplomatic Entities

Cybersecurity researchers today uncovered the modus operandi of an elusive threat group that hacks into the high-profile military and diplomatic entities in Eastern Europe for espionage.

The findings are part of a collaborative analysis by cybersecurity firm ESET and the impacted firms, resulting in an extensive look into InvisiMole’s operations and the group’s tactics, tools, and procedures (TTPs).

“ESET researchers conducted an investigation of these attacks in cooperation with the affected organizations and were able to uncover the extensive, sophisticated tool-sets used for delivery, lateral movement, and execution of InvisiMole’s backdoors,” the company said in a report shared with The Hacker News.

The Hackers News

Related posts

  1. Weekly Privacy Roundup #11
  2. Weekly Tech Roundup #7
  3. Weekly Cybersecurity Roundup #6
  4. What do browsers say when they phone home?
  5. My Weekly RoundUp #128