Wednesday, October 27, 2021

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure

Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.

Lazarus Attackers Turn to the IT Supply Chain

Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.

Why the Next-Generation of Application Security Is Needed

New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.

Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware

Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.”

Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users

The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.

Defending Assets You Don’t Know About Against Cyberattacks

No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.

Groove Calls for Cyberattacks on US as REvil Payback

The bold move signals a looming clash between Russian ransomware groups and the U.S.

BillQuick Billing App Rigged to Inflict Ransomware

A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.

BQE Web Suite Billing App Rigged to Inflict Ransomware

An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware.

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks

The Nobelium group, linked to Russia's spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers - and it's working.

CISA Urges Sites to Patch Critical RCE in Discourse

The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure 'pen-testing' company.

REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say

A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.

Cisco SD-WAN Security Bug Allows Root Code Execution

The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.

Threat Actors Abuse Discord to Push Malware

The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs--across its network of 150 million users, putting corporate workplaces at risk.

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said.

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.

Gigabyte Allegedly Hit by AvosLocker Ransomware

If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.
The Register

China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks

FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.…
SecurityWeek

150 People Arrested in US-Europe Darknet Drug Probe

Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday. read more

Free Tool Helps Security Teams Measure Their API Attack Surface

Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

North Korea's Lazarus Group Turns to Supply Chain Attacks

State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.