Another unpatched PrintNightmare zero-day
On Wednesday, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution (RCE) vulnerability in the Windows Print Spooler. The zero-day bug, tracked as CVE-2021-36958, is rated as a 7.3 on the severity scale which classifies it as “important.” On Thursday, CERT/CC explained the issue arises from an oversight in signature requirements around the “Point and Print” capability, which allows non-privileged users to install printer drivers that execute with SYSTEM privileges.
PrintNightmare vulnerability weaponized by ransomware gang
According to a report published by security firm CrowdStrike on Thursday, operators of the Magniber ransomware have weaponized the infamous PrintNightmare vulnerability to attack Windows systems. While roughly 10 different vulnerabilities in the Windows Print Spooler service are collectively referred to as PrintNightmare, CrowdStrike said the attackers are exploiting a remote code execution vuln, tagged as CVE-2021-34527, which is one of the two original PrintNightmare bugs. Magniber ransomware has exclusively been active only in South Korea, where these attacks appear to be limited for now.
Notorious darknet market comes back to life
The AlphaBay darkweb market has resurfaced after an administrator of the original project relaunched it over the weekend. AlphaBay started in 2014 and became the largest darknet market before being shut down by law enforcement in July, 2017. One AlphaBay administrator was arrested in Thailand, while a second administrator named DeSnake was never captured by police. DeSnake announced on a dark web forum that the AlphaBay is now open for business and claims the platform is built to last with secure audited code, hardened servers, and safeguards against disruptions caused by hardware failure, police raids, or seizures. A list of items prohibited from sale on AlphaBay includes firearms, ransomware, pornography, doxing, and Covid-19 vaccinations. DeSnake also announced long-term plans for creating a platform allowing anyone to set up a darknet markets with a strong focus on anonymity.
Trend Micro confirms zero-day vulnerability attacks
Security vendor Trend Micro has issued a warning for in-the-wild zero-day attacks affecting customers using its Apex One and Apex One as a Service products. The vulnerabilities were documented within Trend Micro’s security bulletin on July 28, and the company indicated they have contacted the small number of impacted customers. Trend Micro urges all customers to install patches which the company indicates fix multiple privilege-related vulnerabilities which allow privilege escalation, authentication bypass, and arbitrary file upload.
Thanks to our episode sponsor, Sotero
AdLoad malware 2021 samples glide past Apple XProtect
A wave of new attacks use at least 150 updated samples of the well-known AdLoad adware, many of which are not recognized by Apple’s built-in malware detector, XProtect. AdLoad is essentially a trojan that opens a backdoor on the victim’s system in order to download and install adware or other unwanted programs. In some cases, the malware has been observed hijacking search engine results and injecting advertisements into web pages. Phil Stokes, researcher at SentinelOne, said, “The fact that hundreds of unique samples of a well-known adware variant have been circulating for at least 10 months and yet still remain undetected by Apple’s built-in malware scanner demonstrates the necessity of adding further endpoint security controls to Mac devices.” Stokes added that the malware does have a high detection rate in VirusTotal.
New ‘Allstar’ app enforces security best practices for GitHub projects
On Wednesday, the Open Source Security Foundation (OpenSSF) announced a new GitHub app, named Allstar, that can be used to automatically and continuously enforce security best practices for GitHub projects. Allstar was developed by Google and released through OpenSSF, of which the tech giant is a founding member. Allstar continuously checks GitHub API states and file contents against defined security policies such as the presence of branch protection, cryptographic signing of release artifacts, or code review requirements. If they don’t match, the application applies user-defined enforcement actions ranging from logging the issues to automatically correcting them, eliminating the need for manual interaction.
TikTok details upcoming protections for minors
On Thursday, TikTok announced plans to roll out increased protections on its platform aiming to make the app more private, safer and less addictive for teens, which follows similar moves by other tech companies including Google, YouTube, and Instagram. TikTok’s planned changes target users between the ages of 13 and 17 and include a default setting for Direct Message to “No One”, prompts to choose who can view and download videos, restricting users under age 16 from allowing their videos to be viewed by “Everyone”, and limiting push notifications past 9 pm users aged 13 to 15, and 10 pm for 16 to 17-year-old users. But not to worry, the notifications resume the following morning at 8 AM.
Apple releases massive mystery bug fix update for Macs
macOS Big Sur 11.5.2 is out, and it’s a huge update… but we have no idea what it fixes. Clocking in at over 2.5GB, Apple describes Big Sur 11.5.2 as “bug fixes for your Mac.” According to Apple, the update does not have any published CVE entries, which means that unless you’re being plagued by some bug or other fix you’re awaiting on, you could hold off updating for a while as long as you’re up to date on Big Sur 11.5.1, which contained some pretty important security updates.
(ZDNet)