DirtyMoe is a rapidly growing Windows botnet
Researchers from Avast are warning of the rapid growth of the DirtyMoe botnet (PurpleFox, Perkiler, and NuggetPhantom), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The operations behind the botnet changed rapidly since the end of 2020, when the malware authors added a worm module that could increase its activity by spreading across the internet to other Windows systems. Most of the hits are in Russia (65k), followed by Ukraine, Vietnam and Brazil. Experts pointed out that the number of infected systems could be far greater because data provided by AVAST are only related to systems running their antivirus solution.
Majority of web apps in 11 industries are vulnerable all the time
Two-thirds of the applications deployed by the utility sector and 63% of those deployed by public administration organizations have a serious vulnerability undermining security every day of the year, according to a report published by WhiteHat Security yesterday. The top three industries on the list — utilities, public administration, and professional services take at least 288 days on average to fix vulnerabilities. The slow patching cadence happens because, in many cases, there is a long tail of legacy applications that do not have an active development team working on them, says Setu Kulkarni, vice president of strategy at WhiteHat Security.
Lexmark printers open to arbitrary code-execution Zero-Day
According to an advisory filed by researcher Julio Aviña on the IBM X-Force Exchange, Lexmark printers have an unpatched vulnerability that could lead to serious, easy-to-execute attacks that require neither privileges nor user interaction and which can lead to remote code execution. The vulnerability’s CVSS 3.0 base score is high, at 8.4. Fortunately, it doesn’t appear to have been exploited yet: The report lists the bug’s exploitability as “unproven.”
Peloton Tread owners now forced into monthly subscription after recall
Peloton has now introduced a $39.99 monthly subscription fee for its high-end treadmill product line called Tread+, leaving many customers surprised and angered, given its $3,000 retail price. The company has cited “safety and well-being” as a reason for the fee, and is withholding access to its “Just Run” service to only customers who get the subscription. Peloton is dealing with a security vulnerability that could expose gym users to a wide variety of cyberattacks, from credential theft to surreptitious video recordings, as well as a design issue that allegedly led to a child’s death. Peloton representatives say the monthly fee helps them deliver and maintain Tread Lock, a four-digit passcode to secure Tread+ against unauthorized access.
Thanks to our episode sponsor, RevCult
Process Ghosting: A new executable image tampering technique
Security researchers from Elastic Security disclosed a new image tampering attack, dubbed Process Ghosting, being used by remote hackers to deploy malware on Windows systems. Process Ghosting is a new kind of executable image altering technique that leverages veiled malicious codes to escape anti-malware defenses and detection. In a proof-of-concept (PoC) demo video, the researchers detailed how Windows Defender initially tries to open the payload executable to scan it but kept failing because the file was in the delete-pending state. Later attempts to open it also failed because the file had already been deleted. The payload (ghost.exe) was executed without issue.
(CISOMag)
Wegmans discloses data breach
The supermarket chain announced in a press release that two of its internal databases were open to outside access due to an undetected configuration issue, according to Security Magazine. The incident was first reported around April 19, 2021, and the leaked data includes customer phone numbers, names, addresses, shopper club numbers, birth dates, and email addresses along with passwords to access accounts on their website. Wegmans assures that all passwords were securely stored in a hashed and salted form and were not recorded in the databases. Moreover, critical data such as social security numbers, credit cards, or banking information, was not stolen as the company does not collect this type of information.
Six Flags to pay $36m over collection of fingerprints
The theme park operator has agreed to settle a class-action lawsuit over its acquisition of the fingerprint data of visitors to its theme parks. The Illinois Supreme Court ruled in a recent case that collecting biometric data at premises’ gates by scanning fingerprints of people who enter the company’s theme park violates Illinois Biometric Information Privacy Act (BIPA). The court’s decision sets a precedent for how the BIPA can be used legally in the future, clearly setting limits on companies’ collection of biometric data and seeming to side in favor of private citizens’ rights.
Wormable DarkRadiation ransomware targets Linux and Docker instances
Cybersecurity researchers at Trend Micro have disclosed this new ransomware strain, called “DarkRadiation” that’s implemented entirely in Bash and targets Linux and Docker cloud containers, while using messaging service Telegram for command-and-control (C2) communications. The infection chain involves a multi-stage attack process. The ransomware appends radioactive symbols (‘.☢’) as a file extension for an encrypted file. There’s no information available on the delivery methods or evidence that the ransomware has been deployed in real-world attacks.