Israel carries out cyberattack on Iran nuclear facility
Israel appears to have confirmed claims that it was behind a cyber-attack on Iran’s main nuclear facility, the Natanz reactor yesterday, which Tehran’s nuclear energy chief described as an act of terrorism. Israel imposed no censorship restrictions on coverage as it had often done after similar previous incidents and the apparent attack was widely covered by Israeli media. Public radio took the unusual step of claiming that the Mossad intelligence agency had played a central role. Natanz was the location of the infamous CIA-and-Mossad Stuxnet virus attack in 2010 that caused widespread disruption and delayed Iran’s nuclear program for several years, and is part on an ongoing series of recent strikes and counterstrikes between Israel and Iran.
Joker malware infects over 500,000 Huawei Android devices
A report from antivirus maker Doctor Web identifies that the malicious apps, downloaded from the Android Store, were all functional, in that the apps performed as advertised, but they also downloaded components that subscribed users to premium mobile services. The infected apps requested access to notifications, which allowed them to intercept confirmation codes delivered over SMS by the subscription service. The malicious applications included virtual keyboards, a camera app, a launcher, an online messenger, a sticker collection, coloring programs, and a game.
Critical cloud bug in VMWare Carbon Black allows takeover
The bug (CVE-2021-21982) ranks 9.1 out of 10 on the CVSS vulnerability-severity scale and would allow privilege escalation and the ability to take over the administrative rights for the solution. The issue in the appliance stems from incorrect URL handling, according to VMware’s advisory issued last week. CISA in a concurrent alert on the bug, said, “A remote attacker could exploit this vulnerability to take control of an affected system.” Companies are urged to update to the latest version, version 1.0.2, of the VMware Carbon Black Cloud Workload appliance, which contains a fix. VMware also recommends users should also limit access to the local administrative interface of the appliance to only those that need it.
Vyveva: a new backdoor from Lazarus
The malware was discovered by researchers at ESET on two servers belonging to a South African freight logistics company. It has been in use since 2018, although its delivery mechanism is still unknown. Spelled Vyveva, the backdoor features capabilities for file exfiltration, timestomping (the act of fraudulently modifying timestamps on files), gathering information about the victim computer and its drives, and other common backdoor functionality such as running arbitrary code specified by the malware’s operators. This indicates that the intent of the operation is most likely espionage.” ESET attributes the backdoor to Lazarus since it shares multiple code similarities with older Lazarus samples, as well as using fake TLS in network communication, command line execution chains, its method of encryption, and its use of Tor services.
Thanks to our episode sponsor, Sonatype
LifeLabs launches vulnerability disclosure program
Canada’s leading provider of laboratory diagnostic information and digital health connectivity systems, announced on Saturday the launch of a new Vulnerability Disclosure Program (VDP). This follows a 2019 cyber-attack, breach, and subsequent class action lawsuit on behalf of the 15 million customers who were affected. The new VDP program created in conjunction with crowdsourced cybersecurity platform Bugcrowd, is intended to strengthen cybercrime detection technology across its online tools, apps, and solutions.
Personal data of 1.3 million Clubhouse users reportedly leaked online
The data was leaked to a popular hacker forum, according to a Saturday report from Cyber News. The leaked data of the invite-only chat app includes names, social media profiles, and other details. Although this type of data seems innocuous compared to addresses or social security numbers, researchers stress that the data can be used in phishing and social engineering scams. Clubhouse has since responded by saying they have not experienced a breach of their systems and said that the data is already publicly available and that it can be accessed via their API.
LinkedIn responds to scrape story
LinkedIn has responded to media stories about a possible breach of its user data. Jake Perez, Editor at LinkedIn News, said in a statement posted on its blog, that “the data involved is an aggregation from a number of websites and companies that includes publicly viewable information”. LinkedIn says there was no data breach and, based on the company’s review, “no private member account data” was included.
(LinkedIn)
Hackers hacked as underground carding site breached
Thousands of cyber-criminals have had their personal data leaked online after the popular carding forum Swarmshop was hacked for a second time, according to Singapore-based security firm Group-IB. A database containing over 12,000 records of card shop admins, sellers and buyers including their nicknames, hashed passwords, contact details, history of activity and current balance, was leaked to another forum. In addition the database exposed all compromised data traded on the website, including victims’ payment card records, banking account credentials; and US Social Security numbers and Canadian Social Insurance numbers. It is unclear whether the two breaches were connected. Revenge is believed to be the motive in both cases.