Palo Alto Networks error exposed customer support cases, attachments
A bug in the support dashboard of Palo Alto Networks (PAN) exposed thousands of customer support tickets to an unauthorized individual, BleepingComputer has learned. The exposed information included, names and (business) contact information of the person creating support tickets, and conversations between Palo Alto Networks staff members and the customer. Evidence shared with BleepingComputer indicates some support tickets contained attachments—like firewall logs, configuration dumps, and other debugging assets. Palo Alto Networks says it has fixed the issue—about eight days after it was reported.
New AcidRain data wiper malware targets modems and routers
This malware has been loosely linked to the cyberattack that targeted the KA-SAT satellite broadband service on February 24, affecting thousands in Ukraine and tens of thousands across Europe. It is designed to brute-force device file names and wipe every file it can find, making it easy to redeploy in future attacks. Once deployed, it goes through the compromised router or modem’s entire filesystem. It also wipes flash memory, SD/MMC cards, and any virtual block devices it can find, using all possible device identifiers then rebooting the device, rendering it unusable.
Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk
This development has sparked fears that it could have a widespread impact across enterprise environments, since Spring is one of the most popular open-source frameworks for developing Java applications. The flaw, which has since been dubbed SpringShell or Spring4Shell, is tracked as CVE-2022-22965 and is rated critical. The Spring developers confirmed that its impact is remote code execution (RCE), which is the most severe impact a vulnerability could have. A Chinese developer released a proof-of-concept (PoC) exploit on GitHub and then removed it, prompting widespread speculation about the unpatched flaw, its causes and potential impact. There was also some early confusion between this vulnerability and a different one patched Tuesday in Spring Cloud, a microservices library that’s different from the core Spring Framework. This will be a developing story.
FBI arrests 65 in BEC scams that took $51M from US businesses
“Operation Eagle Sweep” also led to 12 arrests in Nigeria, eight in South Africa, two in Canada and one in Cambodia. BEC scams are often reliant on the work of “money mules,” who help fraudsters move stolen funds. As a part of Operation Eagle Sweep, for instance, the FBI arrested eight individuals in Houston on charges of laundering almost $900,000 in proceeds from victim businesses over a period of two years. The FBI operation began in September 2021 and took place over three months.
Thanks to our episode sponsor, Varonis
Apple and Meta leak user data to hackers posing as police
Bloomberg reports that the tech giants fell prey to a phishing operation that tricked employees into handing over customer data to cybercriminals posing as law enforcement. In 2021, the hackers sent fake “emergency data requests” to the companies demanding customer info including street addresses, IP addresses, and phone numbers. The messages included forged signatures of police officers. Sources say the perpetrators are believed to be affiliated with “Recursion Team,” a now-defunct hacking group that is said to have spawned members of the infamous Lapsus$ ransomware gang. Allison Nixon, chief research officer at cyber firm Unit 221B, commented, “In every instance where these companies messed up, at the core of it there was a person trying to do the right thing.”
QNAP customers adrift, waiting on fix for OpenSSL bug
In addition to the Deadbolt ransomware that we told you about last week, QNAP is now also dealing with an OpenSSL bug that it has not got a fix for. The bug affects most of its network-attached storage (NAS) devices and can trigger an infinite loop that creates a denial-of-service (DoS) scenario. Though the bug – tracked as CVE-2022-0778 with a CVSS rating of 7.5 – has been patched by OpenSSL, QNAP hasn’t gotten around to applying a fix yet.The company is telling customers that “there is no mitigation available” and they “must check back and install security updates as soon as they become available.”
Meet BlackGuard: a new infostealer peddled on Russian hacker forums
zScaler says that the new malware strain is “sophisticated” and has been made available to criminal buyers for a monthly price of $200. According to the cybersecurity researchers, BlackGuard can steal information, including saved browser credentials and history, email client data, FTP accounts, autofill content, conversations in messenger software, cryptocurrency credentials, and other account information. Messengers targeted include Telegram, Signal, Element, and Discord. When it comes to cryptocurrency theft, the malware will target files such as wallet.dat that may contain wallet addresses and private keys. BlackGuard may also go after Chrome and Edge cryptocurrency wallet browser extensions. The malware will exit if the OS appears to be located in a CIS country, such as Russia, Belarus, or Azerbaijan.
(ZDNet)
Windows 11 growth at a standstill amid stringent hardware requirements
The growth of Microsoft’s flagship operating system, Windows 11, appears to be slowing if figures from AdDuplex are to be believed. Instead, Windows 10 continues to dominate, an indicator that either users are not upgrading or – and this is probably more likely – Microsoft’s stringent hardware compatibility requirements are keeping the operating system off users’ PCs. After a relatively healthy start to the year, Windows 11 only managed to grow its share of the systems surveyed by AdDuplex by a paltry 19.3 to 19.4 percent. Its Windows 10 equivalent, 21H2, continued to comfortably romp ahead, increasing from 21 percent at the end of February to 28.5 percent in March. In fact, well over half of the survey were still running 2021’s Windows 10.