Palo Alto Networks error exposed customer support cases, attachments
BleepingComputer is warning of a bug in the support dashboard of Palo Alto Networks (PAN) which has allegedly exposed “thousands of customer support tickets to an unauthorized individual.” The exposed tickets contained basic PII along with conversations between Palo Alto Networks staff members and the customer. BleepingComputer adds some support tickets “contained attachments—like firewall logs, configuration dumps, and other debugging assets.” Palo Alto Networks fixed the issue about eight days after it was reported.
New AcidRain data wiper malware targets modems and routers
This malware has been loosely linked to the cyberattack that targeted the KA-SAT satellite broadband service on February 24, affecting thousands in Ukraine and tens of thousands across Europe. It is designed to brute-force device file names and wipe every file it can find, making it easy to redeploy in future attacks. Once deployed, it goes through the compromised router or modem’s entire filesystem. It also wipes flash memory, SD/MMC cards, and any virtual block devices it can find, using all possible device identifiers then rebooting the device, rendering it unusable.
Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk
This development has “sparked fears that it could have a widespread impact across enterprise environments, since Spring is one of the most popular open-source frameworks for developing Java applications.” The flaw known as SpringShell or Spring4Shell, is tracked as CVE-2022-22965 and is rated critical. The Spring developers confirmed that its impact is remote code execution (RCE), which is the most severe impact a vulnerability could have. “A Chinese developer released a proof-of-concept (PoC) exploit on GitHub and then removed it, prompting widespread speculation about the unpatched flaw, its causes and potential impact.” The naming convention cause some early confusion between this vulnerability and a different one that was patched Tuesday in Spring Cloud, a microservices library differs from the core Spring Framework. This is a developing story.
FBI arrests 65 in BEC scams that took $51M from US businesses
“Operation Eagle Sweep” led to 12 arrests in Nigeria, eight in South Africa, two in Canada and one in Cambodia. Since BEC scams often rely on “money mules,” who help fraudsters move stolen funds, the FBI arrested eight individuals in Houston on charges of laundering almost $900,000 in proceeds from victim businesses over a period of two years, as part of Eagle Sweep. This operation began in September 2021 and took place over three months.
Thanks to our episode sponsor, Varonis
QNAP customers adrift, waiting on fix for OpenSSL bug
In addition to the Deadbolt ransomware that we told you about last week, QNAP is now also dealing with an OpenSSL bug that it has not got a fix for. The bug affects most of its network-attached storage (NAS) devices and can trigger an infinite loop that creates a denial-of-service (DoS) scenario. Though the bug – tracked as CVE-2022-0778 with a CVSS rating of 7.5 – has been patched by OpenSSL, QNAP hasn’t gotten around to applying a fix yet.The company is telling customers that “there is no mitigation available” and they “must check back and install security updates as soon as they become available.”
Meet BlackGuard: a new infostealer peddled on Russian hacker forums
zScaler says that the new malware strain is “sophisticated” and has been made available to criminal buyers for a monthly price of $200. According to the cybersecurity researchers, BlackGuard can steal information, including saved browser credentials and history, email client data, FTP accounts, autofill content, conversations in messenger software, cryptocurrency credentials, and other account information. Messengers targeted include Telegram, Signal, Element, and Discord. When it comes to cryptocurrency theft, the malware will target files such as wallet.dat that may contain wallet addresses and private keys. BlackGuard may also go after Chrome and Edge cryptocurrency wallet browser extensions. The malware will exit if the OS appears to be located in a CIS country, such as Russia, Belarus, or Azerbaijan.
(ZDNet)
Windows 11 growth at a standstill amid stringent hardware requirements
Microsoft’s flagship operating system, Windows 11, seems to not be dominating the market as much as was hoped, according to data from AdDuplex. Windows 10 continues to dominate, suggesting that either users are not upgrading or Microsoft’s hardware compatibility requirements causing too many headaches. “Windows 11 only managed to grow its share of the systems surveyed by AdDuplex by a paltry 19.3 to 19.4 percent. Its Windows 10 equivalent, 21H2, continued to comfortably romp ahead, increasing from 21 percent at the end of February to 28.5 percent in March. In fact, well over half of the survey were still running 2021’s Windows 10.”