New Borat remote access malware is no laughing matter
This new remote access trojan named after the comedic character provides featured to allow for DDoS attacks, UAC bypass, and deployment of ransomware. Threat actors will be able to to take complete control of a victim’s mouse and keyboard, and access their files, while hiding all evidence of their presence. Researchers at Cyble, who have seen Borat in the wild, have tested the malware and have made a technical study of its functionality. According to BleepingComputer, “it is unclear if the Borat RAT is sold or freely shared among cybercriminals, but Cycle says it comes in the form of a package that includes a builder, the malware’s modules, and a server certificate.”
Apple rushes out patches for zero-days in MacOS, iOS
Last Thursday, Apple pushed out patches for two zero-days that impact macOS and iOS. These zero-day exploits are likely being actively exploited with the potential for threat actors to disrupt or access kernel activity. The two bugs each have separate patches. They are being tracked as CVE-2022-22675 and CVE-2022-22674. An anonymous researcher is being credited with the discovery and the alert.
National Security Agency employee indicted for ‘leaking top secret info’
The Department of Justice (DoJ) is accusing an NSA employee of “sharing top-secret national security information with an unnamed person who worked in the private sector.” The DOJ’s announcement and indictment, name the NSA staffer as Mark Unkenholz. He “held a top secret and Sensitive Compartmented Information (SCI) clearance and had “lawful access to classified information relating to the national defense.” The indictment alleges that between 2018 and 2020, Unkenholz used his personal email address to share classified information with another person who did not have clearance to observe it.
Trezor wallets hacked? Don’t be duped by phishing attack email
Owners of hardware cryptocurrency wallets made by Trezor should take note that an email was sent out by bad actors looking to trick dupe them into downloading malware to their devices. The emails claim that Trezor, which has been making physical USB-connected devices to protect the cryptocurrency and tokens of users since 2014, “experienced a security incident” yesterday that breached the data of 106.856 of its customers.
Thanks to our episode sponsor, Code42
Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme.
China-linked APT Deep Panda employs new Fire Chili Windows rootkit against VMware servers
Researchers from Fortinet have observed the Chinese APT group Deep Panda exploiting a Log4Shell exploit to compromise VMware Horizon servers and deploy previously undetected Fire Chili rootkit. The experts observed opportunistic attacks against organizations in several countries and various sectors. The targeted organizations operate in the financial, academic, cosmetics, and travel industries. The kernel rootkit employed by the threat actors is signed with a stolen digital certificate, which is the same certificate used by the Winnti cyberespionage group. The group “Deep Panda” is a well-known APT that during the past years has targeted defense, financial and other industries in the US. The group employed many zero-day exploits to spread different malware, including the popular Poison Ivy.
Upstart crime site woos Raid Forums orphans
There is a new crime site for hackers in town, intended as an alternative to Raid Forums, which had been popular until before it was mysteriously taken down in February. It had been one of the most popular online crime forums, famous for high-profile database leaks. The new site, Breach Forums, was launched by “pompompurin,” according to a blog post from threat intelligence company Flashpoint posted this week, as well as by pompompurin himself who describes the new hacker community as alternative to Raid Forums.
(CSOOnline and PrivacyAffairs)
Companies going to greater lengths to hire cybersecurity staff
According to an article in Dark Reading, employers are actively seeking to fill cybersecurity positions. “The number of available cybersecurity jobs coupled with accelerated attrition due to the Great Resignation has led to companies offering ridiculously high salaries, a bevy of benefits, and free training and certifications to woo candidates.” Regardless, the pool of available candidates appears limited. “The No. 1 thing anyone interested in cybersecurity careers should do is apply,” says Justine Fox, principal product manager, technical, at NuData Security, a Mastercard company. “There is no faster way to learn the role’s required skills than in the role. Whether you are self-taught or formally educated, I encourage folks to apply.” Mitch Ashley, principal at Techstrong Research, suggests cyber leaders must “widen the net” to bring in “talents beyond only traditional cybersecurity domains,” he adds, and managers “must think more like software leaders and less like network engineers.”
Cyberattackers target UPS backup power devices in mission-critical environments
The uninterruptible power supply (UPS) provides battery backup power during power surges and outages and are often found in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment. CISA and the Department of Energy, warned that threat actors are going after internet-connected versions of UPS via default usernames and passwords, as well as vulnerabilities like the TLStorm bugs disclosed earlier this month.