Android spyware spreading as antivirus software in Japan
An Android-based info-stealer called FakeCop has been identified by Japanese security researchers, who warn that it is spreading rapidly. It is being distributed in phishing campaigns impersonating Japanese telecom company KDDI, and only 22 out of 62 Antivirus engines on VirusTotal have been able to detect it, showing that the threat actors behind it went to great pains to ensure it remained hidden. Its name was given to it by researchers at Cyble, because it masquerades as Anshin Security, a popular antivirus product in Japan.
Half of home workers buy potentially insecure technology
A new report from HP is showing that incidents of shadow IT have increased substantially during the pandemic, with remote workers buying devices without vetting them through their employers’ the IT department. The report is based on a global survey of 1100 IT decision-makers along with a separate poll of more than 8400 home workers in the US, the UK, Mexico, Germany, Australia, Canada, and Japan. The data showed that “45% said they’d bought IT equipment such as printers or PCs to support home working over the past year. However, 68% said security wasn’t as big a consideration as other factors like price or functionality when purchasing, and 43% didn’t have their new laptop or PC checked or installed by IT.” The report also says 70% of home workers who had clicked on malicious phishing emails said they didn’t report it to IT.
EU investigating leak of private key used to forge Covid passes
As reported in BleepingComputer, “the Digital Covid certificate, or the “Green Pass” helps European Union residents travel across borders seamlessly by proving that they have either been vaccinated against COVID-19, received a negative test result, or have successfully recovered from COVID-19.” Users are now reporting seeing the private key for EU Digital Covid certificates circulating on messaging apps like Telegram. The key has also been misused to generate forged certificates, including for Adolf Hitler, Mickey Mouse, and SpongeBob Squarepants —all of which are being recognized as valid by the official government apps.
North Korea’s Lazarus Group targets IT supply chains with MATA malware
This latest malware campaign represents the group’s growing interest in leveraging trusted IT supply chain vendors as a gateway to corporate networks. The attackers obtained access to a South Korean security software vendor’s network to exploit the corporate software and a Latvia-based IT asset-monitoring product vendor by deploying Blindingcan and Copperhedge backdoors, which CISA had already issued security alerts about. The MATA malware discovered in this campaign has evolved compared to previous versions and uses a legitimate, stolen certificate to sign some of its components.
Thanks to our episode sponsor, Banyan Security
Replace your traditional network access boxes – VPNs, bastion hosts, and gateways – with a cloud-based zero trust remote access solution and enable a safe and reliable “work from anywhere” environment. Visit banyansecurity.io for more information.
Russian-speaking ransomware gang says it hacked the National Rifle Association
According to Cyberscoop, a ransomware group known as Grief “claimed on Wednesday to have hacked the National Rifle Association, releasing 13 documents allegedly belonging to the organization and threatening to release more if it doesn’t pay an extortion fee of an undisclosed sum.” CyberScoop has not independently verified the documents, and the NRA has declined to comment. Multiple researchers have said that Grief is affiliated with the Russian ransomware group Evil Corp, which could potentially put the NRA at risk of violating U.S. sanctions if it pays the attackers after the Treasury Department sanctioned that gang in 2019.
Apple patches critical iOS bugs; one under attack
On Monday and Tuesday, Apple released updates to iOS, iPadOS, watchOS, and tvOS, patching 24 CVEs in total. In one case – a memory-corruption issue in IOMobileFrameBuffer, an iOS 15.0.2 vulnerability, is exploitable from the browser, making it “perfect for one-click & waterholing mobile attacks,” according to mobile security firm ZecOps.
Nearly all US executives have experienced a cybersecurity threat, but some say there’s still no plan
On Tuesday, Deloitte published the results of a survey conducted between June 6 and August 24, 2021, which presents responses from 577 C-suite executives worldwide (159 in the US). The results revealed insight from those in CEO, CISO, and other leadership roles and suggests that 98% of US executives have come across at least one cybersecurity event over the past year. The research suggests that “the common consequences experienced by today’s firms after an incident include disruption, a drop in share value, intellectual property theft, damage to reputation that prompts a loss in customer trust, and a change in leadership roles”. Of interest in the report is that rather than malware, phishing, or data breaches being a top concern, 27% of executives said they were most worried about the actions of “well-meaning” employees who may inadvertently create avenues for attackers to exploit.
(ZDNet)
Warehouse belonging to Chinese payment terminal manufacturer raided by FBI
US federal agents have been observed raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida. There are suspicions that the the machines contained preinstalled malware. According to The Register, “PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world. It operates around 60 million point-of-sale (PoS) payment terminals in more than 120 countries.” The PAX terminals were allegedly “being used to house or run malware and act as command-and-control points for staging attacks on other networks and for collecting information.”
Coronal mass ejection forecast for this weekend
And now turning to the weather, SpaceWeatherLive is reporting a significant coronal mass ejection coming from the sun, which might lead to a significant geomagnetic storm activity this weekend. Geomagnetic storms carry the potential to disrupt radio transmissions and cause damage to satellites, electrical transmission line facilities, and digital technologies, and could result in potentially massive and long-lasting power outages.