CyberSecurity Updates

21 Oct

Dangerous hole in Apache Commons Text – like Log4Shell all over again

Information

by Paul Ducklin Java programmers love string interpolation features. If you’re not a coder, you’re probably confused by the word “interpolation” here, because it’s been borrowed as programming jargon where it’s not a very good linguistic fit… …but the idea is simple, very powerful, and sometimes spectacularly dangerous. In other programming ecosystems it’s often known simply as string substitution, where string is shorthand for a bunch of characters, usually meant for displaying or printing out,…

Read More
21 Oct

When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)

Information

by Paul Ducklin Sadly, we’ve needed to cover the DEADBOLT ransomware several times before on Naked Security. For almost two years already, this niche player in the ransomware cybercrime scene has been preying mainly on home users and small businesses in a very different way from most contemporary ransomware attacks: If you were involved in cybersecurity about ten years ago, when ransomware first started to become a massive money-spinner for the cyberunderworld, you will remember…

Read More
21 Oct

Incident Of The Week UPDATE: Hy-Vee Details Investigation Into 2019 Payment Card…

Malware

Midwestern U.S. retailer Hy-Vee disclosed investigation findings this week from a data breach announced in mid-August impacting millions of customers utilizing its food and service point-of-sale (PoS) transaction machines. The investigation identified the operation of malware designed to access payment card data from cards used on PoS devices at certain Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (which include the company’s Hy-Vee Market Grilles, Hy-Vee Market Grille Expresses and the Wahlburgers locations that Hy-Vee…

Read More
21 Oct

Incident Of The Week: Wawa, Champagne French Bakery Café And Islands Restaurants…

Malware

A trio of retailers disclosed payment card incidents this week resulting in data breaches. Bad actors are infecting point-of-sale (POS) terminals with malware. The malware captures payment card information before it enters the transaction processing system. POS Malware: Wawa Convenience and Fuel Retailer Retail chain Wawa disclosed that it had discovered malware on its payment processing servers earlier this month. An external forensics team determined that the malware began running at different points in time…

Read More
21 Oct

Malware Analysis Strives To Outpace Enterprise Digitalization

Malware

An increase in enterprise phishing threats and malware delivery has boosted demand for malware analysis. Malware analysis is the process by which the purpose and functionality of malware samples are analyzed and determined. The information gathered from the malware analysis provides insights into developing an effective detection technique for the malicious code. In addition, it is an essential element for developing the efficient removal tools that can ultimately eliminate malware from an infected system. Mobile…

Read More
21 Oct

#StopRansomware: Daixin Team

Attacks, Insights, Malware

Original release date: October 21, 2022 CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Daixin Team to provide information on the “Daixin Team,” a cybercrime group actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations. This joint CSA provides Daixin actors’ tactics, techniques, and procedures (TTPs) and indicators of…

Read More
21 Oct

New Variant of FurBall Android Malware Seen from Iranian Domestic Kitten (APT-C-50)

Attacks, Malware

The latest campaign by Domestic Kitten not only highlights the rise of using phishing as an initial attack vector, but also the growing mobile malware market. This form of malware should be on the radar of every enterprise, especially ones with Bring-Your-Own-Device (BYOD) policies, as there are limited ways for an employer to monitor their employees’ mobile devices. With the growing threat of malware targeting mobile devices, it is becoming more and more likely that…

Read More
21 Oct

Detained Iranian Protester Phones Infected with I3mon Malware

Attacks, Malware

Installing a strong mobile antivirus solution is advised. Vetting apps before downloading them and monitoring application permissions are highly suggested as well. Unused apps that are given unnecessary permissions should be deleted as a preventative measure. If a device is believed to have been infected, getting a new device, or running a hard factory reset should be considered. Smartphones of Iran’s protest detainees targeted with spyware

Read More
21 Oct

Health System Data Breach Due to Meta Pixel Hits 3 million Patients

Attacks, Malware

AAH reported that the breach affected 3 million people to the U.S. Department of Health, which listed it on its breach report portal. Analysts Notes: The healthcare provider has disabled the Pixel tracker on all systems and is implementing safeguards to prevent a similar exposure from happening again. Patients are advised to use their web browsers’ tracker-blocking features or use incognito mode when logging in on medical portals. Those with a Facebook or Google account…

Read More
21 Oct

Cisco Releases Security Update for Cisco Identity Services Engine 

Attacks, Insights, Malware

Original release date: October 21, 2022 Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.  CISA encourages users and administrators to review Cisco Advisory cisco-sa-ise-path-trav-Dz5dpzyM and apply the necessary updates. This product is provided subject to this Notification and this Privacy &…

Read More