Security News > 2020 > December

Covert Wi-Fi signals generated by DDR SDRAM hardware can be leveraged to exfiltrate data from air-gapped computers, a researcher claims. In a newly published paper, Mordechai Guri from the Ben-Gurion University of the Negev in Israel details AIR-FI, a new data exfiltration technique in which malware installed on a compromised air-gapped system can generate Wi-Fi signals that a nearby device intercepts and sends to the attacker, over the Internet.

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. As anyone can upload a Gem to the RubyGems repository, it allows threat actors to upload malicious packages to the repository in the hopes that another developer will integrate it into their program.

Hewlett Packard Enterprise has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager software for Windows and Linux. HPE SIM is a management and remote support automation solution for multiple HPE servers, storage, and networking products including but not limited to HPE ProLiant Gen10 and HPE ProLiant Gen9 Servers.

Big tech companies face hefty fines in the European Union and Britain if they treat rivals unfairly or fail to protect users on their platforms, in proposed regulations unveiled Tuesday by officials in Brussels and London. Big tech companies won't be allowed, for example, to stop users from uninstalling preinstalled software or apps, nor will they be able to use data from business users to compete against them.

A software suite intended to let merchant ships' crews digitally communicate with the world ashore was riddled with security vulnerabilities including undocumented admin accounts with hardcoded passwords and widespread use of Adobe Flash. Infosec consultancy Pen Test Partners said it took all of 90 minutes to discover enough problems with Dualog Connection Suite to submit six CVE number requests.

Updates released this week by Apple for its macOS operating systems patch a total of 59 vulnerabilities, including roughly 30 that could lead to the execution of arbitrary code. Some of the bugs, Apple explains in its advisory, could be exploited to execute code with system or kernel privileges.

SystemBC, a commodity malware sold on underground marketplaces, is being used by ransomware-as-a-service operations to hide malicious traffic and automate ransomware payload delivery on the networks of compromised victims. According to information collected by Sophos researchers while investigating recent Ryuk and Egregor ransomware attacks, SystemBC has been deployed in all their attacks during the last months.

In a newly released working paper [PDF], "AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers," Guri, head of research and development at Ben-Gurion University of the Negev, Israel's Cyber-Security Research Center, describes a technique for turning DDR SDRAM buses into transmitters that can spew sensitive data. It's a method for sending data via Wi-Fi signals when the target device doesn't have Wi-Fi capability.

The findings form the basis of a new "5G Standalone core security research" published by London-based cybersecurity firm Positive Technologies today, exactly six months after the company released its "Vulnerabilities in LTE and 5G Networks 2020" report in June detailing high impact flaws in LTE and 5G protocols. Deployed either in standalone or non-standalone modes depending on their reliance on 4G Evolved Packet Core technology, the 5G mobile network is a framework consisting of as many as nine network functions that are responsible for registering subscribers, managing sessions and subscriber profiles, storing subscriber data, and connecting the users to the internet via a base station.

Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. The SystemBC RAT has since expanded the breadth of its toolset with new characteristics that allow it to use a Tor connection to encrypt and conceal the destination of C2 communications, thus providing attackers with a persistent backdoor to launch other attacks.