Security News > 2020 > December

Kaspersky researchers discovered a previously undocumented Windows PowerShell malware dubbed PowerPepper and developed by the hacker-for-hire group DeathStalker. The new PowerPepper implant was discovered by Kaspersky in May 2020 while researching other attacks using the group's other PowerShell-based implant known as Powersing.

Industrial cybersecurity company OTORIO has released an open source tool designed to help organizations harden Siemens' SIMATIC PCS 7 distributed control systems. According to the cybersecurity firm, the script is designed to assess the security configuration of the SIMATIC PCS 7 OS client, OS server and engineering station.

UPDATE. Researchers are warning that several popular Google Play applications - including mobile browser app Edge - have yet to push out an important update addressing a high-severity vulnerability in the Google Play Core Library. The vulnerability exists in Google Play Core Library, which is utilized by various popular applications like Google Chrome, Facebook and Instagram.

IBM X-Force warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain in a large scale spear-phishing campaign that has started three months ago, in September 2020. Cold chain orgs are an essential part of storing and delivering the COVID-19 vaccine at safe temperatures, minus 70 degrees Celsius for the one made by Pfizer and minus 20 Celsius for the one developed by Moderna.

Intel has released updated Wireless Bluetooth and Wi-Fi drivers for Windows 10 customers to address known issues causing blue screen of death errors and Bluetooth devices to lose connection or stop working. First of all, the new drivers address Windows 10 stop errors, yellow bang warnings in Device Manager, as well as random disconnections while playing online videos caused by Intel Wireless adapters with faulty drivers.

A Google security guru has published details of a critical hole in Apple's iOS that can be exploited by miscreants to hijack strangers' iPhones over the air without any user interaction. On Tuesday, Google Project Zero's Ian Beer, who reported the flaw to Apple back on November 29, 2019, published a detailed technical account of how he found and developed an exploit the vulnerability, which he likened to a magic spell to gain remote control of the target device.

There are, of course, other factors that play a role in the attackers' preference for healthcare-related targets: the talent shortage for cybersecurity experts with healthcare expertise, the fact that most healthcare employees still don't make cybersecurity a priority, the fact that many of the devices and technologies they use run on antiquated operating systems - to name just a few. There might come a time when cybersecurity becomes a part of medical curriculums - in the meantime healthcare organizations can significantly lower the number of successful attacks with the proper defenses and training, DiMaggio notes.

TrickBot malware developers have created a new module that probes for UEFI vulnerabilities, demonstrating the actor's effort to take attacks at a level that would give them ultimate control over infected machines. TrickBoot acts as a reconnaissance tool at this stage, checking for vulnerabilities in the UEFI firmware of the infected machine.

Third-party SaaS apps can significantly extend the functionality and capabilities of an organization's public cloud environment, but they can also introduce security concerns. Assessing the risk of these applications is the key to maintaining a balance between safety and productivity.

Roid apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020. In August, mobile app security company Oversecured discovered a vulnerability in the Google Play Core Library that allowed malicious applications to execute code in legitimate apps.