Security News > 2021 > September

A flaw in a widely used internet-of-things infrastructure code left more than 100 million devices across 10,000 enterprises vulnerable to attacks. Researchers at Guardara used their technology to find a zero-day vulnerability in NanoMQ, an open-source platform from EMQ that monitors IoT devices in real time, then acts as a "Message broker" to deliver alerts that atypical activity has been detected.

Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. The zero-day patched today [1, 2] was found in the XNU operating system kernel and was reported by Erye Hernandez and Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero.

Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. Based on the info shared by Apple in today's security advisories [1, 2] at least one of the bugs was likely used to deploy NSO Pegasus spyware on hacked devices.

Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software. Roughly a month ago, Google Threat Analysis Group security researcher Neel Mehta discovered that the developers of an unwanted software known as OpenSUpdater started signing their samples with legitimate but intentionally malformed certificates, accepted by Windows but rejected by OpenSSL. By breaking certificate parsing for OpenSSL, the malicious samples would not be detected by some security solutions that use OpenSSL-powered detection rules and allowed to perform their malicious tasks on victims' PCs. "Since mid-August, OpenSUpdater samples have carried an invalid signature, and further investigation showed this was a deliberate attempt to evade detection," Mehta said.

Specops recently released a roundup of the top 20 TV shows found on breached password lists. On Monday, Specops Software, a password management and authentication company, released a roundup of the popular TV shows found on breached password lists.

Attackers can easily buy, deploy and scale phishing campaigns to steal credentials and other sensitive data, says Microsoft. Cybercrime as a service has expanded to malware, ransomware and even phishing campaigns.

Trend Micro has released a midyear cybersecurity report that makes two interesting claims: First, that ransomware numbers decreased by almost half in H1 2021 compared to H1 2020; and second, that the number of newly reported vulnerabilities decreased, with a particularly large dip in the number of critical flaws being reported. The first six months of 2021, Trend Micro said, "Were marked with significant vulnerability exploitation incidents, such as the ProxyLogon attacks," which was the key exploit behind the Microsoft Exchange server attacks.

A cyberespionage group dubbed "FamousSparrow" by researchers has taken flight, targeting hotels, governments and private organizations around the world with a custom backdoor called, appropriately, "SparrowDoor." It's one of the advanced persistent threats that targeted the ProxyLogon vulnerabilities earlier this year, according to ESET, though its activity has only recently come to light. According to the firm, the backdoor's malicious actions include the ability to: rename or delete files; create directories; shut down processes; send information such as file attributes, file size and file write time; exfiltrate the content of a specified file; write data to a specified file; or establish an interactive reverse shell.

Knock, knock ... who's there? SSH. SSH who? You need to lock down your servers so that only you have access via SSH. One way to help that is with knockd. There are always things you can do to make SSH more secure.

Google is testing whether changing the Chrome user agent to three-digit 'Chrome/100' will cause loss of functionality on websites that are expecting a two digit version number. A user agent is a string sent by a web browser to a website to let the site know what browser the visitor is using, its version, and integrated technology.