Security News > 2021 > November

Overcoming Google Play app restrictions, attackers have successfully racked up more than 300,000 banking trojan installations over just the past four months in the official Android app marketplace. Researchers from Threat Fabric reported that these threat groups have honed their ability to use Google Play to propagate banking trojans by shrinking the footprint of their dropper apps, eliminating the number of permissions they ask for, boosting the overall quality of the attack with better code and standing up convincing companion websites.

The North Korea-linked ScarCruft advanced persistent threat group has developed a fresh, multiplatform malware family for attacking North Korean defectors, journalists and government organizations involved in Korean Peninsula affairs. ScarCruft specifically controls the malware using a PHP script on a compromised web server, directing the binaries based on HTTP parameters.

Cannazon, one of the largest dark web marketplaces for buying marijuana products, shut down last week after suffering a debilitating distributed denial of service attack. The admins posted that message on November 23, 2021, and today, Cannazon went offline, allegedly forever.

In a proof-of-concept exploit, he demonstrated that it's possible to copy files from a chosen location into a Cabinet archive that the user can then open and read. I mean this is still unpatched and allow LPE if shadow volume copies are enabled; But I noticed that it doesn't work on windows 11 https://t. "The resulting.CAB file is then stored in the C:UsersPublicPublic DocumentsMDMDiagnostics folder, where the user can freely access it."

An APT has attacked two separate vaccine manufacturers this year using a shape-shifting malware that appears at first to be a ransomware attack but later shows to be far more sophisticated, researchers have found. Dubbed Tardigrade by the Bioeconomy ??Information Sharing and Analysis Center, the attacks used malware that can adapt to its environment, conceal itself, and even operate autonomously when cut off from its command-and-control server, according to a recent advisory released by BIO-ISAC. The first attack was detected at a "Large biomanufacturing facility" in April, with investigators identifying a malware loader "That demonstrated a high degree of autonomy as well as metamorphic capabilities," according to the advisory.

A stealthy hacking group named WIRTE has been linked to a government-targeting campaign conducting attacks since at least 2019 using malicious Excel 4.0 macros. The primary targeting scope includes high-profile public and private entities in the Middle East, but researchers also observed targets in other regions.

Zoom has announced today the launch of an automatic update feature designed to streamline the update process for desktop clients. "For most individual users, automatic updates will be enabled by default. When enabled, users will have the opportunity to opt-out of automatic updates for their desktop client after the first install or first update where this feature is present," said Jeromie Clark, Security & Privacy Technical Product Manager at Zoom.

Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1. Patching security holes has become even more difficult with the advent of the remote workforce as so many endpoints are now outside the network perimeter.

The Italian financial crime agency has announced the arrest of several individuals suspected of managing Telegram channels to promote fake vaccine certificates, aka 'Green Passes. Although the sellers claimed they had accomplices in the health department who could add false entries in the national database, thus rendering the generated QR codes valid, their Green Passes were fake.

Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month."Panasonic Corporation has confirmed that its network was illegally accessed by a third party on November 11, 2021," the company said in a press release issued Friday.