Security News > 2021 > December

Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to retrieve malicious content from a remote URL using an RTF file," Proofpoint researchers said in a new report shared with The Hacker News.

Microsoft has addressed a long list of issues and added more Windows 11 start menu customization options with the release of Windows 11 Insider Preview Build 22509 to the Dev Channel. The most critical issues fixed in this new development build led to update and installation problems that blocked Windows 11 users from deploying new builds.

The plugin "Variation Swatches for WooCommerce," installed across 80,000 WordPress-powered retail sites, contains a stored cross-site scripting security vulnerability that could allow cyberattackers to inject malicious web scripts and take over sites. Giving low-permissioned users access to the "Tawcvs save settings" function is particularly concerning, she said, because that access can be used to update the plugin's settings and inject malicious web scripts that would execute whenever a site owner accessed the settings area of the plugin.

YARA comes as a binary that can be launched against files, taking YARA rules as arguments. Outgoing communication can be analyzed using YARA rules to detect outgoing malware communications but also to try to detect data exfiltration.

A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks. The app is promoted through multiple fake or cloned websites and social media accounts to promote the malicious APK, 'Cleaning Service Malaysia.

NSS can be used to develop security-enabled client and server apps with support for SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and various other security standards. "Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted," Mozilla said in a security advisory issued today.

A threat actor tracked as WIRTE has been assaulting Middle East governments since at least 2019 using "Living-off-the-land" techniques, and malicious Excel 4.0 macros. In April 2019, Kaspersky Lab reported that it had observed MuddyWater exfiltrating data such as credentials from governmental and telco targets in the Middle East, using a relatively simple, expendable set of tools that revealed a moderately sophisticated threat actor at work - with the potential to get even more dangerous over time.

The BlackByte ransomware gang is now breaching corporate networks by exploiting Microsoft Exchange servers using the ProxyShell vulnerabilities. Since researchers disclosed the vulnerabilities, threat actors have begun to exploit them to breach servers and install web shells, coin miners, and ransomware.

Singapore and the UK signed three memorandums of understanding this week, hoping to strengthen digital connectivity between the two island nations. In a canned statement, Singapore's Minister for Communications and Information, Josephine Teo, said the agreement would "Further strengthen the links between Singapore and the UK in digital trade facilitation, digital identities and cybersecurity."

EB Associates, a London-based financial advisory business, is facing a £140,000 fine from the UK's data watchdog after it instigated 107,000 illegal cold calls to people about their pensions. The practice of pension cold-calling was banned by the government in January 2019 to stop people being scammed of their life savings.