Security News
Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation.
Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation.
Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, allowing for extensive supply-chain attacks. "We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One particularly pernicious method uses Unicode directionality override characters to display code as an anagram of its true logic," professor Ross Anderson explained.
Microsoft Active Directory and Azure Active Directory are directory services products used for identity and access management at most major enterprises all over the world. All Active Directory environments are vulnerable to a type of attack called identity attack paths.
Academic researchers have released details about a new attack method they call "Trojan Source" that allows injecting vulnerabilities into the source code of a software project in a way that human reviewers can't detect. "The trick is to use Unicode control characters to reorder tokens in source code at the encoding level," reveals Nicholas Boucher, one of the researchers that discovered Trojan Source.
Boucher and Anderson discovered that they can be misused to misrepresent source code. "Our key insight is that we can reorder source code characters in such a way that the resulting display order also represents syntactically valid source code."
The U.S. Federal Bureau of Investigation has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang has added distributed denial-of-service attacks to their arsenal of extortion tactics. In a Friday notification coordinated with the Cybersecurity and Infrastructure Security Agency, the FBI said that the ransomware group would take their victims' official websites down in DDoS attacks if they didn't comply with the ransom demands.
Brand impersonation attacks have seen a rise in frequency lately, perhaps because of their high success rate. From a malicious point of view, this is what makes attacks with a brand impersonation component more attractive, especially for brands with a strong reputation.
A total of 12 individuals wreaking havoc across the world with ransomware attacks against critical infrastructure have been targeted as the result of a law enforcement and judicial operation involving eight countries. As you probably know, a lot of ransomware gangs these days consist of what you might call a cybercrime "Ecosystem" or "Subculture", with the core coders surrounded by numerous affiliates or associates who take the malware out into the world and use it actively in attacks.
12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The suspects have been primarily linked to LockerGoga, MegaCortex, and Dharma ransomware, in addition to being in charge of laundering the ransom payments by funneling the ill-gotten Bitcoin proceeds through mixing services and cashing them out.