Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software. Roughly a month ago, Google Threat Analysis Group security researcher Neel Mehta discovered that the developers of an unwanted software known as OpenSUpdater started signing their samples with legitimate but intentionally malformed certificates, accepted by Windows but rejected by OpenSSL. By breaking certificate parsing for OpenSSL, the malicious samples would not be detected by some security solutions that use OpenSSL-powered detection rules and allowed to perform their malicious tasks on victims' PCs. "Since mid-August, OpenSUpdater samples have carried an invalid signature, and further investigation showed this was a deliberate attempt to evade detection," Mehta said.
Cybercriminals are slowly realizing that the REvil ransomware operators may have been hijacking ransom negotiations, to cut affiliates out of payments. If the REvil operation started as an "Honest" cybercriminal endeavor, it soon switched to scamming affiliates out of the promised 70% share of a ransom from paying victims.
The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol. Such flaws can cause corruption in blockchain services, and lead to massive outages, like the Ethereum network outage from last year.
Google says that enforcing two-step verification on Google accounts of Chrome Web Store developers will take longer than expected. As first announced in June, Google will require all Chrome extension developers to enable 2-Step Verification to publish or update their extensions after August 2nd. "The Chrome Web Store will begin enforcing the Two Step Verification requirement in August, 2021," Chrome Trust & Safety Team members Rebecca Soares and Benjamin Ackerman said two months ago.
Google has added new protection capabilities for Enhanced Safe Browsing users in Chrome, warning them when installing untrusted extensions and allowing them to request more in-depth scans of downloaded files. The Safe Browsing feature, available in Google Chrome since 2007, warns you of dangerous events when visiting malicious websites by checking URLs against a list of unsafe sites stored within Chrome.
SAP and security analysts Onapsis say cyber-criminals are pretty quick to analyze the enterprise software outfit's patches and develop exploits to get into vulnerable systems. In a joint report issued by the two organizations, Mariano Nunez, CEO of Onapsis, cited "Conclusive evidence that cyberattackers are actively targeting and exploiting unsecured SAP applications," and warned time was of the essence, reporting "SAP vulnerabilities being weaponized in less than 72 hours since the release of patches."
The hacked version of Xcode would add malware into iOS apps when they were compiled on an infected system, without infecting the source code of the app itself. As we said at the time, "Developers with sloppy security practices, such as using illegally-acquired software of unvetted origin for production builds, turned into iOS malware generation factories for the crooks behind XcodeGhost."
A malicious Xcode project known as XcodeSpy is targeting iOS devs in a supply-chain attack to install a macOS backdoor on the developer's computer. Threat actors are increasingly creating malicious versions of popular projects hoping that they are included in other developer's applications.
Now web security professionals are asking developers to do their part by recognizing that Spectre broke the old threat model and by writing code that reflects the new one. Last month, Mike West, a Google security engineer, drafted a note titled, "Post-Spectre Web Development," and Mozilla's Daniel Veditz of the W3C's Web Application Security Working Group asked the group to come to a consensus on supporting the recommendations.
Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security. Both are already working at the Linux Foundation, so what is new? "Gustavo's been working on the Linux kernel at the Linux Foundation for several years now," Lorenc tells us.