Security News
Black Lotus Labs discovered a new remote access trojan called ZuoRAT, which targets remote workers via their small office/home office devices, including models from ASUS, Cisco, DrayTek and NETGEAR. Overview of campaign elements. The campaign included ZuoRAT - a multi-stage RAT developed for SOHO routers leveraging known vulnerabilities - which allowed the threat actor to enumerate the adjacent home network, collect data in transit, and hijack home users' DNS/HTTP internet traffic.
A malware-as-a-service dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. "If we look historically, BelialDemon has been involved in the development of malware loaders," Unit 42 researchers Jeff White and Kyle Wilhoit noted in a June 2021 report.
Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology vendors due to what researchers call are "Insecure-by-design practices." Collectively dubbed OT:ICEFALL by Forescout, the 56 issues span as many as 26 device models from Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa.
A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a rogue actor to fully compromise the privacy of the uploaded files.
Forescout's Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology vendors. This is one of the single largest vulnerability disclosures that impact OT devices and directly addresses insecure-by-design vulnerabilities.
A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. In early February 2022, Apple shipped patches for the bug across Safari, iOS, iPadOS, and macOS, while acknowledging that it "May have been actively exploited."
An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.
As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security researchers Steve Povolny and Sam Quinn said in a report shared with The Hacker News.
Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans and information stealers. Some of the malware families distributed using PureCrypter include Agent Tesla, Arkei, AsyncRAT, AZORult, DarkCrystal RAT, LokiBot, NanoCore, RedLine Stealer, Remcos, Snake Keylogger, and Warzone RAT. Sold for a price of $59 by its developer named "PureCoder" for a one-month plan since at least March 2021, PureCrypter is advertised as the "Only crypter in the market that uses offline and online delivery technique."
It leverages "Speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan said in a new paper. The vulnerability is rooted in pointer authentication codes, a line of defense introduced in arm64e architecture that aims to detect and secure against unexpected changes to pointers - objects that store a memory address - in memory.