THE TIMES OF HACKER

  • Home
  • Contact Us

Recently Apple developers have released security updates, fixing three 0-day bugs in their porducts at once. Apple says, all of these problems could already have been exploited by hackers, which is obvious as the 0day Vulnerabilities before becoming public are exploited in the black market. 

Various 0-Day Bugs in Webkit Fixed by Apple

All bugs affect the Webkit browser engine at the heart of the Browser Sadari. WebKit works in most of the company's products as a built-in component (including iPadOS, tvOS, and watchOS) that is used to display web content when there is no need to load a full browser.

They have provided fixes with with macOS Big Sur 11.3.1 ,   iOS 12.5.3 ,   iOS 14.5.1, iPadOS 14.5.1,  and   watchOS 7.4.1 , and the above 0-day vulnerabilities were assigned CVE-2021-30663, CVE- 2021-30665 and CVE-2021-30666. It is also worth noting that iOS 12.5.3 includes an additional patch for the CVE-2021-30661 bug. This is considered to be a new bug that was fixed a week earlier. 

Apple does not disclose the details of the vulnerabilities, as well as the information on the possible attacks done using those bugs. 



 The developers of the Composer PHP package manager have fixed a critical vulnerability that could be used to execute arbitrary commands and equip each PHP package with a backdoor, leading to attacks on the supply chain. The vulnerability received the identifier CVE-2021-29472 and was discovered on April 22, 2021 by researchers from SonarSource. Less than 12 hours later, a fix for this bug was submitted.

"The command injection vulnerability in HgDriver / HgDownloader has been fixed, and other VCS drivers and loaders have been hardened," the  Composer developers report in the  release notes  for versions 2.0.13 and 1.10.22 posted on Wednesday. "As far as we know, the vulnerability was not exploited by hackers."




According to SonarSource, the vulnerability is related to the way the download URLs of the source packages are handled, which could potentially trigger a remote command injection.

"A vulnerability in a central component that serves over 100,000,000 package metadata requests per month has a huge impact, as such a vulnerability can be exploited to steal developer credentials or redirect package downloads to third-party servers that provide dependencies with backdoors," they note at SonarSource.

The world has seen many ups and down, but The people of the world has not even in their dream would have taught that most of the google applications like Gmail, Google Meet, Google Contact, Blogger, Google Play and many other . 

https://www.google.com/appsstatus#hl=en&v=status 

  1. Google Calander Server Down
  2. Blogger Website Server Down
  3. Google Play Down
  4. Google Photos Down
  5. Google Meet Down
  6. Gmail Down
  7. Google Contact Down

Google server was showing Server Error 500. In many of its services like Gmail, Google Calendar ,Google Drive, Google Docs, Google Sheets, Google Slides, Google Sites, Google Groups,Hangouts, Google Chat, Google Meet, Google Vault, Google Forms, Google Cloud, Search, Google Keep, Google Tasks, and  Google Voice. 



Google Calendar Down


Blogger Website Down


Google Play Down


Google Photos Down


Google Meet Down


Gmail Down


Google Contact Down 



Check Point experts have arranged a Global Threat Index report for April this year. They note that few coronavirus-related spam crusades (COVID-19) are circulating another, changed variant of the Agent Tesla Trojan. Altogether, he assaulted around 3% of associations around the world. 

Agent Tesla is an advanced RAT, that is, a remote access trojan known to information security experts since 2014. The malicious program is written in .Net and is able to track and collect input from the victim’s keyboard, from the clipboard, take screenshots and retrieve credentials related to various programs installed on the victim’s computer (including Google Chrome, Mozilla Firefox and Microsoft Outlook). Malware can disable antivirus solutions and processes that try to analyse it and interfere with its operation. 


Specialists state that the new form of Agent Tesla has been adjusted to take Wi-Fi passwords. Additionally, the trojan can extricate email certifications from an Outlook customer. 

In April 2020, Agent Tesla was often seen in several malicious campaigns related to COVID-19. Such spam mailings try to interest the victim in allegedly important pandemic information, so that they download malicious files. 

One of these campaigns was purportedly sent by the World Health Organisation with the following topics: URGENT INFORMATION LETTER: FIRST HUMAN COVID19 VACCINETEST / RESULT UPDATE –– “URGENT NOTIFICATION: FIRST TEST OF VACCINE FROM COVID-19 FOR RESEARCH AND RESEARCH.” This once again emphasises that hackers use the latest developments in the world and the fear of the population to increase the effectiveness of their attacks. 

“The spam campaigns with Agent Tesla that we watched throughout April show how well cybercriminals fit into the information agenda and how quietly they trick unsuspecting victims,” says Vasily Diaghilev, head of Check Point Software Technologies in Russia and the CIS. - In Russia, Emotet, RigEK, XMRig were in the top three — criminals are focused on organising phishing attacks to steal users' personal and corporate data. Therefore, it is very important for any organisation to regularly train its employees, regularly informing them of the latest tools and methods of criminals. Now this is especially true, since most of the companies transferred their employees to the remote mode. ” 

This month, Dridex broker influenced 4% of associations around the world, while XMRig and Agent Tesla influenced 4% and 3%, individually. Subsequently, the TOP-3 of the most dynamic malware in April 2020 is as per the following: 

Dridex is a banking Trojan that infects Windows. It is distributed through spam mailings and exploit kits that use web-based agents to intercept personal data, as well as information about users' bank cards. 

XMRig is open source software, first discovered in May 2017. Used for mining cryptocurrency Monero; 

Agent Tesla - Advanced Remote Access Trojan (RAT). AgentTesla has been infecting computers since 2014, acting as a keylogger and password stealer. 

The list of the most active malware in Russia, as usual, differs from the world, it includes: 

Emotet  is an advanced self-propagating modular trojan. It was once an ordinary banker, but recently it has been used to spread malware and campaigns. New functionality allows you to send phishing emails containing malicious attachments or links. 

RigEK  –– a set of exploits, contains exploits for Internet Explorer, Flash, Java and Silverlight. The infection begins by redirecting the victim to a landing page containing a Java script that then looks for vulnerabilities and tries to exploit the problem. 

XMRig  is open source software, first discovered in May 2017. Used for mining cryptocurrency Monero.


With the spread of COVID-19, associations around the globe moved representatives to a remote method of activity, which legitimately influenced the cybersecurity of associations and prompted an adjustment in the danger scene. Kaspersky Lab analysts caution of an expansion in the quantity of savage power assaults on RDP.

Alongside the expanded volume of corporate traffic, the utilization of outsider administrations for information trade, crafted by workers on home PCs (in conceivably uncertain Wi-Fi systems), one more of the "cerebral pains" for IS representatives was the expanded number of individuals utilizing remote access instruments.

One of the most famous application-level conventions that permits access to a workstation or server running Windows is Microsoft's exclusive convention, RDP. During isolate, countless PCs and servers showed up on the system that can be associated remotely, and right now, specialists are watching an expansion in the movement of aggressors who need to exploit the present situation and assault corporate assets, access to which (here and there in a rush) was open for leaving on the "udalenka" representatives.

As indicated by the organization, from the earliest starting point of March 2020 the quantity of beast power assaults on RDP has bounced up and this image is indistinguishable for nearly the entire world:

Assaults of this sort are endeavors to choose a username and secret key for RDP by methodicallly figuring out every single imaginable choice until the right one is found. It very well may be utilized to look through the two blends of characters, and word reference search of famous or bargained passwords. An effectively executed assault permits an aggressor to increase remote access to the host PC that she is focusing on.

Investigators state that aggressors don't act point-wise, yet "take a shot at territories." Apparently, after the universal change of organizations to telecommute, hackers arrived at the obvious end result that the quantity of inadequately designed RDP servers will increment, and in relation to this, the quantity of assaults will increment.

However, regardless of whether you utilize different methods for remote access rather than RDP, this doesn't mean at all that you can unwind. Analysts review that toward the finish of a year ago, Kaspersky Lab found 37 vulnerabilities in different customers running the VNC convention.

Specialists sum up that organizations ought to intently screen the projects utilized and auspicious update them on every single corporate gadget. Presently this isn't the least demanding assignment for some, in light of the fact that because of the hurried exchange of representatives to remote work, many needed to permit representatives to work or associate with organization assets from their home PCs, which frequently don't fulfill corporate cybersecurity guidelines by any stretch of the imagination.

One of the most advanced supercomputers in the UK, ARCHER, facilitated at the University of Edinburgh, was attacked by obscure attacker recently , as its administrator provided details regarding the project's official site. ARCHER is positioned 339th on the rundown of the 500 most remarkable supercomputers on the planet.


It is accounted for that hacker attacked the ARCHER login nodes, and along these lines, client passwords and SSH keys could be undermined, and now clients are firmly encouraged to change passwords and SSH keys on all frameworks where these qualifications were utilized.

Researchs concerning the episode are now in progress by National Cybersecurity Center (NCSC) experts at the UK Government Communications Center and Cray/HPE. ARCHER overseers compose that other elite scholastic frameworks in Europe have likewise been assaulted, yet don't determine which ones.

Writers from The Register note that ARCHER is frequently utilized by authorities in the field of computational science, including the individuals who are currently displaying the further spread of coronavirus. Along these lines, the distribution accepts that a supercomputer could be the objective of government hackers who needed to take the aftereffects of research by British specialists or just damage them. The truth of the matter is that now ARCHER won't come back to full work at any rate until May 15, 2020.

Review that, as per an ongoing distribution in the New York Times , the US specialists plan to openly arraign China and Iran for attempting to break into research organizations attempting to build up an antibody for SARS-CoV-2 aka COVID-19.

Teacher Alan Woodward of the University of Surrey imparted to The Register the accompanying hypothesis:

“Seeing Cray under attack is very unusual, so I believe that the computing infrastructure around it has been attacked. Obviously, most users do not sit at a terminal connected directly to the supercomputer, so when remote access means fail, supercomputers become just an expensive piece of metal and silicon.
 
It seems that someone managed in an unknown way to get a reliable shell on the access node. Assuming this happened, setting it all up again will be a real headache. ”


Delegates of the University of Edinburgh revealed that they are likewise researching what occurred with ARCHER, utilizing the Parallel Computing Center (EPCC). As per them, some users records could be utilized to increase unauthorised access to the administration. Luckily, just few records were affected by the hack, and there is no reason to accept that the episode affected any research, just as customer or individual information.

The Bleeping Computer publication says that ransomware operators have begun to use a new tactic that allows them to get more money from victims. Now, the creators of malware demand two ransoms from the affected companies: one for decrypting the data, and the other for deleting the information that the hackers stole during the attack. In the event of non-payment, attackers threaten to publish this data in the public domain. 

Journalists recall that at the end of 2019, the creators of the extortionate malware began to act according to a new scheme. It all started with Maze ransomware operators, who began to publish files that they stole from the attacked companies if the victims opened to pay. Hackers set up a special site for such “sinks,” and soon other groups followed, including Sodinokibi, DopplePaymer, Clop, Sekhmet, Nephilim, Mespinoza, and Netwalker. 

Now they are joined by the authors of the ransomware Ako, but they went even further than their "colleagues." The grouping forces some companies to pay a ransom twice: for decrypting files and for deleting stolen data. As an example, one of the victims’s data was published on Aco’s website: the company paid $ 350,000 to decrypt the information, but hackers still published its files on their website because they did not receive a “second ransom” for deleting the stolen files.

One of the Ako operators answered Bleeping Computer's questions and confirmed that double extortion is used only for some victims: it all depends on the size of the company and the type of data stolen. As a rule, the size of the second buyback ranges from 100,000 to 2,000,000 US dollars, that is, it usually exceeds the cost of decrypting the data. 

Attackers argue that some companies generally prefer to pay for deleting data, but not for decrypting it. For example, unnamed medical organizations from the USA went this way, from which confidential patient data, social security numbers and so on were stolen. Journalists failed to confirm or deny these statements by criminals.
Specialists from the Israeli Ben-Gurion University have repeatedly demonstrated original and interesting concepts of attacks. In their research, researchers mainly concentrate on particularly complex cases, that is, they develop vectors of attacks for situations in which it is simply impossible to steal information or track a user. In particular, if the computer is physically isolated about any networks and potentially dangerous peripherals.

This time, experts presented the technique of PowerHammer attacks and suggested using conventional power cables to extract data.


The principle of PowerHammer is as follows. The target computer needs to be infected with the malware of the same name, which specifically regulates the "busy" level of the processor, choosing those cores that are currently not occupied by user operations. As a result, the victim's PC consumes more, then less electricity. Such "jumps" experts suggest to regard as the simplest zeros and ones, with the help of which any information from the target computer can be transmitted outside (like Morse code). To read the data transferred in this way, specialists suggest using conductive radiation (so-called "induced noise") and measuring the power fluctuations.

To notice such fluctuations in the power of the target PC, the attacker will have to use a hardware "monitor." And the attacker will not have to create the equipment himself, for example, it is enough to purchase a detachable current transformer, available in free sale. During the tests, experts from the Ben-Gurion University used the device SparkFun  ECS1030-L72 . Data collected by such a sensor can, for example, be transmitted to a nearby computer via Wi-Fi.

Experts say that the PowerHammer attack can be implemented in two ways, which will differ in the speed of data transfer. So, the criminal can monitor the power network between the isolated PC and its socket. Then the data transfer rate is about 1000 bps.

It is also possible to connect at the phase level, that is, to install the sensors in the   
electrical switchboard on the desired floor or in the proper building. Of course, such a method is more invisible, but the transmission speed of information is unlikely to exceed 10 bps due to the numerous "jamming". The second method, according to researchers, nevertheless, is suitable for stealing passwords, tokens, encryption keys and other data of small volume.

As usual, the most controversial moment in the attack of PowerHammer is the infection of the target computer with malware (as we recall, it is isolated from external networks and dangerous peripherals). Experts believe that this can be done with the help of social engineering, intervention in the supply chain of equipment or with the support of an insider. Similar methods have already been demonstrated in practice by hacker groups Turla and RedOctober.
AMD has released microcodes that fix the "processor" vulnerability Specter option 2 (CVE-2017-5715). Now patches are presented for products up to 2011 of release (up to processors Bulldozer). Developers distributed these "patches" among PC and motherboard manufacturers, so that they included updates to the BIOS.


Totally, the set of Meltdown and Spectre includes three CVEs: Meltdown (CVE-2017-5754) and Specter (Variant 1 - CVE-2017-5753 and Variant 2 - CVE-2017-5715). If Meltdown and Specter, Variant 1, in theory can be corrected at the OS level, then a full correction of Variant 2 requires a combination of both approaches and needs firmware / BIOS / microcode updates, which is why vendors already had numerous overlays.

Prior , Microsoft offered a wide range of assistance in disseminating patches to producers , accordingly KB4093112 was introduced in the system of April Tuesday refreshes . This refresh incorporates OS-level patches, which are likewise made for AMD clients and are gone for disposing of the Specter alternative 2. 

Let me advise you that in January Microsoft officially attempted to issue settles that unexpectedly affected AMD processors (specifically, the Athlon 64 X2 arrangement). It worked out that occasionally in the wake of introducing patches (specifically KB4056892) frameworks in light of AMD CPU essentially quit stacking, demonstrate the "blue screen of death" and so on. Thus, the dissemination of patches was suspended promptly, and just half a month later they were renewed, taking out bugs. Strikingly, the new KB4093112 does exclude these unique January patches, so clients should introduce the two bundles. 

AMD additionally underscores that a full rectification of vulnerabilities in the organization's processors requires concurrent establishment of microcodes got from press producers and establishment of patches for the working framework. 

Patches for other "processor" issues AMD ( RyzenFall, MasterKey, Fallout and Chimera ), are not yet prepared are as yet being settled.
Older Posts Home

Search News

News

  • Arkansas JobLink Has Been Affected By A Security Incident.
  • Mastermind Hacker Adam Mudd Jailed for attacks on Sony and Microsoft
  • Uber is Spying On You - Apple IPhone Users
  • Hack In Paris 2015 Invites All Hackers .
  • Ransomware Asks Extra Payment To Delete Files
  • Hard-coded Credential Flaw in Wireless Access Points Identified and Fixed
  • Windows Security Bypass 10 With One Bit
  • Hyundai Blue Link Application Software Potentially Expose Sensitive Information
  • Annomymous Hacker Sentenced for 5 years by Federal Judge in Dallas
  • Samsung Smart TV Wi-Fi Direct Improper Authentication

Contact Form

Name

Email *

Message *

Powered by Blogger.

THE TIMES OF HACKER

About Us


The Times of Hacker is the InfoSec News Portal

Find By CATEGORIES

  • Hacker News (86)

Search News

Designed By OddThemes | Distributed By Blogger Templates