THE TIMES OF HACKER

  • Home
  • Contact Us

Recently Apple developers have released security updates, fixing three 0-day bugs in their porducts at once. Apple says, all of these problems could already have been exploited by hackers, which is obvious as the 0day Vulnerabilities before becoming public are exploited in the black market. 

Various 0-Day Bugs in Webkit Fixed by Apple

All bugs affect the Webkit browser engine at the heart of the Browser Sadari. WebKit works in most of the company's products as a built-in component (including iPadOS, tvOS, and watchOS) that is used to display web content when there is no need to load a full browser.

They have provided fixes with with macOS Big Sur 11.3.1 ,   iOS 12.5.3 ,   iOS 14.5.1, iPadOS 14.5.1,  and   watchOS 7.4.1 , and the above 0-day vulnerabilities were assigned CVE-2021-30663, CVE- 2021-30665 and CVE-2021-30666. It is also worth noting that iOS 12.5.3 includes an additional patch for the CVE-2021-30661 bug. This is considered to be a new bug that was fixed a week earlier. 

Apple does not disclose the details of the vulnerabilities, as well as the information on the possible attacks done using those bugs. 



 The developers of the Composer PHP package manager have fixed a critical vulnerability that could be used to execute arbitrary commands and equip each PHP package with a backdoor, leading to attacks on the supply chain. The vulnerability received the identifier CVE-2021-29472 and was discovered on April 22, 2021 by researchers from SonarSource. Less than 12 hours later, a fix for this bug was submitted.

"The command injection vulnerability in HgDriver / HgDownloader has been fixed, and other VCS drivers and loaders have been hardened," the  Composer developers report in the  release notes  for versions 2.0.13 and 1.10.22 posted on Wednesday. "As far as we know, the vulnerability was not exploited by hackers."




According to SonarSource, the vulnerability is related to the way the download URLs of the source packages are handled, which could potentially trigger a remote command injection.

"A vulnerability in a central component that serves over 100,000,000 package metadata requests per month has a huge impact, as such a vulnerability can be exploited to steal developer credentials or redirect package downloads to third-party servers that provide dependencies with backdoors," they note at SonarSource.

The world has seen many ups and down, but The people of the world has not even in their dream would have taught that most of the google applications like Gmail, Google Meet, Google Contact, Blogger, Google Play and many other . 

https://www.google.com/appsstatus#hl=en&v=status 

  1. Google Calander Server Down
  2. Blogger Website Server Down
  3. Google Play Down
  4. Google Photos Down
  5. Google Meet Down
  6. Gmail Down
  7. Google Contact Down

Google server was showing Server Error 500. In many of its services like Gmail, Google Calendar ,Google Drive, Google Docs, Google Sheets, Google Slides, Google Sites, Google Groups,Hangouts, Google Chat, Google Meet, Google Vault, Google Forms, Google Cloud, Search, Google Keep, Google Tasks, and  Google Voice. 



Google Calendar Down


Blogger Website Down


Google Play Down


Google Photos Down


Google Meet Down


Gmail Down


Google Contact Down 



Check Point experts have arranged a Global Threat Index report for April this year. They note that few coronavirus-related spam crusades (COVID-19) are circulating another, changed variant of the Agent Tesla Trojan. Altogether, he assaulted around 3% of associations around the world. 

Agent Tesla is an advanced RAT, that is, a remote access trojan known to information security experts since 2014. The malicious program is written in .Net and is able to track and collect input from the victim’s keyboard, from the clipboard, take screenshots and retrieve credentials related to various programs installed on the victim’s computer (including Google Chrome, Mozilla Firefox and Microsoft Outlook). Malware can disable antivirus solutions and processes that try to analyse it and interfere with its operation. 


Specialists state that the new form of Agent Tesla has been adjusted to take Wi-Fi passwords. Additionally, the trojan can extricate email certifications from an Outlook customer. 

In April 2020, Agent Tesla was often seen in several malicious campaigns related to COVID-19. Such spam mailings try to interest the victim in allegedly important pandemic information, so that they download malicious files. 

One of these campaigns was purportedly sent by the World Health Organisation with the following topics: URGENT INFORMATION LETTER: FIRST HUMAN COVID19 VACCINETEST / RESULT UPDATE –– “URGENT NOTIFICATION: FIRST TEST OF VACCINE FROM COVID-19 FOR RESEARCH AND RESEARCH.” This once again emphasises that hackers use the latest developments in the world and the fear of the population to increase the effectiveness of their attacks. 

“The spam campaigns with Agent Tesla that we watched throughout April show how well cybercriminals fit into the information agenda and how quietly they trick unsuspecting victims,” says Vasily Diaghilev, head of Check Point Software Technologies in Russia and the CIS. - In Russia, Emotet, RigEK, XMRig were in the top three — criminals are focused on organising phishing attacks to steal users' personal and corporate data. Therefore, it is very important for any organisation to regularly train its employees, regularly informing them of the latest tools and methods of criminals. Now this is especially true, since most of the companies transferred their employees to the remote mode. ” 

This month, Dridex broker influenced 4% of associations around the world, while XMRig and Agent Tesla influenced 4% and 3%, individually. Subsequently, the TOP-3 of the most dynamic malware in April 2020 is as per the following: 

Dridex is a banking Trojan that infects Windows. It is distributed through spam mailings and exploit kits that use web-based agents to intercept personal data, as well as information about users' bank cards. 

XMRig is open source software, first discovered in May 2017. Used for mining cryptocurrency Monero; 

Agent Tesla - Advanced Remote Access Trojan (RAT). AgentTesla has been infecting computers since 2014, acting as a keylogger and password stealer. 

The list of the most active malware in Russia, as usual, differs from the world, it includes: 

Emotet  is an advanced self-propagating modular trojan. It was once an ordinary banker, but recently it has been used to spread malware and campaigns. New functionality allows you to send phishing emails containing malicious attachments or links. 

RigEK  –– a set of exploits, contains exploits for Internet Explorer, Flash, Java and Silverlight. The infection begins by redirecting the victim to a landing page containing a Java script that then looks for vulnerabilities and tries to exploit the problem. 

XMRig  is open source software, first discovered in May 2017. Used for mining cryptocurrency Monero.


With the spread of COVID-19, associations around the globe moved representatives to a remote method of activity, which legitimately influenced the cybersecurity of associations and prompted an adjustment in the danger scene. Kaspersky Lab analysts caution of an expansion in the quantity of savage power assaults on RDP.

Alongside the expanded volume of corporate traffic, the utilization of outsider administrations for information trade, crafted by workers on home PCs (in conceivably uncertain Wi-Fi systems), one more of the "cerebral pains" for IS representatives was the expanded number of individuals utilizing remote access instruments.

One of the most famous application-level conventions that permits access to a workstation or server running Windows is Microsoft's exclusive convention, RDP. During isolate, countless PCs and servers showed up on the system that can be associated remotely, and right now, specialists are watching an expansion in the movement of aggressors who need to exploit the present situation and assault corporate assets, access to which (here and there in a rush) was open for leaving on the "udalenka" representatives.

As indicated by the organization, from the earliest starting point of March 2020 the quantity of beast power assaults on RDP has bounced up and this image is indistinguishable for nearly the entire world:

Assaults of this sort are endeavors to choose a username and secret key for RDP by methodicallly figuring out every single imaginable choice until the right one is found. It very well may be utilized to look through the two blends of characters, and word reference search of famous or bargained passwords. An effectively executed assault permits an aggressor to increase remote access to the host PC that she is focusing on.

Investigators state that aggressors don't act point-wise, yet "take a shot at territories." Apparently, after the universal change of organizations to telecommute, hackers arrived at the obvious end result that the quantity of inadequately designed RDP servers will increment, and in relation to this, the quantity of assaults will increment.

However, regardless of whether you utilize different methods for remote access rather than RDP, this doesn't mean at all that you can unwind. Analysts review that toward the finish of a year ago, Kaspersky Lab found 37 vulnerabilities in different customers running the VNC convention.

Specialists sum up that organizations ought to intently screen the projects utilized and auspicious update them on every single corporate gadget. Presently this isn't the least demanding assignment for some, in light of the fact that because of the hurried exchange of representatives to remote work, many needed to permit representatives to work or associate with organization assets from their home PCs, which frequently don't fulfill corporate cybersecurity guidelines by any stretch of the imagination.

One of the most advanced supercomputers in the UK, ARCHER, facilitated at the University of Edinburgh, was attacked by obscure attacker recently , as its administrator provided details regarding the project's official site. ARCHER is positioned 339th on the rundown of the 500 most remarkable supercomputers on the planet.


It is accounted for that hacker attacked the ARCHER login nodes, and along these lines, client passwords and SSH keys could be undermined, and now clients are firmly encouraged to change passwords and SSH keys on all frameworks where these qualifications were utilized.

Researchs concerning the episode are now in progress by National Cybersecurity Center (NCSC) experts at the UK Government Communications Center and Cray/HPE. ARCHER overseers compose that other elite scholastic frameworks in Europe have likewise been assaulted, yet don't determine which ones.

Writers from The Register note that ARCHER is frequently utilized by authorities in the field of computational science, including the individuals who are currently displaying the further spread of coronavirus. Along these lines, the distribution accepts that a supercomputer could be the objective of government hackers who needed to take the aftereffects of research by British specialists or just damage them. The truth of the matter is that now ARCHER won't come back to full work at any rate until May 15, 2020.

Review that, as per an ongoing distribution in the New York Times , the US specialists plan to openly arraign China and Iran for attempting to break into research organizations attempting to build up an antibody for SARS-CoV-2 aka COVID-19.

Teacher Alan Woodward of the University of Surrey imparted to The Register the accompanying hypothesis:

“Seeing Cray under attack is very unusual, so I believe that the computing infrastructure around it has been attacked. Obviously, most users do not sit at a terminal connected directly to the supercomputer, so when remote access means fail, supercomputers become just an expensive piece of metal and silicon.
 
It seems that someone managed in an unknown way to get a reliable shell on the access node. Assuming this happened, setting it all up again will be a real headache. ”


Delegates of the University of Edinburgh revealed that they are likewise researching what occurred with ARCHER, utilizing the Parallel Computing Center (EPCC). As per them, some users records could be utilized to increase unauthorised access to the administration. Luckily, just few records were affected by the hack, and there is no reason to accept that the episode affected any research, just as customer or individual information.
Older Posts Home

Search News

News

  • List of All Bug Bounty Programs
  • Hack In Paris 2015 Invites All Hackers .
  • Mastermind Hacker Adam Mudd Jailed for attacks on Sony and Microsoft
  • Improved Agent Tesla Spread Through Spam in April
  • Facebook Announced That Cambridge Analytica Had 87 Million Individuals
  • Hackers Get Your Team Ready For Global CyberLympics
  • Malware KevDroid Can Subtly Record The Telephone Calls of Casualties
  • Arkansas JobLink Has Been Affected By A Security Incident.
  • Liberty Reserve Owner Arthur Budovsky Belanchuk Arrested
  • Apple Fixed Various 0-Day Bugs in Webkit

Contact Form

Name

Email *

Message *

Powered by Blogger.

THE TIMES OF HACKER

About Us


The Times of Hacker is the InfoSec News Portal

Find By CATEGORIES

  • Hacker News (86)

Search News

Designed By OddThemes | Distributed By Blogger Templates