Iran's IRGC Linked to State-Sponsored Ransomware Campaign
Pulse Secure fixes zero-day, Scripps Health crippled by a ransomware attack, Apple fixes two iOS zero-days exploited in the wild, Hundreds of millions of Dell devices affected by driver flaw, more
Don’t wait for each issue of Metacurity to catch up on infosec news. Follow us on Twitter as we tweet throughout the top developments throughout the day!
Researchers at Flashpoint have linked Iran's Islamic Revolutionary Guard Corps (IRGC) to a state-sponsored ransomware campaign, "Project Signal,” through an Iranian contracting company called 'Emen Net Pasargard' (ENP). The researchers based their discovery on three documents leaked by an anonymous entity named Read My Lips or Lab Dookhtegan between March 19 and April 1 via its Telegram channel.
Project Signal started between late July 2020 and early September 2020, with ENP's internal research organization, named the "Studies Center," putting together a list of unspecified target websites. (Ravie Lakshmanan / The Hacker News)
Pulse Secure fixed a zero-day vulnerability tracked as CVE-2021-22893 in the Pulse Connect Secure (PCS) SSL VPN appliance. The zero-day is being actively exploited to compromise the internal networks of defense firms and govt agencies.
Pulse Secure also released the Pulse Connect Secure Integrity Tool to check if hackers modified any files on their Pulse Secure appliances. (Lawrence Abrams / Bleeping Computer)
A ransomware attack has crippled Scripps Health in the San Diego, CA area, confusing patients and their families, especially those scheduled for appointments this week.
The ransomware attack also apparently, affected Scripps’ backup servers in Arizona. (Paul Sisson / The San Diego Union-Tribune)
Apple has released security updates that fix two actively exploited iOS zero-day vulnerabilities in the Webkit engine used by hackers to attack iPhones, iPads, iPods, macOS, and Apple Watch devices.
The vulnerabilities are tracked as CVE-2021-30665 and CVE-2021-30663, and both allow arbitrary remote code execution (RCE) on vulnerable devices simply by visiting a malicious website. (Lawrence Abrams / Bleeping Computer)
Related: NDTV Gadgets360.com, GovCert.gov.uk, xda-developers, TechTarget, The Register - Security, Security Week, The Hacker News, SecurityWeek, Help Net Security, AppleInsider, Apple Security Updates, The Record
A cybersecurity threat or attack forced the Alaska Court System to temporarily disconnect most of its operations from the internet on Saturday.
The attack halted electronic court filings, disrupted online payments, and prevented hearings by video conference for several days. (Associated Press)
Microsoft said it plans to eliminate a chronic security headache when it removes all remnants of the old Adobe Flash Player app from Windows operating systems by July 2021.
Adobe formally deprecated Flash Player, which reached its end-of-life (EOL) on December 31, 2020. (Catalin Cimpanu / The Record)
Security researchers at Sentinel One said that hundreds of millions of Dell desktops, laptops, notebooks, and tablets would need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks.
The vulnerability in this driver, tracked as CVE-2021-21551, could be abused to allow threat actors to access driver functions and execute malicious code with SYSTEM and kernel-level privileges. (Catalin Cimpanu / The Record)
An international coalition of law enforcement, including units from Germany, the Netherlands, Sweden, Australia, Canada, Europol, and the United States, took down Boystown, a dark web child pornography site with over 400,000 registered users.
Three German men, who were allegedly administrators of the site, have been arrested as part of the take-down. (Gabriel Geiger / Motherboard)
A ransomware attack has hit the Canadian resort Municipality of Whistler (RMOW). The attackers claim to have accessed about 800 gigabytes of RMOW data, which they threaten to sell within seven days unless Whistler pays the ransom.
The RMOW is conducting a forensic investigation to determine what information was accessed by the hackers. RMOW asks the public to be vigilant about communications appearing to come from Whistler. (Braden Dupuis / Pique Magazine)
The office of Illinois Attorney General Kwame Raoul said last week that it was the victim of a ransomware attack that included the theft and publication of agency files.
Raoul’s office had been made aware earlier this year that its networks were susceptible to incidents like ransomware when a February report from the Illinois Auditor General found it following weak cybersecurity practices. (Benjamin Freed / Statescoop)
The BeVigil platform, which allows individuals to search and check app security ratings and other security issues before installing an app, identified over 40 apps with more than a cumulative 100 million downloads that had hardcoded private Amazon Web Services (AWS) keys embedded within them, putting their networks and users data at risk.
This leakage was spotted in some major apps, including Adobe Photoshop Fix, Adobe Comp, Hootsuite, IBM's Weather Channel, and online shopping services Club Factory and Wholee. (Ravie Lakshmanan / The Hacker News)
Researchers at Proofpoint say that a variant of the Buer malware is being distributed in emails disguised as DHL support shipping notices and comes with a fresh code rewrite in the popular Rust language.
The rewrite also potentially defeats reverse engineering, making detecting it tough for engineers who don’t have prior experience with Rust and defeating anti-detection measures. (Lisa Vaas / Threatpost)
Raising concerns over the government’s surveillance of its citizens, a plan under discussion at the Department of Homeland Security would encourage outside firms to track extremist chatter by Americans online, an effort that would expand the government's ability to gather intelligence, sources say.
According to one source, the DHS is considering partnering with firms that research domestic terrorism to conduct this surveillance. (Zachary Cohen and Katie Bo Williams / CNN)
Related: Infosecurity Magazine
Researchers at Gemini Advisory say that cybercriminals are increasingly targeting third-party infrastructure that restaurants across the U.S. use to place online orders.
Over the past six months, five online ordering platforms, exposing arou8nd 343,000 payment cards, have been hacked. Among those platforms are Easy Ordering, MenuSifu, Food Dudes Delivery, Grabull, and E-Dining Express. (Sean Lyngaas / Cyberscoop)
Related: Gemini Advisory
Cybersecurity company Imperva announced it plans to acquire application programming interface (API) security company CloudVector for an undisclosed sum.
CloudVecto says that its technology enables customers to discover, monitor, and protect API traffic in environments from exploits and breaches. (Kyle Wiggers / Venture Beat)