The SecuriTea News - Issue #6
Every Friday The Weekly SecuriTEA Report brings you the latest week’s trending Information Security News. Here's what is new for this week:
Coordinated Ransomware Attacks Hit Texas. Last week Friday, 22 local municipalities in Texas had their systems locked out of by a coordinated ransomware attack, making this one of the largest scale ransomware attacks to have occurred to a government agency (Ransomware, for those who may not know, is an attack where a malicious actor has gotten in to your computer and encrypted your data in exchange for money). Many of the municipalities are in rural places, making them a prime target for such an attack due to the lack of a more robust IT department. The attacker exploited a software used by the various cities, and managed by an outsourced third party, and have affected many parts of everyday life for its residents. For example, birth and death certificates are not available online, and the city can't accept utility payments from any of its 13,250 residents. Collectively, the single, unidentified threat actor is asking for a collective $2.5 million dollars in order to unlock their systems. All of the municipalities have not been revealed but two cities have come forward, Borger and Keene, confirming the attack with one mayor confirming that everything in their City Hall has been impacted. Restoration is still ongoing with no timeline yet established for when full capacity will be back.
Stop Believing Everything You See On Instagram.
Revealed Zero-Day At Blackhat Turns Out To Be No Accident. Security researchers revealed a critical zero-day vulnerability in an administrative tool called Webmin. (For context, a zero-day is a security flaw in a software that the makers of the software do not know about. If they don't know about the flaw, they can't fix it, leaving users of this software open to attackers who happen to find the flaw before the makers.) Once revealed and investigated, it turns out that this vulnerability wasn't an accident on the part of the vendor - the vulnerability was planted a year prior by a malicious actor and sat unnoticed until Blackhat. This vulnerability was classified as a backdoor, which means literally what it says, it is an undocumented, secret way to enter into an application usually reserved for administrators for upkeep, and this one in particular gave anyone with knowledge of its existence the ability to execute commands as root, which is an account an attacker could use to take full control of the targeted device. In simple turns, if this vulnerability was on your device and an attacker took advantage of it, they now have control of your computer. From there they have free rein to your data. The vulnerability has since been updated and you can find out more information about how the malicious hacker was able to keep their hack unnoticed, despite updated versions and a brand new server being installed.
Recent Apple Update Could Leave Your iPhone Open To Jailbreak. Typically updates pushed to your phone are supposed to fix known issues but in a recent Apple update, iOS 12.4, it did the opposite and introduced a flaw that could allow the device to be jailbroken as well as vulnerable for attackers to escalate privileges and run code-execution attacks. What you need to know about these two types of attacks is that it would allow a malicious attacker to run some type of malicious code on your device in order to gain full access to the device and possibly its data. The flaw was first found by Motherboard and affects a variety of devices including the iPhone 5s and later, iPad Air and later, and the iPod touch sixth generation. This flaw was initially patched in the last release (12.3) after a researcher in the Google Zero Project found and released an exploit for it, properly of course. If you want to give it a shot at jailbreaking your own phone you can find more information on Github here, thanks to a user posting and tweaking the previous researchers code. Note, your device has to be updated to the latest version for it to work.
If you play Fortnite, don't download Syrk. As mentioned above ransomeware is an attack that holds, or in this case deletes, data in exchange for money. In a recent string of ransomware hitting the internets there is one, dubbed Syrk, that is targeting Fortnite's huge user base under the guise of being a tool that will help players with more accurate gameplay as well as helping them find the location of other players. Fortnite's user base various in age but definitely has a younger demographic who are easy to exploit as they are not careful regarding the packages and tools they download - all they care about is winning the game. An analysis of this ransomware shows that once a game user downloads this tool and install, code is executed that connects back to the malicious attackers server and begins encrypting a range of files on the device. Once these files are encrypted the program sets about deleting files every two hours and even affects USBs if connected. Luckily for games, researcher have found and published a way to decrypt and recover deleted files. Nevertheless, this malware just proves how dangerous it is to download unverified files.
And that's a wrap for your Weekly SecuriTea Report. Be sure to check out the latest every week for the latest in Information Security News.