It was a relatively quiet week regarding ransomware news, with the BlackCat ransomware gang extorting Reddit and the ongoing MOVEit Transfer data breaches being the main focus. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
It was a relatively quiet week regarding ransomware news, with the BlackCat ransomware gang extorting Reddit and the ongoing MOVEit Transfer data breaches being the main focus. […] Read More
BleepingComputer
Feds Stepping to Patch Years-old SS7 Vulnerability in Phone Networks
[[{“value”:”
The FCC (Federal Communications Commission) seeks public input regarding measures by communications providers to address vulnerabilities in SS7 and Diameter protocols that enable tracking consumers’ mobile device locations without consent.
The protocols Diameter and SS7 are important for the telecoms infrastructure, allowing functions such as call routing, network interconnections, and mobility support.
However, several reports have highlighted security issues in these protocols that enable attackers to obtain subscriber location data illegally.
As long as SS7 and Diameter remain the base of mobile networks and also extend their reach in terms of roaming capabilities, the possibility of exploitation continues to rise.
Document
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
At the same time, vulnerabilities are magnified by unencrypted information and network spoofing.
The CSRIC advisory group of the FCC examined these matters and made recommendations, such as using firewalls, monitoring and filtering, engaging signaling aggregators, conducting security assessments, sharing threat information, and promoting the use of encryption by subscribers.
CSRIC on its part observed that location tracking is a main motivation for SS7/Diameter abuses showing the cell ID but not the precise GPS coordinates.
Despite this, even just cell-level location information bears risks to VIPs and officials. Various methods are employed by attackers to get cell towers and visited network details to develop target location patterns.
CSRIC VI issued recommendations to mitigate Diameter exploitation, including implementing secure domains, deploying security gateways at network boundaries, and following network administration best practices.
The FCC encouraged providers to implement CSRIC’s countermeasures. While major providers reported adopting the recommendations, Senator Wyden recently raised concerns about foreign surveillance exploiting SS7/Diameter vulnerabilities to track individuals.
Besides this, he also urged the FCC to mandate minimum cybersecurity requirements for wireless carriers to address these risks.
The FCC seeks renewed public input specifically on the implementation and effectiveness of security countermeasures, including CSRIC recommendations, in preventing location tracking exploits via SS7 and Diameter vulnerabilities.
Commenters are asked to provide details on any successful unauthorized attempts to access user location data since 2018, including incident dates, descriptions of tracking activities, exploited vulnerabilities, techniques used, attacker identities if known, provider response actions, preventive steps that could have been taken, and any incidents involving exploited leased U.S. global titles used for domestic customer tracking.
Moreover, the FCC seeks comment on measures providers have implemented to protect against customer location tracking via SS7 and Diameter, including the adoption of CSRIC, GSMA, and other industry best practices.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
The post Feds Stepping to Patch Years-old SS7 Vulnerability in Phone Networks appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Threat Prevention & Detection in SaaS Environments – 101
Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and Read More
XWorm Malware Attacks Windows To Take RDP Control and Drop Ransomware
A newly discovered XWorm malware variant poses a significant risk to Windows operating systems. This malicious software possesses many capabilities, including remote desktop control, information theft, and the ability to conduct ransomware attacks.
Consequently, Windows users must take the necessary steps to protect their systems against this dangerous threat.
XWorm is a malicious software program designed to infiltrate Windows operating systems. It has gained notoriety as one of the most frequently employed malware strains on platforms like ANY.RUN.
ANY.RUN, an interactive online sandbox for fast malware analysis, has published the results of its research into the top cyber threat trends in Q2 2023.
The service, which analyzes 14,000 suspicious files and links daily, discovered that RATs (Remote Access Trojans) and loaders further solidified their positions as the primary security concerns. RATs displayed an increase of 12.8% quarter over quarter.
TOP10 last week’s threats by uploads
#Redline 219 (215)
#Njrat 144 (84)
#Agenttesla 112 (102)
#Lumma 84 (65)
#Asyncrat 84 (49)
#Remcos 82 (58)
#Amadey 80 (65)
#Arkei 54 (57)
#Xworm 43 (55)
#Vidar 33 (35)https://t.co/sSi7yan9BV pic.twitter.com/0VNaiRojZh
— ANY.RUN (@anyrun_app) August 7, 2023
According to the report shared with Cyber Security News, ANY.RUN discovered XWorm malware using dynamic sandbox analysis, static analysis, and reverse engineering techniques, shedding light on its sophisticated functionalities and evasion mechanisms.
One of the users on ANY.RUN submitted a sample downloaded from a file hosting service and encrypted within an RAR archive. Upon launch, Suricata’s network rules promptly identified it as XWorm.
The application demonstrated features such as creating a shortcut for automatic launch, utilizing a task scheduling mechanism, and trying to connect with a distant server.
Furthermore, the software showcased a unique behavior of attempting to verify whether it’s running on a physical machine or a virtual one, thus employing anti-evasion techniques.
Obfuscation faced in the XWorm Static Analysis led the ANY.RUN team to examine the program through reverse engineering techniques.
Document
FREE Trial
Investigate all the ANY.RUN functionality with your own settings and files. Try The Full Power Of Interactive Analysis and Detect malware quickly and efficiently.
A query to check whether the current machine is hosted or located in a data center.
The sample also gains a foothold by utilizing the registry and the task scheduler.
Through reverse engineering, they discovered the malware’s configuration extraction process.
The configuration decryption involved computing an MD5 hash, copying the hash twice into an array, and utilizing it as an AES key to decrypt base64 strings.
By extracting the malware’s configuration, we gained valuable insights into its communication, behavior, and persistence mechanism, says ANY.RUN.
You can Get a 14-day free trial of ANY.RUN’s top plan for your company or security team today!
The post XWorm Malware Attacks Windows To Take RDP Control and Drop Ransomware appeared first on Cyber Security News.
Cyber Security News