AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/22/2021

US Treasury sanctions crypto exchange over role in ransomware attacks

The US Department of the Treasury has imposed sanctions on virtual currency exchange Suex for its alleged role in facilitating financial transactions for ransomware actors. The Treasury stated that Suex has facilitated transactions involving illicit proceeds from at least eight ransomware variants, adding that over 40% of its transaction history is associated with illicit actors. As a result of the sanctions, which are the first designations against a virtual currency exchange, Suex is blocked from accessing all US property, and US citizens are prohibited from engaging in transactions with it. The Treasury added that virtual currency exchanges are critical to the profitability of ransomware attacks, which it said help fund additional cybercriminal activity. It will also continue to disrupt and hold accountable these kinds of entities to reduce the incentive for cyber criminals to continue to conduct these attacks.

 

macOS has an unpatched Finder vulnerability that hackers can use to run arbitrary commands

Apple makes much of the security of its products, but vulnerabilities are certainly not unknown. SSD Secure Disclosure has revealed details of a zero-day flaw affecting Finder in macOS. It can be exploited to run arbitrary commands without displaying any messages, prompts or warnings. The vulnerability was discovered by independent security researcher Park Minchan, and it is present in macOS Big Sur and earlier. The flaw relates to the way macOS processes .inetloc (internet location) files and Apple has made a poor, easily circumvented attempt to fix it in the most recent version of its Mac operating system. In a write-up about the flaw, SSD Secure Disclosure warns that the security flaw “allows remote attackers to trick users into running arbitrary commands”.

 

Why Financial Services Companies Are More Prone to Insider Threats, and What They Can do About It

Insider threats pose a growing problem for enterprises — recent survey data found that 66 percent of organizations say malicious or accidental insider attacks are more likely than their external counterparts. The issue is especially worrisome for financial services firms. According to S&P Global Market Intelligence, current market conditions have created “significant” challenges for banks that, in turn, put them at greater risk of insider threats. Banks also have more to lose from these threats. “While these challenges are present in any institution, insider threats pose a greater risk for banks,” says Gaurav Deep Singh Johar, member of the Emerging Trends Working Group for the IT trade association ISACA. “There is a big reputational impact, thanks in part to increasing regulatory oversight.” What are the most common sources of insider threats, and how can financial services companies tackle this problem from the inside out?

 

Netgear fixes dangerous code execution bug in multiple routers

Netgear has fixed a high severity remote code execution (RCE) vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices (SOHO) Netgear routers. While one would expect the attack vector exposed by Circle security flaw (tracked as CVE-2021-40847) would be removed after the service is stopped, the Circle update daemon containing the bug is enabled by default and it can be exploited even if the service is disabled. “The update process of the Circle Parental Control Service on various Netgear routers allows remote attackers with network access to gain RCE as root via a Man-in-the-Middle (MitM) attack,” GRIMM security researcher Adam Nichols explained.

 

Republican Governors Association email server breached by state hackers

The Republican Governors Association (RGA) revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. RGA is a US political organization and a tax-exempt 527 group that provides Republican candidates with the campaign resources needed to get elected as governors across the country. Following an investigation started after March 10, “RGA determined that the threat actors accessed a small portion of RGA’s email environment between February 2021 and March 2021, and that personal information may have been accessible to the threat actor(s) as a result.”

 

Microsoft investigates Outlook issues with security keys, search

Microsoft is investigating several issues impacting Outlook customers and leading to problems related to security keys, search results, and more. As the company explains, some users cannot add Gmail accounts if they use security keys for multi-factor authentication. “Adding a Gmail account to Outlook while using a security key for 2-step verification causes this error: This browser does not support security keys,” Microsoft revealed on its list of recent issues in Outlook for PC. Redmond is also looking for a fix to address reports of search results for Outlook Suggested Searches being inaccurate, incomplete, or missing. This issue is triggered by suggested search encoding that doesn’t match what Outlook for Microsoft 365 expects.

Related Posts