AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/11/2021

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait

During this month’s Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors. Zero-days, as defined by Microsoft, are publicly disclosed bugs with no official security updates. The vulnerability, tracked as CVE-2021-42292, is a high severity security feature bypass that unauthenticated attackers can exploit locally in low complexity attacks that don’t require user interaction. Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers. Luckily, Microsoft says that the Windows Explorer preview pane is not an attack vector for the two bugs. This means that successful exploitation requires fully opening maliciously crafted Excel files instead of just clicking to select them.


Toronto’s transit agency cyberattack exposes 25,000 employees’ data

The Toronto Transit Commission has confirmed that the personal information of tens of thousands of employees may have been compromised as a result of a ransomware attack on its systems last month. The TTC, which operates Toronto’s bus, subway, streetcar and paratransit systems, said in a statement that the compromised data includes the names, addresses and Social Insurance Numbers of 25,000 past and present employees. The agency said it’s continuing to investigate whether a “small number” of customers and vendors have also been affected. The agency added that while there is “no evidence” that any of the information has been misused, it is notifying those individuals affected and will provide them with credit monitoring and identity theft protection. The TCC has also advised employees to call their banks and alert them of the security breach.


Comic book distributor struggling with shipments after ransomware attack

Major comic book company Diamond Comic Distributors is struggling to keep up with its planned shipments after being hit with a ransomware attack on Sunday. In a statement, the company said its planned shipments for Wednesday would be delayed about two to four days throughout the country due to the attack; reorders are expected to resume within the next 72 hours. The delays will also affect international retailers. The company said it was dealing with a ransomware attack affecting its order processing systems as well as its internal communications platforms. “Our IT department and a team of third-party experts are working around the clock to address these issues and restore full operations,” Diamond Comic Distributors said. “We want to assure you that customer data and financial information is not stored on our network, and as such, we have no reason to believe it has been impacted by this attack.”


This prolific hacker-for-hire operation has targeted thousands of victims around the world

A hacker-for-hire operation offered by cyber mercenaries has targeted thousands of individuals and organisations around the world, in a prolific campaign of financially driven attacks that have been ongoing since 2015. Human rights activists, journalists, politicians, telecommunications engineers and medical doctors are among those who have been targeted by the group, which has been detailed by cybersecurity researchers at Trend Micro. They’ve dubbed it Void Balaur, after a multi-headed creature from Slavic folklore. The cyber-mercenary group has been advertising its services on Russian-language forums since 2018. The key services offered are breaking into email and social media accounts, as well as stealing and selling sensitive personal and financial information. The attacks will also occasionally drop information-stealing malware onto devices used by victims.


Aleksandr Zhukov, self-described ‘king of fraud,’ is sentenced to 10 years

A Russian man who once described himself as the “king of fraud” for his role in orchestrating a multimillion dollar crime spree was sentenced Wednesday to 10 years in prison. Aleksandr Zhukov, 41, was convicted in May of defrauding U.S. advertising companies out of $7 million in part by using networks of hacked computers, or botnets, to artificially inflate web traffic. Working with a small network of cybercriminals, Zhukov directed bot traffic to inauthentic websites, charging marketing companies to run advertisements on websites that attracted little, if any, real visitors. Two of Zhukov’s associates have pleaded guilty to involvement in the 3ve scheme, also known as Methbot, while six others have faced charges for the alleged roles in the effort.


New Android malware targets Netflix, Instagram, and Twitter users

A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users. This new Android banking trojan also targets bank customers with custom fake login overlays in multiple languages. A MasterFred sample was first submitted to VirusTotal in June 2021 and was first spotted in June. Malware analyst Alberto Segura also shared online a second sample one week ago, pointing out that it was used against Android users from Poland and Turkey. After analyzing the new malware, Avast Threat Labs researchers discovered APIs provided by the built-in Android Accessibility service to display the malicious overlays.

Related Posts