Select Page
Garrett Walk-Through Metal Detectors Can Be Hacked Remotely

Garrett Walk-Through Metal Detectors Can Be Hacked Remotely

A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices.

“An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through,” Cisco Talos noted in a disclosure publicized last week. “They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors.”

Talos security researcher Matt Wiseman has been credited with discovering and reporting these vulnerabilities on August 17, 2021. Patches have been released by the vendor on December 13, 2021.

The flaws reside in Garrett iC Module, which enables users to communicate to walk-through metal detectors like Garrett PD 6500i or Garrett MZ 6100 using a computer through the network, either wired or wirelessly. It allows customers to control and monitor the devices from a remote location in real-time.

The list of security vulnerabilities is below –

images from Hacker News

‘Spider-Man: No Way Home’ Pirated Downloads Contain Crypto-Mining Malware

‘Spider-Man: No Way Home’ Pirated Downloads Contain Crypto-Mining Malware

Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie.

As perhaps the most talked-about movie for some time, Spiderman: No Way Home represents an excellent opportunity for hackers. It’s a chance to connect with millions of potential targets, and hack into computers all around the globe. All today’s malicious actors need to do is promise their victims access to the latest movie, and they get an all-access pass to their PC.

The cryptocurrency mining malware discovered by ReasonLabs disguises itself as a torrent for the Spiderman: No Way Home movie, encouraging viewers around the world to download the file, and open the computer to criminals.

Using a Mask: Tricking Users into Downloading Malware

Cybersecurity issues are on the rise in today’s digital world. There were around 714 million attempted ransomware attacks reported for 2021 – a 134% rise from 2020. As people spend more of their time online, both for work and entertainment, criminals are discovering new opportunities to pinpoint easy targets. One of the easiest ways for criminals to find their victims – is with the right lure.

With many viewers still unable to attend physical cinemas due to lockdown restrictions, fans of the Spiderman franchise have been keen to get their hands on the movie elsewhere. This might be why so many people chose to download the “leaked” file, identified as: spiderman_net_putidomoi.torrent.exe, when it first emerged.

According to ReasonLabs, however, this is far from the first-time criminals have tried to trick users by convincing them they’re downloading something they want.

While most people are aware of the threats associated with unknown files, criminals are excellent at making their downloads look legitimate. This specific cryptocurrency mining malware may have been around in a number of different disguises before donning the Spiderman outfit. ReasonLabs believes it has also been circulating as apps like Discord or Windows Updater.

What Does the Spiderman Malware Do?

The malware baked into the Spiderman: No Way Home torrent is not listed by VirusTotal at this time, but ReasonLabs believes it has been around for quite some time, affecting numerous users.

ReasonLabs noted they frequently see miners deploying in the disguise of common programs and files. Crypto-mining tools hidden in the files has grown increasingly popular in recent years, because they offer easy access to cash. Hiding a crypto miner in a file sure to attract a lot of attention, like a Spiderman movie, makes it easy to target as many victims as possible.

images from Hacker News

New Android Malware Targeting Brazil’s Itaú Unibanco Bank Customers

New Android Malware Targeting Brazil’s Itaú Unibanco Bank Customers

Researchers have discovered a new Android banking malware that targets Brazil’s Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge.

“This application has a similar icon and name that could trick users into thinking it is a legitimate app related to Itaú Unibanco,” Cyble researchers said in a report published last week. “The [threat actor] has created a fake Google Play Store page and hosted the malware that targets Itaú Unibanco on it under the name ‘sincronizador.apk.'”

The tactic of leveraging fake app store pages as a lure is not new. In March, Meta (previously Facebook) disclosed details of an attack campaign that used its platform as part of a broader operation to spy on Uyghur Muslims using rogue third-party websites that used replica domains for popular news portals and websites designed to resemble third-party Android app stores, where attackers put fake keyboard, prayer, and dictionary apps that might appeal to the targets.

images from Hacker News

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to “trivially and reliably” bypass a “myriad of foundational macOS security mechanisms” and run arbitrary code.

Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the issue relates to a scenario where a rogue macOS app may circumvent Gatekeeper checks, which ensure that only trusted apps can be run and that they have passed an automated process called “app notarization.”

The iPhone maker, crediting Gordon Long of Box with reporting the flaw, said it addressed the weakness with improved checks as part of macOS 11.6 updates officially released on September 20, 2021.

“Such bugs are often particularly impactful to everyday macOS users as they provide a means for adware and malware authors to sidestep macOS security mechanisms, …mechanisms that otherwise would thwart infection attempts,” Wardle said in a technical write-up of the flaw.

Specifically, the bug not only gets around Gatekeeper, but also File Quarantine and macOS’s notarization requirements, effectively allowing a seemingly innocuous PDF file to compromise the entire system simply by opening it. According to Wardle, the issue is rooted in the fact that an unsigned, non-notarized script-based application can not explicitly specify an interpreter, resulting in a complete bypass.

images from Hacker News

New Ransomware Variants Flourish Amid Law Enforcement Actions

New Ransomware Variants Flourish Amid Law Enforcement Actions

Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement’s disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies.

“Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] groups dominating the ecosystem at this point in time are completely different than just a few months ago,” Intel 471 researchers said in a report published this month. “Yet, even with the shift in the variants, ransomware incidents as a whole are still on the rise.”

Sweeping law enforcement operations undertaken by government agencies in recent months have brought about rapid shifts in the RaaS landscape and turned the tables on ransomware syndicates like Avaddon, BlackMatterCl0pDarkSide, Egregor, and REvil, forcing the actors to slow down or shut down their businesses altogether.

But just as these variants are fading into obscurity, other up-and-coming groups have stepped in to fill the vacuum. Intel 471’s findings have uncovered a total of 612 ransomware attacks between July to September 2021 that can be attributed to 35 different ransomware variants.

Roughly 60% of the observed infections were tied to four variants alone — topped by LockBit 2.0 (33%), Conti (15.2%), BlackMatter (6.9%), and Hive (6%) — and primarily impacted manufacturing, consumer and industrial products, professional services and consulting, and real estate sectors.

images from Hacker News