Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities
Centreon.
The intrusion campaign which breached several French entities is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French information security agency ANSSI in an advisory. On compromised systems, ANSSI discovered the presence of a backdoor in the form of a webshell dropped on several Centreon servers exposed to the internet, the agency said on Monday. This backdoor was identified as being the PAS webshell, version number 3.1.4. On the same servers, ANSSI found another backdoor identical to one described by ESET and named Exaramel.
Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware
Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user s sensitive data, execute arbitrary code, and possibly lead to remote code execution.
The findings come from cybersecurity firm Trend Micro s analysis of the Android version of the app, which allows users to share or transfer files between devices.
But in a worrisome twist, the flaws are yet to be patched by Smart Media4U Technology Pte. Ltd., the Singapore-based developer of the app, despite responsible disclosure three months ago.
Apple will proxy Safe Browsing requests to hide iOS users IP from Google
Apple s upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google.
A built-in security-focused feature in the Safari browser, Fraudulent Website Warning, alerts users about dangerous websites that have been reported as deceptive, malicious, or harmful.
To achieve this, Apple relies on Google Safe Browsing or Tencent Safe Browsing for users in Mainland China a blocklist service that provides a list of URLs for web resources that contain malware or phishing content, to compare a hash prefix calculated from the website address and check if the website is fraudulent.
Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies
UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research.
Attributing the operation to be the work of Static Kitten (aka MERCURY or MuddyWater), Anomali said the objective of this activity is to install a remote management tool called
ScreenConnect (acquired by ConnectWise 2015) with unique launch parameters that have custom properties, with malware samples and URLs masquerading as the Ministry of Foreign Affairs (MOFA) of Kuwait and the UAE National Council.
Since its origins in 2017, MuddyWater has been tied to a number of attacks primarily against Middle Eastern nations, actively exploiting Zerologon vulnerability in real-world attack campaigns to strike prominent Israeli organizations with malicious payloads.