End of the Era of Mac Users Feeling Invulnerable - 30,000 infected; Chinese Clone of NSA Hacking Tool; UL and two more Ransomware Victims with Consequences

Malware that targets Apple’s macOS has been found on 30,000 mac computers, but it is unclear what the malware, dubbed Silver Sparrow, is supposed to do. Once an hour, the infected machines check a control server for commands, but researchers have not seen evidence of a payload. There are two versions of the malware; one that targets x86-based machines and a second that targets both x86-based and M1-based machines.

Read more in

Researchers at security firm Check Point have disclosed evidence that a Chinese hacking group managed to obtain and use an NSA hacking tool. The tool, which was developed by the Equation Group, is called EpMe and is used to gain elevated privileges. Using EpMe code from 2013, the Chinese hackers developed a clone in 2014 and used it from 2015 until March 2017, when Microsoft patched the vulnerability the tool exploited.

Read more in

Underwriters Laboratories (UL) has shut down its IT systems following a ransomware attack. The incident occurred on February 13; devices in UL’s data center were encrypted. UL shut down all systems to prevent the malware from spreading. The organization is reportedly restoring its systems from backups and does not intent to pay the ransom.

Read more in

Ransomware operators targeted Seattle-based payment processor, AFTS, and stole files before encrypting the company’s IT system. Automatic Funds Transfer Services (AFTS) is used by government agencies and other organizations across the US to process payments and verify addresses. AFTS customers include the California DMV and numerous other municipalities and agencies in California and Washington. The California Department of Motor vehicles has notified residents of the breach.

Read more in

A month after a ransomware attack took control of its IT system, Georgetown County, South Carolina, is still working to repair its systems. The county did not pay the demanded ransom. Roughly half of employees now have access to their county email accounts.

Read more in

A public service announcement (PSA) from the US Federal Bureau of Investigation (FBI) warns that first responder systems are vulnerable to Telephony Denial of Service (TDoS) attacks, which consumes resources at call centers and prevent true emergency calls from getting through. The attacks have been targeting Public Safety Answering Points (PSAPs), which are call hubs for connecting callers to emergency services. The PSA recommends finding out how to contact emergency services in the event of a 911 outage, having non-emergency numbers on hand.

Read more in

Lakehead University in Canada has extended its winter study break through February 26 due to a cyberattack. The incident forced the school to prevent access to its servers. The attack targeted Lakehead’s file share servers. Users who kept sensitive information, including access credentials, on the file share servers are being advised to change their passwords.

Read more in

Researchers at FireEye have linked attacks exploiting vulnerabilities in Accellion’s File Transfer Appliance (FTA) to a cybercrime group identified as FIN11. The threat actors exploited four unpatched vulnerabilities in the legacy software to install a web shell known as DEWMODE, which was used to download files from FTA appliances. Victims of the attacks include Singtel, the Reserve Bank of New Zealand, and Kroger Supermarkets.

Read more in

One of the vulnerabilities that Microsoft fixed in its February 2021 Patch Tuesday release has been exploited in the wild since the summer of 2020. The high-severity privilege elevation issue can be exploited “by triggering a use-after-free condition in the win32k.sys core kernel component.”

Read more in

Software used by the Arizona State Department of Corrections is riddled with problems. Bugs in the system have placed inmates in cells with people they should not have contact with, have failed to keep inmates’ medications with them when inmates are transferred to a new unit, and they have failed to identify inmates who qualify for programs to reduce their sentences, keeping inmates incarcerated past their release dates. People working on the system knew there were problems and urged the department not to take it live, but their concerns went unheeded because the department had already spent so much money on the project. Rather than fix the software, Department of Connections employees are solving the problems manually.

Read more in

The US National Institute of Standards and Technology (NIST) has released an updated version of its smart grid framework. The NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0, “includes updates to the Smart Grid Conceptual Model, introduces new Communication Pathways Scenarios and an Ontology for the smart grid, provides guidance on cybersecurity practices and tools, and develops the concept of an Interoperability Profile to facilitate testing and certification to improve smart grid interoperability and functionality.”

Read more in

NurseryCam, a system that allows parents to watch their children while they are at nursery school, has temporarily suspended its operations to improve its security. Last week, NurseryCam account credentials were accessed and posted online. The NurseryCam service has been used by roughly 40 nurseries in the UK.

Read more in