SAN MATEO, CA, January 2, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- Google Home smart speakers can be transformed into wiretapping devices
- Netgear: patch your routers immediately
- Malvertising Google Ads campaign targets victims via typosquatting
- Thousands of Citrix servers remain unpatched and vulnerable
- APT hackers now using malicious Excel add-ins for intrusion
- Hive ransomware group attacks Louisiana hospital
- GuLoader evading security by employing new techniques
- Researchers develop Android eavesdropping software
Google Home smart speakers can be transformed into wiretapping devices
A bug bounty of $107,500 was awarded to a security researcher who discovered a way backdoors are installed in Google Home smart speakers that turn them into eavesdropping devices. According to the researcher, who goes by the name Matt, the bug “allowed an attacker within wireless proximity to install a ‘backdoor’ account on the device, enabling them to send commands to it remotely over the internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN.” Read more.
Netgear: patch your routers immediately
A pre-authentication buffer overflow vulnerability affecting Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6) and Wireless AC router models has been issued by Netgear. The company strongly urges all users to patch their hardware immediately, as a successfully exploited bug of this nature can lead to arbitrary code execution. A series of steps need to be carefully followed to ensure that your system is properly protected, which can be found here: Read more.
Malvertising Google Ads campaign targets victims via typosquatting
Some of those searching for popular software such as AnyDesk, Dashlane, Grammarly, Malwarebytes, Microsoft Visual Studio, MSI Afterburner, Slack and Zoom have been victimized by a Google Ads campaign that uses typosquatting to direct victims to fraudulent websites where they download malware posing as legitimate apps. Thus far, the campaign has mainly targeted users in the US and Canada and has misled them into downloading cryptocurrency miners and information stealers. Read more.
Thousands of Citrix servers remain unpatched and vulnerable
Researchers at NCC Group’s Fox IT team report that thousands of Citrix servers are vulnerable to attack, as they have not been updated with patches that fix two critical bugs. The first, CVE-2022-27510, is an authentication bypass that lets an attacker gain “unauthorized access to the device, perform remote desktop takeover, or bypass the login brute force protection.” The second, CVE-2022-27518, “allows unauthenticated attackers to perform remote command execution on vulnerable devices and take control of them.” CVE-2022-27518 had already been exploited in the wild when its patch had been issued. Users of Citrix ADC and Gateway deployments are urged to update their systems immediately. Read more.
APT hackers now using malicious Excel add-ins for intrusion
As Microsoft has blocked Visual Basic for Applications macros for downloaded Office files, hackers have had to get creative with their tactics. According to researchers at Cisco Talos, APT actors are now turning to Excel add-in files as an initial intrusion vector. XLL files appear to be favored, as they “can be sent by email, and even with the usual anti-malware scanning measures, users may be able to open them not knowing that they may contain malicious code.” Ekipa RAT, having been updated to accommodate for Microsoft’s recent new defenses, incorporates XLL add-ins and demonstrates hackers’ ability to keep up with changing protocols and blockages in their efforts to access private data. Read more.
Hive ransomware group attacks Louisiana hospital
The Lake Charles Memorial Health System, the largest medical complex in Lake Charles, Louisiana, reported a ransomware attack in October of 2022 that affected almost 270,000 patients. The Hive ransomware group has claimed credit for the attack, having published the stolen information on its data leak site. The hospital offers complimentary credit monitoring for those whose Social Security numbers were compromised in the attack. Read more.
GuLoader evading security by employing new techniques
Malware lander GuLoader has been using a range of advanced techniques to evade security software, according to researchers at CrowdStrike. As per their report, scans for virtualization software, “redundant code injection mechanisms,” anti-analysis and anti-debugging tricks and other methods are employed by GuLoader to sneak through defended systems. The evidence reveals that GuLoader continually evolves and changes to remain dangerous. Read more.
Researchers develop Android eavesdropping software
Researchers from five American universities (Texas A&M University, New Jersey Institute of Technology, Temple University, University of Dayton, and Rutgers University) has created EarSpy, an attack designed to see how threat actors can use Android devices for eavesdropping. EarSpy works by, “capturing motion sensor data readings caused by reverberations from ear speakers in mobile devices.” Researchers have noted that it can use this information to discern a caller’s gender, identity and private speech. Read more.
More cybersecurity news
- Last week’s news
- All cybersecurity news and articles are brought to you by NetworkTigers.