Read this week's Cyber Weekly Digest for a rundown of our top cyber security news picks. In this digest, we dive into yet another misconfigured cloud server impacting Toyota customers and the tool claiming to be able to terminate any EDR. Keep reading to stay up to date on the biggest cyber security news of the week.
A threat actor, Spyboy, is promoting a “Terminator” tool on a Russian-speaking hacking forum that can allegedly terminate any antivirus, XDR, and EDR platform. Terminator is allegedly capable of bypassing 24 different antiviruses (AV), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR) security solutions, including Windows Defender, on devices running Windows 7 and later. Spyboy sells the software for prices ranging from $300 for a single bypass to $3,000 for an all-in-one bypass. To use Terminator, the “clients” require administrative privileges on the targeted Windows systems and have to trick the user into accepting a User Account Controls (UAC) pop-up that will be displayed when running the tool.
A new approach, named BrutePrint, has been discovered by researchers, which can be leveraged by threat actors and an inexpensive technique to brute-force fingerprints on smartphones to bypass user authentication and seize control of the device. BrutePrint bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA) framework. The aim of the technique is to be able to perform an unlimited number of fingerprint image submissions until there is a match. However, it does require the threat actor to already possess the device and requires a fingerprint database.
On Monday, researchers published an advisory announcing information on a new trojan named Android.Spy.SpinOk. SpinOk includes several spyware functionalities, including file collection and clipboard content capture. The Trojan can be embedded within other apps, which is how it spreads to infect millions of devices. Upon activation, the Trojan SDK connects to a command and control (C2) server, transmitting extensive technical data about the infected device. The researcher’s analysis revealed that the Trojan existed in 101 apps with 421,290,300 downloads.
Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners’ personal information for over seven years. During an investigation following a previously discovered misconfigured cloud server that exposed location data for over 2 million customers for 10 years, Toyota found the misconfigured cloud services. Toyota says that data entries were automatically deleted from the cloud environment after a while, so a limited amount of data was exposed at any given moment. Toyota says that it has implemented a system that monitors cloud configurations and database settings on all its environments regularly to prevent these types of leaks in the future.
A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into the people who participated on the forum. Earlier this month, a forum called ‘Exposed’ was launched, aiming to fill the void left behind by the closure of Breached. One of the admins for Exposed leaked information for 478,870 RaidForums members, including their usernames, email addresses, hashed passwords, registration dates, and a variety of other information related to the forum software. The admin later revealed to journalists that the RaidForums data dump was originally not meant to be public, but they decided to leak it.
コメント