Hacken Token
$ -- --.--

Weekly News Digest #31

Hackers require $50 million ransom to prevent the leak of stolen Apple blueprints 

On Wednesday, Quanta, the supplier of Apple, experienced the ransomware attack carried out by REvil ransomware group. The malicious actors are demanding Apple pay them a solid ransom of $50 mln. Otherwise, the stolen sensitive files may appear on the dark web. 

In the recent post shared by a threat actor in the “Happy Blog” portal, it is mentioned that the malicious group accessed the schematics of Apple products such as Apple Watch and MacBooks by infiltrating the Taiwanese manufacturer’s network. Quanta expressed no willingness to pay a ransom to recover the stolen files and, thus, the malicious actors are making a ransom demand to the US company.

The REvil operators also added that their team was going to sell the gigabytes of personal data as well as confidential blueprints to several large brands. The malicious group has set up May 1 as the deadline for Apple to pay the ransom.

The malicious activities of the REvil group were firstly detected in June 2019. Since the group has been actively exploiting the “double-extortion” technique for maximizing profits. Other malicious groups have also emulated this technique. 

Read more

Firefox Flaw fixed by Mozilla 

The Firefox browser flaw that enabled the HTTPS secure communications icon spoofing has been fixed by the Mozilla Foundation. The icon was displayed as a browser address window padlock. By exploiting this flaw, a rogue website could successfully intercept browser communications. 

Mozilla Firefox 88 has been released to address 13 browser bugs including 6 high-severity issues. The secure-lock-icon flaw tracked as CVE-2021-23998 used to affect the Firefox browser corporate and consumer versions before the security updates were released on Monday. The spoofed secure lock icon was discovered by Jordi Chancel, the independent researcher. The security bulletin provided by Mozilla does not indicate whether the exploitation of the flaws specified in its advisory takes place in the wild.  

Read more

Telegram Platform Leveraged by Hackers to Perform ‘ToxicEye’ Malware Campaigns

Malicious actors are embedding the Telegram messaging app inside the ToxicEye, the remote access trojan (RAT). Hackers operating a Telegram messaging account control the victim’s computer infected with the ToxicEye. 

The Check Point Software Technologies researchers have identified that the ToxicEye malware enables hackers to take over file systems, install malicious software, and leak data including sensitive information from the victim’s PCs. 

Telegram has more than 500 mln active users worldwide and that is why hackers have targeted this app. According to the Check Point research and development manager Idan Sharabi, hackers strived to make Telegram their distribution platform due to its global popularity.

Idan Sharabi also added in the e-mail statement that most organizations allowed the use of Telegram by their employees for professional purposes and that is why hackers could exploit this app to bypass security restrictions.

 Read more

Sabre rattled by Signal in the direction of Cellebrite 

Signal revealed the possibility of gaining arbitrary code execution through its tools. After that, Cellebrite, the company specializing in phone scanning and data extraction, is facing the possibility that app makers can hack back at the tool.   

The tools developed by Cellebrite are designed to pull data out of phones that are in users’ possession. 

The execution of code modifying the Cellebrite report being created in that scan as well as the future and all previous reports in any arbitrary way such as insertion or removal of text, photos, files, contacts, and other data can take place when the specially formatted but otherwise innocuous file in an app is included on the device scanned by Cellebrite. As mentioned by Moxie Marlinspike, Signal CEO, no checksum failures or timestamp changes can be detected in such a case.   

Generally, upon identifying such vulnerabilities, the software maker gets information about the issue to release fixes. Marlinspike raised the stakes since Cellebrite benefits from undisclosed vulnerabilities.  

Read more

Active exploitation of SonicWall email security zero-day vulnerabilities 

The US company issued a security alert on Tuesday in which it stated that published fixes resolving 3 critical flaws affecting “on-premises and hosted email security products.” 

SonicWall ES has been designed to prevent business email compromise attempts and phishing emails, thereby, protecting email traffic and communication. 

As of now, there has been recorded at least one case of active exploitation in the appliance. 

“The organizations using SonicWall Email Security (ES) hardware appliances, virtual appliances or Microsoft Windows Server software installation have to immediately upgrade the product they use to the respective SonicWall Email Security version listed,” statement made by SonicWall. 

The SonicWall ES/Hosted Email Security (HES) versions 10.0.1 and above are affected by the CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023 vulnerabilities. 

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.