Cybersecurity Weekly: Safari zero-day, Windows printer vulnerability, iPhone hack

July 22, 2021 by Sam Fay

A Safari zero-day was used in a malicious LinkedIn campaign. A researcher finds another unpatched Windows printer spooler vulnerability. A low-risk iOS Wi-Fi naming bug can hack iPhones remotely. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Safari zero-day used in malicious LinkedIn campaign

Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability. The vulnerability allowed for the processing of maliciously crafted web content for universal cross site scripting.
Read more »


2. Researcher finds another unpatched Windows printer spooler vulnerability

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, another zero-day flaw in the same component emerged, making it the fourth printer-related flaw to be discovered in recent weeks. The flaw allows a threat actor to execute arbitrary code with SYSTEM privileges.
Read more »


3. Low-risk iOS Wi-Fi naming bug can hack iPhones remotely

The Wi-Fi network name bug that was found to completely disable an iPhone’s networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability stemmed from the way iOS handled string formats associated with the SSID input.
Read more »


4. New phishing campaign targets individuals of interest to Iran

So far, the campaign has affected individuals at fewer than 10 organizations. But as with all TA453 attacks, this one also is narrowly focused and designed to steal data from official email inboxes belonging to persons of likely interest to the Iranian government. Researchers also observed the attackers attempting to gain access to personal email inboxes.
Read more »


5. Ransomware attacks targeting unpatched EOL SonicWall VPN appliances

SonicWall alerted customers of an imminent ransomware campaign targeting its Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware. The warning comes one month after remote access vulnerabilities in SonicWall SRA 4600s were exploited as an initial access vector for ransomware.
Read more »


6. REvil ransomware gang disappears after high-profile attacks

REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down. Multiple darknet and clearnet sites remained inaccessible, displaying an error message that the site was not found.
Read more »


7. Software maker removes backdoor giving root access to radio devices

The author of a popular software-defined radio project removed a backdoor from radio devices that granted root-level access. According to the project’s author, the backdoor was present in all versions of KiwiSDR devices for the purposes of remote administration and debugging.

Read more »


8. Cyberspies targeting Southeast Asian government entities

A sweeping and highly active campaign that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research. The goal of the attacks is to affect a wide perimeter of targets with the aim of hitting a select few that are of strategic interest.
Read more »


9. Updated Joker malware floods into Android apps

The Joker mobile trojan is back on Google Play, with an uptick in malicious Android applications that hide the billing-fraud malware. It’s also using new approaches to skirt past Google’s app-vetting process. In the latest wave, at least 1,000 new samples were detected just since September.
Read more »


10. 16-year-old security bug affects millions of HP, Samsung, Xerox printers

Details recently emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox and Samsung printers that has remained undetected since 2005. The issue concerns a buffer overflow in a print driver installer package named SSPORT.SYS that can enable remote privilege and arbitrary code execution.
Read more »


Posted: July 22, 2021
Sam Fay
View Profile