Syntax Bearror

Top Menu

  • Home
  • PowerShell Resource
  • SpiceWorld 2019 Resources
  • Contact Us
  • About Us

Main Menu

  • Home
  • Blog
  • IT Guides
  • How-To’s
  • IT Fixes
  • Cybersecurity
  • Reviews
  • Home
  • PowerShell Resource
  • SpiceWorld 2019 Resources
  • Contact Us
  • About Us

logo

Header Banner

Syntax Bearror

  • Home
  • Blog
  • IT Guides
  • How-To’s
  • IT Fixes
  • Cybersecurity
  • Reviews
Bear Security
Home›Bear Security›Bear Security – Security News for Week of June 19th, 2021

Bear Security – Security News for Week of June 19th, 2021

By Christopher
June 20, 2021
1622
0
Share:
Green Code on Laptop Screen with Hand on Keyboard

These are the stories that relate to our careers, clients, and businesses in the cybersecurity world for the Week of June 12th, 2021. Watch this in video form over on YouTube, or you can listen on the go with the Bear Security podcast.

7-Year-Old Privilege Escalation Bug in Linux Patched

The Register is reporting that a seven-year-old privilege escalation bug that has traveled amongst different Linux distributions over the years has been patched. The bug affects the service polkit, which evaluates whether specific Linux activities require increased privileges than the ones currently available. The security researcher Kevin Backhouse who identified the bug said the flaw is surprisingly easy to exploit, but timing is an important factor in successful exploitation. The vulnerability results from the way polkit handles errors when the UID of a connection no longer exists, which in some cases, ends up defaulting to UID 0, which leads polkit to process the request as if it came from a root process.

Linux Systems that have polkit version 0.113 or later installed are at risk of this bug, such as the unstable branch of Debian, RHEL 8, Fedora 21+ and Ubuntu 20.04. It is recommended to update as soon as you can.

Read the full story over at The Register, or the researcher’s blog post relating to the bug.

Security Firm COO Charged with Facilitating Cyberattack

SC Magazine is reporting the arrest of Vikas Singla, Co-Founder, and COO of Securolytics for aiding and abetting a 2018 cyberattack against the Gwinnett Medical Center in Georgia. The Department of Justice claims the attack against Gwinnett Medical Center involved disrupting phone service, disrupting network printing services, and obtaining information from a digitizing device and that it was done for “personal profit” and “commercial advantage”. In total, Singla faces more than 18 counts of violations to the Computer Fraud and Abuse Act, with 16 of those charges involving the same malicious act being carried out on 16 different printers. Singla is currently out on bail pending trial.

Read the full story over at SC Magazine.

SolarMarker Remote Access Trojan (RAT) Being Distributed by Malicious PDF’s Padded with SEO Keywords

ZDNet is reporting that attackers behind the malware known as SolarMarker, are using PDF documents padded with SEO keywords to boost their visibility on search engines in an attempt to lead victims to malware on a malicious site that poses as Google Drive. SolarMarker is a remote access trojan that steals data and credentials from browsers. The malicious PDF’s have so far been stored on AWS Web Services or Google Drive, where they are indexed by search engines that process the keyword-stuffed documents, ranking them high for a particular search term. An unsuspecting user may open this document believing it relates to their search, which leads them to fake login pages on .site, .tk, and .ga along with downloading malware.

Microsoft Security Intelligence noted in a tweet that these documents have a wide range of topics, including “insurance form”, “acceptance of contract”, “how to join in SQL”, and “math answers”. This tactic isn’t exactly new for the attackers, with security firm Crowdstrike alerting to similar activity back in February. Microsoft has also recently reported seeing random files being downloaded in an attempt to evade detection.

Read the full story over at ZDNet.

JBS Pressed on Why They Paid Ransom

The Hill is reporting that the chairwoman of the House Oversight and Reform Committee Representative Carolyn Maloney, is pressing JBS USA to explain its reasoning for paying an $11 million dollar ransom. Included in that was a request to turn over all documents related to the ransomware attack recently suffered by JBS, and records of its communications to the REvil group. Rep. Maloney wrote in the letter, “I am deeply troubled by this and similar ransomware attacks”. JBS claimed that the ransom payment was necessary to prevent critical data from being destroyed.

Though, this may just be the start of problems for JBS, whose parent company J&F investimentos in 2020 paid a $280 million dollar fine to settle allegations that they violated the Foreign Corrupt Practices Act for how they acquired Pilgrim’s Pride and Swift & Co here in the United States. This situation has further reignited concerns regarding the consolidation within the agriculture sector and how attacks such as these could trigger shortages and soaring prices.

If one thing is for sure, it seems companies who are impacted by ransomware are finding themselves in even deeper waters as they fall under the microscope for their practices. We can only hope this leads to better security practices.

Read the full story over at The Hill.

Altered Ledger Devices Sent to Customers to Steal Cryptocurrency

BleepingComputer is reporting that customers of Ledger have become the target of a new scam. Scammers are using data from a data breach at Ledger back in June 2020 which disclosed customer contact information, to send them replacement hardware wallets that look like a Ledger Nano X in the mail. The instructions that come with the device instruct a user to open a drive that appears after plugging the device into their computer and running the enclosed application. The application then asks for their Ledger recovery phrase to import the wallet to the new device. Meanwhile, it sends the recovery phrase to the scammers who then use it to import the victim’s wallet on their own devices to steal the cryptocurrency funds contained.

Ledger customers are advised to be suspicious of any unsolicited email, package, or text claiming to be related to their hardware devices.

Read the full story including more technical details and pictures over at BleepingComputer.

Things Not Included in This Week’s Episode

  • Ransomware gang Avaddon shut down and released keys. Victims can get a free decryptor from Emsisoft.
  • SpectreOps Research on Attack Potential against Active Directory Certificate Services.
  • CodeCov is retiring bash uploader that was compromised in supply chain attack.
  • Microsoft disrupted a large Business Email Compromise (BEC) campaign.

That’s all for this week’s security news. Come back every Saturday for the next rendition or check it out over on YouTube or on podcast. Stay safe out there friends.

This week’s featured image is from Sora Shimazaki at Pexels.

TagsAvaddon ransomware gangCFAAhardware exploitsJBSLedgerLinuxPolKitPrivilege EscalationRansomwareSecurolyticsSolarMarker
Previous Article

Bear Security – Security News for Week ...

Next Article

Disable Print Spooler on Domain Controllers (If ...

Share:

Christopher

Christopher Clai is a Senior Security Engineer, IT Generalist, and Developer from Chicago, IL with over 20 years of experience in Information Technology ranging from small businesses to Fortune 500's. Chris loves the Pacific Northwest, Sushi, Invader Zim, Rugby, World of Warcraft, raves, and is an avid user of Microsoft and Linux-based technologies.

Related articles More from author

  • Looking suspiciously at a Lemon Duck
    Bear Security

    Bear Security – Security News For Week of May 22nd, 2021

    May 22, 2021
    By Christopher
  • Blog

    MSPs Using Kaseya VSA Find Themselves Distributing Ransomware

    July 2, 2021
    By Christopher
  • Frag Attack Icon
    Bear Security

    Bear Security – Security News For Week of May 15th, 2021

    May 15, 2021
    By Christopher
  • Colorado Flag Waving
    Bear Security

    Bear Security – Security News for the Week of July 19th, 2021

    July 19, 2021
    By Christopher
  • Blog

    PrintNightmare Part II – Print Spooler Remains Vulnerable Across Windows

    July 3, 2021
    By Christopher
  • Bear Security

    Bear Security – Security News for Week of April 24th, 2021

    April 24, 2021
    By Christopher

Leave a reply Cancel reply

  • Photo of the stage at the Diversity and Tech Pre-Day at Microsoft Ignite 2018
    Blog

    Join Diversity and Tech at Microsoft Ignite 2019

  • Looking Disappointed at a Dell Desktop
    Bear Security

    Bear Security – Security News for Week of May 8th, 2021

  • Blog

    Microsoft Ignite 2021 – Day 2 Quick Recap

Follow Us on Social

See the Syntax at These Events

All appearances for 2020 have been cancelled due to COVID-19. Stay safe out there and see you all at events in 2021!

Like This Content?

Help Sytnax Bearror create more content, videos, podcasts, scripts, and more by contributing to our caffiene and technology addictions.

Subscribe to our Patreon

Buy Us a Coffee

Most Popular

IT Fixes

Dell Laptops Showing “Press Power Button and Volume Down to Login”

  • How to Root AT&T Samsung S5 G900A (Up to Lollipop 5.0)

    By Christopher
    May 21, 2015
  • Fixing APC PowerChute Personal Edition Not Detecting UPS on Windows 10

    By Christopher
    March 15, 2021
  • Windows 10 Locking Up Intermittently with File Operations

    By Christopher
    October 24, 2015
  • PrintNightmare Part II – Print Spooler Remains Vulnerable Across Windows

    By Christopher
    July 3, 2021

Latest Tweets

  • My time on this social network has come to an end. Fair winds my friends. Find me at: https://t.co/G1ygbdZ5Cd:… https://t.co/qEwtgbJlJm

    Nov 20, 2022
  • Midterms must not have been loud enough. Millennials and Gen Z, get louder.

    Nov 14, 2022
  • Given the direction of things, I'll likely be leaving the bird app. Let's connect via other platforms!… https://t.co/4bl04V46mz

    Oct 31, 2022
  • If you are a member of ISC2, this is a good thread to read on the upcoming vote. I agree with the author, these are… https://t.co/O1dFGUbQQG

    Oct 17, 2022
  • Maybe unpopular opinion? Microsoft needs to make Threat Explorer a part of the Defender for 365 P1 License. Threat… https://t.co/1x0qnoMRrb

    Oct 12, 2022

Categories

Bear Security Blog Cybersecurity How To's IT Fixes Reviews

Copyright Statement

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
©2014 - 2021 - SyntaxBearror.io. All rights reserved unless otherwise noted.