PC Security and Other Useful Information

Fake Windows 11 installers are being used to distribute malware

“Microsoft released the first Windows 11 Insider Preview build on June 28, and has been frequently updating it in the past month or so, with the latest build landing just over a day ago. While the process to upgrade your existing PC to Windows 11 is fairly simple in the sense that you just have to enroll your machine into the Dev channel of the Windows Insider Program and have the build seeded to you, many have been trying other methods of obtaining unofficial ISOs and are being infected with malware instead.”

Microsoft takes down domains used to scam Office 365 users

“Microsoft’s Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s customers.

The domains taken down by Microsoft were so-called “homoglyph” domains registered to resemble those of legitimate business. This technique allowed the threat actors to impersonate companies when communicating with their clients.

According to the complaint filed by Microsoft last week (more details available in the court order), they used the domains registered via NameSilo LLC and KS Domains Ltd./Key-Systems GmbH as malicious infrastructure in BEC attacks against Office 365 customers and services.”

Malicious Office 365 Apps Are the Ultimate Insiders

“Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.”

New ransomware group uses SonicWall zero-day to breach networks

“A financially motivated threat actor exploited a zero-day bug in Sonicwall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets.

The group, tracked by Mandiant threat analysts as UNC2447, exploited the CVE-2021-20016 Sonicwall vulnerability to breach networks and deploy FiveHands ransomware payloads before patches were released in late February 2021.

Prior to deploying the ransomware payloads, UNC2447 was also observed using Cobalt Strike implants for gaining persistence and installing a SombRAT backdoor variant, a malware first spotted in the CostaRicto campaign coordinated by a group of mercenary hackers.

The zero-day was also exploited in attacks targeting SonicWall’s internal systems in January and later abused indiscriminately in the wild.”

A ransomware gang made $260,000 in 5 days using the 7zip utility

“A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program.

Starting on Monday, QNAP NAS users from all over the world suddenly found their files encrypted after a ransomware operation called Qlocker exploited vulnerabilities on their devices.”

No, I Did Not Hack Your MS Exchange Server

“New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name.”

Google Warns Mac, Windows Users of Chrome Zero-Day Flaw

“The use-after-free vulnerability is the third Google Chrome zero-day flaw to be disclosed in three months.

21 million free VPN users’ data exposed

“Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. The data includes email addresses, randomly generated password strings, payment information, and device IDs belonging to users of three VPN apps—SuperVPN, GeckoVPN, and ChatVPN.”