Week 5

New techniques taking advantage of MAC layer to enable long-range communication using other people’s networks.

September 27, 2021 by Vanessa Marin 2 Comments

Article: Our Eye Is on the SPARROW
Author: Reza Soosahabi
Published: September 24, 2021
Site: DARKReading.com

This weeks news: there’s a new way to enable long range communication leveraging other people’s networks by taking advantage of a vulnerability found in MAC layer protocols in 5G and LTE.
Using the cell coverage network, anonymous messages can be sent via short distances that link to enable longer trail of the communication. The vulnerability allows the establishment of these link prior to authenticating the user therefor allowing for anonymity. Specifically the MAC layer (L2) of “wireless access infrastructure” is impacted rather than the physical disruption of the L1 layer of using the other layers of the infrastructure stack (L3-L7).

It’s important to note that “Since commercial wireless signals are available virtually everywhere, exploiting them for data exfiltration can circumvent all existing preventive measures.” Rendering this a rather critical vulnerability.

3 reasons for major concern:
– Max Anonymity
– More distance coverage
– Low power and low complexity

Exploits
– data exfiltration – can serve as a vehicle to known data exfiltration techniques
– command and control – remote control of IoT to trigger events
– clandestine ops – attackers can communicate without detection

New Android Malware Steals Financial Data from 378 Banking and Wallet Apps

September 27, 2021 by Ryan Trapp 1 Comment

This article details a new mobile malware built off of a previous infamous piece of malware. This Trojan named ERMAC targets users financial data. It steals users contact info, text messages, open arbitrary applications, and also triggers and overly for a multitude of financial apps to steal the login credentials. The roots of the malware are suspected to stem from the Cerberus malware, which was another banking Trojan that affected users not too long ago.

https://thehackernews.com/2021/09/new-android-malware-steals-financial.html

New macOS zero-day bug lets attackers run commands remotely

September 24, 2021 by Matthew Bryan 1 Comment

Researchers discovered a flaw in Apple’s MacOS Finder which allows for arbitrary command execution on Mac devices. This was previously thought to be remediated, notably without a CVE number, but a workaround was found. The exploit occurs when an INETLOC file is opened which contains the File:// prefix. These files are bookmarks that can be used to open online resources such as: (news://, ftp://, afp://) or local files (file://).

Apple’s previous patch only blocked the all lowercase file:// prefix. Different cases, e.g. File://, fiLe://, can bypass the check added by the prior patch. The vulnerability can be exploited via email by including an INETLOC file as an attachment. This is particularly concerning as commands embedded by an attacker can be executed without prompting the user. Exploit proof of concepts went undetected by antimalware programs.

Article: New macOS zero-day bug lets attackers run commands remotely

Author: Sergiu Gatlan

Published: September 21, 2021

Site: bleepingcomputer.com

Link: https://www.bleepingcomputer.com/news/apple/new-macos-zero-day-bug-lets-attackers-run-commands-remotely/