Articles of interest from the week of May 13, 2024

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. (The Hacker News) 

“A well-known threat vector is using malicious Google ads to spoof well-known brands. These attacks often begin with users being lured to fake websites via the said ads, where they are prompted to download a malicious file containing PowerShell scripts that then lead to further malware infections. FIN7, active since 2013 and known for evolving its tactics, has leveraged these malvertising techniques recently to effectively bypass security mechanisms and deliver a range of malware. The abuse of signed MSIX files has prompted Microsoft to disable the protocol handler by default to mitigate such threats, thus impacting future updates and patching, which in turn will create an even larger issue of not being able to add future security measures, potentially leading to issues down the road for organizations.” – Andrew Tucker, Tier III SOC Analyst / Junior Cybersecurity Consultant at Ingalls Information Security

2 (or 5) Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts

Newly discovered vulnerabilities in F5 Networks' BIG-IP Next Central Manager could allow an attacker to gain full control over, and create hidden accounts inside of, any F5-brand assets. (Dark Reading) 

Novel Attack Against Virtually All VPN Apps Neuters Their Entire Purpose

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. (Ars Technica)

An Insulin Pump Software Bug Has Injured Over 200 People

The US Food and Drug Administration (FDA) has issued a Class I recall for the t:connect mobile app on iOS, which is used to monitor and control the t:slim X2 insulin pump used by people with diabetes. It was supposedly the first smartphone app that can program insulin doses that the FDA had approved. The agency issued the highest level of recall it could, because the app had serious software problems that could've have caused life-threatening conditions or even death. In fact, while there were no mortalities reported, the FDA received 224 injury reports as of April 15. (Engadget)

Dell Warns of Data Breach, 49 Million Customers Allegedly Affected

Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. (BleepingComputer)

How to Future-Proof Windows Networks: Take Action Now on Planned Phaseouts and Changes

Microsoft has telegraphed its desire to start shuttering some legacy Windows systems. Here’s how to get ahead of the security changes that will inevitably come to the platform. (CSO)

Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator

The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev.

In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), and the Australian Department of Foreign Affairs. (The Hacker News) 

Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway

The bug was nearly identical to — but not as serious as — "CitrixBleed" (CVE-2023-4966), a critical zero-day vulnerability in the same two technologies that Citrix disclosed last year, according to researchers who discovered and reported the flaw to Citrix in January. (Dark Reading)