CYBERSECURITY NEWS V. 04.30 – iOS 0-day exploit, Windows against Chromium, cards database leaks
Business Email Compromise attacks nowadays
A recent case published in the Check Point cybersecurity blog reveals a new type of business email compromise attack. A threat group dubbed "The Florentine Banker" performed targeted phishing attacks against high-level executives of companies in the finance sector. The investigation revealed that the hackers could spend months doing reconnaissance, patiently mapping business schemes and procedures.
End of VictoryGate crypto-mining botnet
VictoryGate, a botnet that is believed to have infected more than 35 000 computers, was taken down by cybersecurity specialists. Its primary goal was to infect victims with malware that mines the Monero cryptocurrency. The malware was distributed through infected USB drives and controlled using a server hidden behind No-IP. It mostly affected Latin America, with most of its victims coming from Peru.
Apple iOS 0-days exploited in the wild
Two iOS zero-day vulnerabilities, which have existed at least since iOS 6, were exploited in the wild. Both of them affect Apple's iPhones and iPads and are triggered by a specially crafted email sent in the context of iOS MobileMail on iOS 12 or maild on iOS 13. The vulnerabilities enable remote code execution and infection of a device by sending memory consuming emails. There is no final patch yet except for iOS 13.4.5 beta; thus, it is strongly recommended to avoid using the Mail application on iPhones and iPads.
Hupigon taught new tricks
Hupigon is a remote access Trojan that has been operating since 2006. Recently, it has been repurposed to target faculty and students at United States colleges and universities. Hupigon is distributed via adult-themed dating bait emails with a link to download an executable that installs the malware. Hupigon allows threat actors to access the infected machine. Its features include rootkit, webcam monitoring, keylogging, and more.
This is yet another example of the importance of information security in higher education.
2.5M credit card records leaked online
A New York-based mobile payment solution provider PAAY LLC admitted that their clients' database had been accidentally leaked and exposed for nearly three weeks. It had about 2.5 million credit card records, including card numbers and expiration dates. PAAY, the third payment processor to be affected by a security breach this year, is forced to seek help from cybersecurity services providers.
Cyberattack on Israel Water Infrastructure
Israel's wastewater treatment infrastructure suffered from several cyber attacks over the weekend. All the attempted attacks were handled, and there is no threat to water supplies in the future. However, the National Cyber Directorate advised the relevant companies to change their internet passwords, reduce internet connections, and ensure that all control software is up to date. In case an attack could not be contained, the companies should disconnect their systems completely.
Microsoft Teams recent fix
A security flaw in Microsoft Teams allowed hackers to initiate cyberattacks with GIFs. The flaw used two compromised Microsoft subdomains with malicious animated image files, which could allow attackers to steal security tokens when users loaded them. This could lead to data theft, ransomware attacks, and corporate espionage.
Google Chrome against Windows 10
Researchers have revealed that some of the features of Google Chrome for Windows could become insecure due to the changes in the Windows OS itself. The Chromium sandbox development team relies on the security of the operating system and its updates. A bug in security enforcement mechanisms of Windows can break the Chromium sandbox. The recent Microsoft fix of the CVE-2020-0981 vulnerability helped to mitigate the security flaws for Chromium-based browsers with Windows 10 1903 update. Still, there is no guarantee that the next OS update will not affect the security of the Chromium-based browsers.
