Cybersecurity News V. 2.11 – What’s up WhatsApp? DDoS for FBI & attack on Malaysian gov

Severe WhatsApp vulnerability patched

Facebook has released a patch for WhatsApp vulnerability (CVE-2019-18426). WhatsApp Desktop prior to version 0.3.9309 allowed cross-site scripting and local files reading when paired with WhatsApp for iPhone versions 2.20.10 or lower. The exploit required the user to click a link preview in a crafted text message.

FBI warns about DDoS attacks

The FBI recently warned about a potential DDoS attack on a state voter registration site. The hackers used a Pseudo Random Subdomain attack. A high volume of DNS requests hit the server of the site for almost a month. The FBI provided some mitigation steps to decrease the risk of DDoS attacks. As usual, they include enabling automated patching, increasing incident response rate, and maintaining a timeline of attacks. 

New spearphishing campaign involving fake interviews

A new series of phishing attacks from the Iranian group Charming Kitten was recently detected. It is focused on stealing email account information of the victims as well as their list of contacts. To gain a victim’s trust, the hackers used a forged identity of a former Wall Street Journal reporter and a fake interview scenario. The initial email would contain nothing malicious; but if the victim agreed to participate, the second email would have a link to a file with questions, which is hosted on Google Sites to evade spam filters. After clicking the Download button, the victim is redirected to another fake page, where their email credentials and two-factor authentication code are requested by phishing kits.

Malaysian officials targeted in espionage campaign

A successful cyber espionage campaign against Malaysian government was detected. The Malaysian Computer Emergency Response Team (MyCERT) informed about attacks that used compromised email accounts to send spearphishing emails with infected Microsoft documents. The ultimate goal of the campaign was to obtain huge amounts of data from government-sponsored projects. Affected products include CVE-2014-6352 and CVE-2017-0199 vulnerabilities. 

Bitbucket malware list

Bitbucket repositories were used to deliver malware for stealing data, cryptocurrency mining and ransomware. The list of malware deployed and updated through Bitbucket includes Predator, Azorult, Evasive Monero Miner, STOP Ransomware, Vidar, Amadey bot, and IntelRapid. BitBbucket support team reacted almost immediately and deactivated the malicious repositories. 

Bluetooth hijack flow on Android

A serious Bluetooth hijack flow for Android has been patched by Google. CVE-2020-0022 was found in November 2019 and allowed remote code execution on Android 8, 8.1, and 9. The attacker only needed a device’s MAC address. Researchers advise to disable Bluetooth discovery mode in public and stick to wired headphones before the arrival of the latest security patches.

Iranian Internet shut down due to cyber attack

Iranian telecommunication networks were under attack on February, 8. The disruption lasted for several hours, and the Iranian officials issued a statement that the shutdown is implemented to deal with a cyber attack against the country’s infrastructure. It took from one to seven hours to put the systems back online. ICT ministry officials confirmed later that a DDoS attack was repelled by Iran’s Digital Fortress. Technical details are yet to be released.