Critical Security Patches Released for Magento, Adobe Illustrator and Bridge
It’s not ‘Patch Tuesday,’ but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities. The list of affected software includes Adobe Illustrator, Adobe Bridge, and Magento e-commerce platform, containing a total of 35 vulnerabilities where each one of them is affected with multiple critical arbitrary code execution flaws.
Source: The hacker news / Bleeping computer / Threatpost / Security week / Adobe Security advisory
Link: https://thehackernews.com/2020/04/adobe-software-updates.html
Link: https://threatpost.com/critical-adobe-illustrator-bridge-and-magento-flaws-patched/155255/
Link: https://www.securityweek.com/adobe-patches-22-vulnerabilities-bridge-illustrator
Link: https://helpx.adobe.com/security.html
How An Image Could’ve Let Attackers Hack Microsoft Teams Accounts
Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization’s entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. The flaw, impacting both desktop and web versions of the app, was discovered by cybersecurity researchers at CyberArk. After the findings were responsibly disclosed on March 23, Microsoft patched the vulnerability in an update released on April 20.
Source: the hacker news / Bleeping computer / Dark reading / Threatpost / Security week / Infosecurity magazine / CYBERARC blog
Link: https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html
Link: https://threatpost.com/single-malicious-gif-opened-microsoft-teams-to-nasty-attack/155155/
Link: https://www.securityweek.com/microsoft-teams-vulnerability-exposed-organizations-attacks
Link: https://www.infosecurity-magazine.com/news/microsoft-teams-funny-gifs/
Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet
Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency.
The botnet, named “VictoryGate,” has been active since May 2019, with infections mainly reported in Latin America, particularly Peru accounting for 90% of the compromised devices.
“The main activity of the botnet is mining Monero cryptocurrency,” ESET said. “The victims include organizations in both public and private sectors, including financial institutions.”
Source: The hacker news / ESET blog
Link: https://thehackernews.com/2020/04/usb-drive-botnet-malware.html
Link: https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million
In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to the bank accounts fraudsters have access to — while the victimized executives thought they closed an investment deal with some startups. According to the cybersecurity firm Check Point, who shared its latest investigation with The Hacker News, nearly $700,000 of the total wire transferred amount has permanently lost to the attackers, with the rest of the amount recovered after researchers alerted the targeted firms in time.
Dubbed ‘The Florentine Banker,’ the sophisticated cybercrime gang behind this attack, “seems to have honed their techniques over multiple attacks, from at least several years of activity and has proven to be a resourceful adversary, quickly adapting new situations,” the researchers said.
Source: The hacker news
Link: https://thehackernews.com/2020/04/bec-scam-wire-transfer-money.html
Hackers exploit zero-day in Sophos XG Firewall, fix released
Sophos has fixed a zero-day SQL injection vulnerability in their XG Firewall after receiving reports that hackers actively exploited it in attacks. Sophos states that they received a report on April 22nd that there was a suspicious field value being displayed in a customer’s Sophos XG Firewall management interface and began an investigation. “Sophos received a report on April 22, 2020, at 20:29 UTC regarding an XG Firewall with a suspicious field value visible in the management interface. Sophos commenced an investigation and the incident was determined to be an attack against physical and virtual XG Firewall units. The attack affected systems configured with either the administration (HTTPS service) or the User Portal exposed on the WAN zone,” Sophos warned.
Source: Bleeping computer / Dark reading / Threatpost / Security week / Helpnet security / SOPHOS Knowledge base
Link: https://threatpost.com/hackers-zero-day-attacks-sophos-firewalls/155169/
Link: https://www.securityweek.com/malware-delivered-sophos-firewalls-zero-day-vulnerability
Link: https://www.helpnetsecurity.com/2020/04/27/zero-day-sophos-firewalls/
Link: https://community.sophos.com/kb/en-us/135412
(Last) Week in Ransomware – April 24th 2020 – High Profile Attacks
There was not a lot of new variants released this week, but we did have some attacks on high profile victims. This past weekend it came to light that IT service giant Cognizant suffered a Maze Ransomware attack. Strangely, while Cognizant is stating it was Maze, the ransomware operators are denying it. DoppelPaymer also started to leak data for the City of Torrance in California who was attacked on March 1st.
Source: Bleeping computer
Microsoft warns of malware surprise pushed via pirated movies
Pirate streaming services and movie piracy sites have seen a huge surge of incoming traffic during the COVID-19 pandemic with most people now having to stay inside due to shelter in place and lockdown orders. Microsoft warns that malicious actors are taking advantage of this trend trying to infect potential victims with malware delivered via fake movie torrents.
“With lockdown still in place in many parts of the world, attackers are paying attention to the increase in use of pirate streaming services and torrent downloads,” the Microsoft Security Intelligence team said.
Source: Bleeping computer
Microsoft releases guidance on blocking ransomware attacks
Microsoft warned today of ongoing human-operated ransomware campaigns targeting healthcare organizations and critical services, and shared tips on how to block new breaches by patching vulnerable internet-facing systems. Many such attacks start with the human operators first exploiting vulnerabilities found in internet-facing network devices or by brute-forcing RDP servers and then deploying the ransomware payloads. For instance, Pulse VPN devices have been targeted by threat actors in the past, with one such vulnerable device thought to be behind the Travelex ransomware attack by Sodinokibi (REvil).
Source: Bleeping computer / Microsoft Threat Protection Intelligence Team
BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware
A new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks. In advanced network attacks such as enterprise-targeting ransomware, corporate espionage, or data exfiltration attacks, quietly gaining access to and control over a corporate network is a mandatory step. In new phishing attacks discovered over the past two weeks, a new malware named ‘BazarBackdoor’, or internally by the malware developers as simply “backdoor”, is being installed that deploys a network-compromising toolkit for the threat actors.
Source: Bleeping computer / Trendmicro blog / SANS internet storm center
Link: https://isc.sans.edu/forums/diary/MALWARE+Bazaar/26052/
Would You Have Fallen for This Phone Scam?
You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.
Source: Krebs on security
Link: https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/
Hacking group used Google Play Store to push spyware for years
A malicious campaign dubbed PhantomLance has been targeting users of Android devices with spyware payloads embedded in applications delivered via multiple platforms including Google’s Play Store and alternative Android app stores such as APKpure and APKCombo.
According to a report published earlier by Kaspersky researchers, PhantomLance overlaps with previous campaigns targeting Windows and macOS attributed to OceanLotus, an advanced persistent threat group also tracked as APT32 and believed to be Vietnam-based.
“[The] campaign has been active since at least 2015 and is still ongoing, featuring multiple versions of a complex spyware – software created to gather victims’ data – and smart distribution tactics, including distribution via dozens of applications on the Google Play official market,” Kaspersky says.
Source: Bleeping computer / Dark reading / Threatpost / Security week
Link: https://threatpost.com/sophisticated-android-spyware-google-play/155202/
Link: https://www.securityweek.com/phantomlance-vietnamese-cyberspies-targeted-android-users-years
Secjuice Squeeze Volume 21
Welcome to the 21st edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week. This week’s volume compiled by Secjuice writers Miguel Calles, Mike Peterson, Sinwindie, Hartoyo Wahyu.
Source: Secjuice
Link: https://www.secjuice.com/infosec-news-and-events-squeeze-vol-21/
Cybersecurity for Beginners – Part 3: Weaponization
In my (Andy74) first article on cybersecurity for beginners I gave an overview on the different phases of attack, in my second article I focused on reconnaissance. This article focuses on weaponization.
Source: Secjuice
Link: https://www.secjuice.com/cybersecurity-for-beginners-part-3-weaponization/