Round Up of Major Breaches and Scams
RiskIQ published research on Wednesday detailing how a hacking group, known as Magecart Group 8, snuck malicious code onto NutriBullet’s website to collect financial information from customers who purchased blenders and other products from the company. The attack began on Feb. 20 and continues today, despite an interruption between March 1 and March 5, RiskIQ said.
According to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web.
Round Up of Major Malware and Ransomware Incidents
Security researchers from Domaintools observed a malicious Coronavirus tracker app that locks the user’s Android device and asks for a ransom payment. The good news is that the malware is not distributed through the official Google play store, but through the website coronavirusapp[.]site.
Mobile security firm Lookout has traced a malicious Android application to what it says is a long-running campaign to spy on people in Libya. The spyware masquerades as the popular map produced by Johns Hopkins University that tracks the spread of COVID-19, the disease caused by the novel coronavirus. The software, called SpyMax, allows the operator to exfiltrate call and text logs, and remotely activate microphones and cameras.
The TrickBot and Emotet Trojans have started to add text from Coronavirus news stories to attempt to bypass security software using artificial intelligence and machine learning to detect malware. Before malware is distributed in phishing campaigns or other attacks, developers commonly use a program called a ‘crypter’ to obfuscate or encrypt the malicious code. This is done in the hopes that it makes the malware appear to be harmless and thus FUD (Fully UnDetectable) to antivirus software.
The criminals behind the TrickBot banking trojan have retooled it for targeting telecommunications organizations in the U.S. and Hong Kong, according to new research from BitDefender. The new module, a malicious .dll file “rdpScanDll” allow attackers to run brute-forcing operations against Remote Desktop Protocols (RDPs).
Round Up of Major Vulnerabilities and Patches
Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a “high severity” rating. The high-severity vulnerabilities — all of them reported to Cisco by Orange Group — are caused by insufficient input validation. They can be exploited to make unauthorized changes to the system, escalate privileges to root, and inject arbitrary commands that are executed with root permissions.