Breach Cyber Security Malware Phishing Ransomware Trojan Vulnerability Watering Holes

Marriott breached, Kwampirs targets healthcare sector, LimeRAT campaign, and more

Major cybersecurity events on 31st March 2020: Watering holes attacks target Asians, uses Flash updates. Vulnerability in WordPress allows administrative access to users. Saudi Arabia secretly tracks its citizens. Zoom client leaks credentials to attackers. Data breach impacts 5.2Mn Marriott hotel guests. LimeRAT installs a range of malware strains.

Round Up of Major Breaches and Scams

North Korean hackers reboot espionage operations following December takedown

The cyber-espionage group, which ESTsecurity Security Response Center (ESRC) researchers attribute to a group known as Geumseong121, entices its victims into clicking links that look to be about North Korean refugees. But instead of delivering valuable information, the link points recipients to repositories that download malicious files, according to ESRC.

Nigerian email scammers upped their game, averaging 90,000 attacks monthly in 2019

The hacking crew, dubbed SilverTerrier by security researchers, began around 2014 as a small group that experimented with easy-to-detect hacking tools. By 2019, though, it had evolved into a team of “mature cybercriminals” who have produced 81,300 malicious software samples connected to 2.1 million attacks, according to Palo Alto Networks findings published Tuesday.

Marriott discloses new data breach impacting 5.2 million hotel guests

Hotel chain Marriott disclosed today a security breach that impacted more than 5.2 million hotel guests who used the company’s loyalty app. According to a breach notification posted on its website, the hotel chain learned of the security breach at the end of February, when it discovered that a hacker had used the login credentials of two employees from one of its franchise properties to access customer information from the app’s backend systems.

Round Up of Major Malware and Ransomware Incidents

FBI warns of ongoing Kwampirs attacks targeting global industries

Initially detailed in 2018, the malware is a custom backdoor associated with a threat actor tracked as Orangeworm, which has been active since at least 2015, mainly targeting organizations in the healthcare sector, but also launching attacks on industries somewhat related to healthcare, including IT, manufacturing, and logistics.

8-year-old VelvetSweatshop bug resurrected in LimeRAT campaign

Researchers have discovered a fresh campaign using Excel files to spread LimeRAT malware – making use of the hardcoded, VelvetSweatshop default password for encrypted files. LimeRAT is a full-featured remote access tool/backdoor that can allow attackers to access an infected system and install a range of malware strains, like ransomware, cryptominers, keyloggers or botnet clients.

Watering-holes target Asian ethnic victims with Flash update decoy

An extensive campaign has surfaced that targets Windows users belonging to a specific Asian religious and ethnic group. The attack making use of a series of watering-hole websites and a drive-by download gambit relying on fake Flash updates.

Round Up of Major Vulnerabilities and Patches

FBI warns Zoom, teleconference meetings vulnerable to hijacking

The FBI warning comes after a flurry of reports that Zoom is not securing user sessions and communications as much as the San Jose, California-based company has advertised. The company falsely claims to protect conversation with end-to-end encryption, according to The Intercept. In recent days Zoom has leaked people’s email addresses and photos to strangers, according to Vice’s Motherboard.

Industrial controllers still vulnerable to Stuxnet-style Attacks

The notorious Stuxnet malware, which the United States and Israel used to cause damage to Iran’s nuclear program, was designed to target SIMATIC S7-300 and S7-400 PLCs made by Siemens. Stuxnet loaded malicious code onto targeted PLCs by abusing Siemens’ STEP7 software, which is provided by the German industrial giant for programming controllers.

Critical WordPress plugin bug lets hackers turn users into admins

A critical privilege escalation vulnerability found in the WordPress SEO Plugin – Rank Math plugin can allow attackers to give administrator privileges to any registered user on one of the 200,000 sites with active installations if left unpatched.

Saudi Arabia reportedly tracked phones by using industry-wide carrier weakness

The Guardian says it has evidence that Saudi Arabia is exploiting a decades-old weakness in the global telecoms network to track the kingdom’s citizens as they travel in the United States. The publication cited data provided by a whistleblower that suggests Saudi Arabia is engaged in systematic spying by abusing Signalling System No. 7.

Zoom client leaks Windows login credentials to attackers

The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link. When using the Zoom client, meeting participants can communicate with each other by sending text messages through a chat interface. When sending a chat message, any URLs that are sent are converted into hyperlinks so that other members can click on them to open a web page in their default browser.