Round Up of Major Breaches and Scams
The cyber-espionage group, which ESTsecurity Security Response Center (ESRC) researchers attribute to a group known as Geumseong121, entices its victims into clicking links that look to be about North Korean refugees. But instead of delivering valuable information, the link points recipients to repositories that download malicious files, according to ESRC.
The hacking crew, dubbed SilverTerrier by security researchers, began around 2014 as a small group that experimented with easy-to-detect hacking tools. By 2019, though, it had evolved into a team of “mature cybercriminals” who have produced 81,300 malicious software samples connected to 2.1 million attacks, according to Palo Alto Networks findings published Tuesday.
Hotel chain Marriott disclosed today a security breach that impacted more than 5.2 million hotel guests who used the company’s loyalty app. According to a breach notification posted on its website, the hotel chain learned of the security breach at the end of February, when it discovered that a hacker had used the login credentials of two employees from one of its franchise properties to access customer information from the app’s backend systems.
Round Up of Major Malware and Ransomware Incidents
Initially detailed in 2018, the malware is a custom backdoor associated with a threat actor tracked as Orangeworm, which has been active since at least 2015, mainly targeting organizations in the healthcare sector, but also launching attacks on industries somewhat related to healthcare, including IT, manufacturing, and logistics.
Researchers have discovered a fresh campaign using Excel files to spread LimeRAT malware – making use of the hardcoded, VelvetSweatshop default password for encrypted files. LimeRAT is a full-featured remote access tool/backdoor that can allow attackers to access an infected system and install a range of malware strains, like ransomware, cryptominers, keyloggers or botnet clients.
An extensive campaign has surfaced that targets Windows users belonging to a specific Asian religious and ethnic group. The attack making use of a series of watering-hole websites and a drive-by download gambit relying on fake Flash updates.
Round Up of Major Vulnerabilities and Patches
The FBI warning comes after a flurry of reports that Zoom is not securing user sessions and communications as much as the San Jose, California-based company has advertised. The company falsely claims to protect conversation with end-to-end encryption, according to The Intercept. In recent days Zoom has leaked people’s email addresses and photos to strangers, according to Vice’s Motherboard.
The notorious Stuxnet malware, which the United States and Israel used to cause damage to Iran’s nuclear program, was designed to target SIMATIC S7-300 and S7-400 PLCs made by Siemens. Stuxnet loaded malicious code onto targeted PLCs by abusing Siemens’ STEP7 software, which is provided by the German industrial giant for programming controllers.
A critical privilege escalation vulnerability found in the WordPress SEO Plugin – Rank Math plugin can allow attackers to give administrator privileges to any registered user on one of the 200,000 sites with active installations if left unpatched.
The Guardian says it has evidence that Saudi Arabia is exploiting a decades-old weakness in the global telecoms network to track the kingdom’s citizens as they travel in the United States. The publication cited data provided by a whistleblower that suggests Saudi Arabia is engaged in systematic spying by abusing Signalling System No. 7.
The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link. When using the Zoom client, meeting participants can communicate with each other by sending text messages through a chat interface. When sending a chat message, any URLs that are sent are converted into hyperlinks so that other members can click on them to open a web page in their default browser.