Categories
APT Botnet Breach Bug CVE Cyber Security Data leak Hacking Malware Misinformation Phishing Scam Spyware Vulnerability

Phishing scam targets Subway loyalty-card users, New Goontact spyware targets Android, iOS users, and more

Major cybersecurity events on 16th December 2020 (Morning Post): Facebook removes disinformation accounts linked to Russia and French military. PyMICROPSIA Windows malware includes checks for Linux and macOS. Firefox patches critical mystery bug, also impacting Google Chrome.

Round Up of Major Breaches and Scams

SolarWinds said no other products were compromised in recent hack

No other products were identified to contain malicious code similar to the one found in the Orion platform, IT software company SolarWinds said on Tuesday. The company’s assertion comes after it carried out an internal audit of all its applications after news broke on Sunday that Russian state-sponsored hackers breached its internal network and inserted malware inside Orion, a network monitoring and inventory platform.

Facebook Closes Disinformation Accounts Linked to French Military

Facebook said Tuesday that it had removed two networks based in Russia and one linked to the French military, accusing them of carrying out interference campaigns in Africa. Two networks running multiple Facebook accounts were assigned to people associated with the Russian Internet Research Agency, and the third had “links to individuals associated with French military,” the social media platform said.

Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam

Subway loyalty program members in U.K. and Ireland have been sent scam emails to trick them into downloading malware. Count the Subway sandwich faithful among the latest victims of cybercriminals. Researchers at Sophos discovered a phishing campaign aimed at Subway loyalty-card members in the U.K. and Ireland, in an attempt to trick them into downloading malware. The campaign wasn’t particularly impressive, according to Sophos researchers.

Round Up of Major Malware and Ransomware Incidents

PyMICROPSIA Windows malware includes checks for Linux and macOS

Experts discovered a new Windows info-stealer, named PyMICROPSIA, linked to AridViper group that is rapidly evolving to target other platforms. Experts from Palo Alto Networks’s Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA, that might be used soon to also target Linux and macOS systems. Experts spotted the PyMICROPSIA info stealer while investigating attacks of the AridViper group (also tracked as Desert Falcon and APT-C-23).

Agent Tesla Keylogger Gets Data Theft and Targeting Update

The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients. Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features. Agent Tesla first came into the scene in 2014, specializing in keylogging (designed to record keystrokes made by a user in order to exfiltrate data like credentials and more) and data-stealing.

New Goontact spyware discovered targeting Android and iOS users

Security researchers have discovered a new malware strain with spying and surveillance capabilities —also known as spyware— that is currently available in both Android and iOS versions. Named Goontact, this malware has the ability to collect from infected victims data such as phone identifiers, contacts, SMS messages, photos, and location information. Detected by mobile security firm Lookout, the Goontact malware is currently distributed via third-party sites promoting free instant messaging apps dedicated to reaching escort services.

Round Up of Major Vulnerabilities and Patches

Easy WP SMTP Security Bug Can Reveal Admin Credentials

Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said. Easy WP SMTP allows users to configure and send all outgoing emails via a SMTP server, so that they don’t end up in the recipient’s junk/spam folder. Version 1.4.2 and below contains a flaw in the debug file that is exposed because of a fundamental error in how the plugin maintains a folder, according to researchers at GBHackers.

Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome

A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardware running on its own Apple processors. In total, six high-severity flaws were fixed, in addition to the critical bug, tracked as CVE-2020-16042.

Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure

Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities. Thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology (OT) gear and internet of things (IoT), respectively. Unfortunately, there has been a rampant lack of patching, researchers said. According to researchers at Armis, a whopping 97 percent of the OT devices impacted by URGENT/11 have not been patched, despite fixes being delivered in 2019.