Breach CVE Malware Phishing Ransomware Ryuk Vulnerability

Ransomware targets Chubb, Poisoned News campaign serves malware, and more

Major cybersecurity events on 26th March 2020: 4G networks vulnerable to DoS attacks. Hackers deliver Oski malware via Coronavirus apps. Palesa breaches AMD, demands money in exchange of files. Hackers target Italy and Spain amidst Coronavirus pandemic. Maze ransomware hits Chubb.

Round Up of Major Breaches and Scams

AMD confirms that hacker stole information on graphic products

A hacker who uses the online moniker “Palesa” claims to have obtained source code files related to several AMD graphics processing units (GPUs), including the Navi 10 architecture, which is used in some Radeon RX 5000-series graphics cards, the upcoming Navi 21, and Arden. Palesa told SecurityWeek that the files were taken from a server owned by AMD, not from a contractor. The hacker is hoping to obtain some money for the files, either from AMD or someone else.

Hackers target mobile users in Italy and Spain, taking advantage of Coronavirus hot spots

Attackers laced mobile apps with malware to try to steal data from, or otherwise compromise, Italian and Spanish residents looking for updates on the pandemic, according to Slovakian antivirus firm ESET. The phony apps posed as legitimate ones offering updates on the spread of the novel coronavirus and how to assess your risk of infection.

Rare BadUSB attack detected in the wild against US hospitality provider

A US hospitality provider has recently been the target of an incredibly rare BadUSB attack, ZDNet has learned from cyber-security firm Trustwave. The attack happened after the company received an envelope containing a fake BestBuy gift card, along with a USB thumb drive. The receiving company was told to plug the USB thumb drive into a computer to access a list of items the gift card could be used for.

Google catches North Korean, Iranian hackers impersonating journalists in phishing efforts

Google’s Threat Analysis Group, which tries to stop state-sponsored hacking, sent nearly 40,000 warnings in 2019 to users alerting them that they were the target of a government-backed phishing attempt. That figure is down by nearly 25% from 2018, the company said in a blog post Thursday. One-in-five of the accounts targeted in 2019 was targeted multiple times.

Round Up of Major Malware and Ransomware Incidents

Apple iOS users served mobile malware in Poisoned News campaign

Apple iOS smartphone users in Hong Kong are being targeted in a new campaign exploiting online news readers to serve malware. This week, Trend Micro researchers said the scheme, dubbed Operation Poisoned News, uses links posted on a variety of forums popular with Hong Kong residents that claim to lead to news stories.  Newly-registered members of the discussion forums would post links generally related to sex, clickbait headlines, and COVID-19.

Hackers hijack routers to spread malware via Coronavirus apps

Cybercriminals are hijacking routers and changing Domain Name System (DNS) settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information-stealing Oski malware.

Chubb cyber insurer allegedly hit by a maze ransomware attack

Cyber insurer giant Chubb is allegedly the latest ransomware victim according to the operators of the Maze Ransomware who claim to have encrypted the company in March 2020. Chubb is one of the leading insurance carriers in the world with an extensive line of cyber insurance products that include incident response, forensics, legal teams, and even public relations.

Ryuk ransomware keeps targeting hospitals during the pandemic

The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic. Last week BleepingComputer contacted various ransomware groups and asked if they would target hospitals and other healthcare organizations during the pandemic.

Round Up of Major Vulnerabilities and Patches

4G networks vulnerable to denial of service attacks, subscriber tracking

We are in the early stages of a rollout of 5G, the next-generation wireless technology that will replace 4G, offering improved speeds and latency in the process. However, on occasion, security problems in these protocols rear their heads — and Positive Technologies (PT)’s latest Diameter networks’ report reveals a serious issue in 4G networking.

No patch for VPN bypass flaw discovered in iOS

The flaw was discovered by a member of the Proton community in iOS 13.3.1, but Apple has yet to release a patch and the issue impacts even the latest version, 13.4. Apple is reportedly working on a fix, but Proton says it has disclosed the bug because it believes its community and other VPN services providers should be aware of its existence.

Critical CODESYS bug allows remote code execution

The bug is rated 10 out of 10 on the CVSS v.2 vulnerability severity scale and requires little skill to exploit, the company said. It’s a heap-based buffer overflow – a class of vulnerability where the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed – and thus be made inaccessible to other processes. In this case, the bug (CVE-2020-10245) exists in the CODESYS web server, which is used to display CODESYS system visualization screens in a web browser.