Round Up of Major Breaches and Scams
A hacker who uses the online moniker “Palesa” claims to have obtained source code files related to several AMD graphics processing units (GPUs), including the Navi 10 architecture, which is used in some Radeon RX 5000-series graphics cards, the upcoming Navi 21, and Arden. Palesa told SecurityWeek that the files were taken from a server owned by AMD, not from a contractor. The hacker is hoping to obtain some money for the files, either from AMD or someone else.
Attackers laced mobile apps with malware to try to steal data from, or otherwise compromise, Italian and Spanish residents looking for updates on the pandemic, according to Slovakian antivirus firm ESET. The phony apps posed as legitimate ones offering updates on the spread of the novel coronavirus and how to assess your risk of infection.
A US hospitality provider has recently been the target of an incredibly rare BadUSB attack, ZDNet has learned from cyber-security firm Trustwave. The attack happened after the company received an envelope containing a fake BestBuy gift card, along with a USB thumb drive. The receiving company was told to plug the USB thumb drive into a computer to access a list of items the gift card could be used for.
Google’s Threat Analysis Group, which tries to stop state-sponsored hacking, sent nearly 40,000 warnings in 2019 to users alerting them that they were the target of a government-backed phishing attempt. That figure is down by nearly 25% from 2018, the company said in a blog post Thursday. One-in-five of the accounts targeted in 2019 was targeted multiple times.
Round Up of Major Malware and Ransomware Incidents
Apple iOS smartphone users in Hong Kong are being targeted in a new campaign exploiting online news readers to serve malware. This week, Trend Micro researchers said the scheme, dubbed Operation Poisoned News, uses links posted on a variety of forums popular with Hong Kong residents that claim to lead to news stories. Newly-registered members of the discussion forums would post links generally related to sex, clickbait headlines, and COVID-19.
Cybercriminals are hijacking routers and changing Domain Name System (DNS) settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information-stealing Oski malware.
Cyber insurer giant Chubb is allegedly the latest ransomware victim according to the operators of the Maze Ransomware who claim to have encrypted the company in March 2020. Chubb is one of the leading insurance carriers in the world with an extensive line of cyber insurance products that include incident response, forensics, legal teams, and even public relations.
The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic. Last week BleepingComputer contacted various ransomware groups and asked if they would target hospitals and other healthcare organizations during the pandemic.
Round Up of Major Vulnerabilities and Patches
We are in the early stages of a rollout of 5G, the next-generation wireless technology that will replace 4G, offering improved speeds and latency in the process. However, on occasion, security problems in these protocols rear their heads — and Positive Technologies (PT)’s latest Diameter networks’ report reveals a serious issue in 4G networking.
The flaw was discovered by a member of the Proton community in iOS 13.3.1, but Apple has yet to release a patch and the issue impacts even the latest version, 13.4. Apple is reportedly working on a fix, but Proton says it has disclosed the bug because it believes its community and other VPN services providers should be aware of its existence.
The bug is rated 10 out of 10 on the CVSS v.2 vulnerability severity scale and requires little skill to exploit, the company said. It’s a heap-based buffer overflow – a class of vulnerability where the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed – and thus be made inaccessible to other processes. In this case, the bug (CVE-2020-10245) exists in the CODESYS web server, which is used to display CODESYS system visualization screens in a web browser.