Round Up of Major Breaches and Scams
The attack first compromises vulnerable routers by purportedly trying weak or default credentials and mainly targeting Linksys routers, the company said. Once an attacker gains access, they hijack DNS functionality, redirecting victims to a page that attempts to convince them to download a malicious, information-stealing program known as Oski. The attacker’s page aims to harness the fear of the coronavirus pandemic to fool victims.
Round Up of Major Malware and Ransomware Incidents
Malware belonging to Russian-speaking threat actors was used in attacks in late January against at least two European companies in the pharmaceutical and manufacturing industries. Based on the tools employed in the attacks, the suspects are likely the Silence and TA505 financially-motivated groups.
The attackers, which Kaspersky suspects are Chinese-speaking, lure their victims by posting links to local news sites in general discussion sections of forums that are popular among Hong Kong residents. But when victims click through to see the news, attackers deploy a hidden iFrame that runs an iOS malware variant, a modular backdoor.
Attackers are attempting to deliver Remcos remote access tool (RAT) payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration (U.S. SBA). They are taking advantage of the financial problems experienced by SMBs during the current COVID-19 pandemic to lure them into opening malicious attachments camouflaged as disaster assistance grants and testing center vouchers.
Round Up of Major Vulnerabilities and Patches
Microsoft revealed earlier this week that it had become aware of targeted attacks exploiting two Windows zero-days related to the way the Adobe Type Manager library handles Type 1 PostScript fonts. Adobe told SecurityWeek that the impacted library is exclusively supported by Microsoft and Adobe customers are not at risk. Hackers can exploit the flaws by convincing users to open specially crafted documents or viewing them in the Windows preview pane.
An unpatched bug in the latest version of Apple’s iOS is blocking virtual private network (VPN) applications from cloaking some private data transmitted between a device and the servers they are requesting data from. While the bug remains unpatched, Apple is suggesting steps users can take to reduce risk, researchers state.