North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hiding in Plain Text: Jenkins Plugin Vulnerabilities
August 30, 2019
Jenkins is a widely used open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably. In order to make the most out of Jenkins’ modular architecture, developers make use of plugins that help extend its core features, allowing them to expand the scripting capabilities of build steps. As of writing, there ...
- FIN6 Switches Up PoS Tactics to Target E-Commerce
August 29, 2019
The group is using the More_eggs JScript backdoor to anchor its attack. The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale (PoS) data in the U.S. and Europe, has changed up its tactics to target e-commerce sites. According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), FIN6 (a.k.a. ITG08) ...
- Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw
August 29, 2019
Cisco is urging customers to install updates for a critical bug affecting its popular IOS XE operating system that powers millions of enterprise network devices around the world. The bug has a rare Common Vulnerability Scoring System (CVSS) version 3 rating of 10 out of a possible 10 and allows anyone on the internet to bypass the login ...
- Exploitation of Windows CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU
August 29, 2019
In May 2019, Microsoft released an out-of-band patch update for remote code execution vulnerability CVE-2019-0708, which is also known as “BlueKeep” and resides in code to Remote Desktop Services (RDS). This vulnerability is pre-authentication and requires no user interaction, making it particularly dangerous as it has the unsettling potential to be weaponized into a destructive exploit. ...
- ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information
August 29, 2019
Despite having an apparent lull in the first half of 2019, phishing will remain a staple in a cybercriminal’s arsenal, and they’re not going to stop using it. The latest example is a phishing campaign dubbed Heatstroke, based on a variable found in their phishing kit code. Heatstroke demonstrates how far phishing techniques have evolved — from merely mimicking ...
- Spam and phishing in Q2 2019
August 28, 2019
In the second quarter of 2019, scammers were making active use of cloud-based data storage services such as Google Drive and Google Storage to hide their illegal content. The reasoning behind this is simple: a link from a legitimate domain is seen as more trustworthy by both users and spam filters. Most often, such links point to ...