News – April 2020


  • Fast-Moving DDoS Botnet Exploits Unpatched ZyXel RCE Bug

    April 22, 2020

    A new variant of the Hoaxcalls botnet, which can be marshalled for large-scale distributed denial-of-service (DDoS) campaigns, is spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month. That’s according to researchers at Radware, who also said that it’s notable how quickly Hoaxcalls operators have moved to weaponize the ZyXel ...

  • New iOS zero-days actively used against high-profile targets

    April 22, 2020

    Two zero-day vulnerabilities affecting iPhone and iPad devices were found by cybersecurity startup ZecOps after the discovery of a series of ongoing remote attacks that have targeted iOS users since at least January 2018. “The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS ...

  • State-backed phishing targets U.S. Government employees with fast food lures

    April 22, 2020

    More than a dozen state-backed hacking groups are actively targeting U.S. Government employees and healthcare organizations in phishing campaigns that use lures designed to take advantage of the fears surrounding the COVID-19 pandemic. “TAG has specifically identified over a dozen government-backed attacker groups using COVID-19 themes as lure for phishing and malware attempts—trying to get their targets to ...

  • Loki Delivered as CAB File Attachment

    April 22, 2020

    We found in our honeypot a spam sample that delivers the info stealer Loki through an attached Windows Cabinet (CAB) file. The email that bears the malicious file poses as a quotation request to trick the user into executing the binary file inside the CAB file. CAB is a compressed archive file format usually associated with various drivers, system ...

  • APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management

    April 22, 2020

    From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China’s Ministry of Emergency Management as well as the government of Wuhan province, where COVID-19 ...

  • DForce hacker returns $25m in ‘stolen’ crypto-currencies

    April 21, 2020

    A mystery hacker allegedly stole $25m (£20m) in crypto-currencies – and then returned the funds two days later. Records show that funds in a variety of crypto-currencies were withdrawn from the DForce platform based in China. A sum of $10m was taken in Ethereum, for example, while a further $10m was taken in digital coins tied to ...

  • Security researcher discloses four IBM zero-days after company refused to patch

    April 21, 2020

    A security researcher has published today details about four zero-day vulnerabilities impacting an IBM security product after the company refused to patch bugs following a private bug disclosure attempt. The bugs impact the IBM Data Risk Manager (IDRM), an enterprise security tool that aggregates feeds from vulnerability scanning tools and other risk management tools to let admins ...

  • Oil and Gas Firms Targeted With Agent Tesla Spyware

    April 21, 2020

    Attackers are targeting energy companies with the Agent Tesla spyware, as seen in recent spearphishing emails with malicious attachments. Researchers say that until now, Agent Tesla has not been associated with campaigns targeting the oil-and-gas vertical. The emails leverage the tumultuous nature of today’s oil and gas markets, which have been under tremendous stress in recent weeks, as ...

  • Australian Health Insurance-Themed Spam Spreads Ursnif

    April 21, 2020

    Trend Micro researchers encountered a spam campaign referencing the Australian health insurance brand Medicare. The attachment, which Trend Micro detects as Trojan.X97M.URSNIF.THDAEBO, downloads the malicious file (detected as TrojanSpy.Win32.URSNIF.THDAEBO). The campaign aims to spread the spyware Ursnif, also known as Gozi. The email headers pertain to payment transactions with the words “Statement,” “Invoice,” or “Transaction,” and include a ...

  • Many problems with cyber security of Schipihol’s border control: Court of Audit

    April 20, 2020

    Schiphol is very vulnerable to cyber attacks, the Court of Audit concluded after investigating the cyber security of the border control systems the Koninklijke Marechaussee uses at the airport. Two of the three systems are not properly protected against cyber attacks, NOS reports. Systems at Schiphol are hardly ever tested for how well they can stand ...

  • Starbleed bug impacts FPGA chips used in data centers, IoT devices, industrial equipment

    April 20, 2020

    A team of academics says they’ve discovered a new security bug that impacts Xilinx FPGA (Field Programmable Gate Arrays) chipsets. Named Starbleed, the bug allows attackers — with both physical or remote access — to extract and tamper with an FGPA’s bitstream (configuration file) to reprogram the chip with malicious code. FPGAs are add-in cards that can ...

  • Cognizant hit by ‘Maze’ ransomware attack

    April 19, 2020

    Cognizant Technology Solutions Corp on Saturday said it was hit by a “Maze” ransomware cyber attack, resulting in service disruptions for some of its clients. The information technology services provider said it was taking steps to contain the incident, with the help of cyber defense companies, and has also engaged with law enforcement authorities. Ransomware is a ...

  • Prague Airport says thwarted several cyber attacks; hospitals also targeted

    April 18, 2020

    Prague Airport and a regional Czech hospital said on Saturday they had thwarted cyber attacks on their IT networks, reinforcing warnings by the national cyber security watchdog of likely attempts to harm the country’s infrastructure. “Attempted attacks on web pages of the airport were detected in preparatory phases,” the airport’s spokeswoman said in an emailed statement. ...

  • German government might have lost tens of millions of euros in COVID-19 phishing attack

    April 18, 2020

    The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros after it failed to build a secure website for distributing coronavirus emergency aid funding. The funds were lost following a classic phishing operation. Cybercriminals created copies of an official website that the NRW Ministry of Economic Affairs had set ...

  • DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs

    April 17, 2020

    Companies that run Pulse Secure VPN servers are still at risk of getting hacked, despite patching vulnerable systems, cyber-security agencies from the US and Japan have warned this month. Pulse Secure VPN servers are enterprise-grade VPN gateways that companies use to let workers connect to internal company networks from across the internet. Last year, a major vulnerability ...

  • PoetRAT Trojan targets energy sector using coronavirus lures

    April 17, 2020

    Government and energy sectors are being targeted in a new campaign that weaponizes the coronavirus outbreak. On Thursday, Cisco Talos researchers Warren Mercer, Paul Rascagneres and Vitor Ventura published an analysis of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) striking both the Azerbaijan government and utility companies. According to the team, the malware attacks supervisory control ...

  • Gamaredon APT Group Use Covid-19 Lure in Campaigns

    April 17, 2020

    Gamaredon is an advanced persistent threat (APT) group that has been active since 2013. Their campaigns are generally known for targeting Ukrainian government institutions. From late 2019 to February of this year, researchers published several reports on Gamaredon, tracking the group’s activities. In March, we came across an email with a malware attachment that used the ...

  • Academics steal data from air-gapped systems using PC fan vibrations

    April 17, 2020

    Academics from an Israeli university have proven the feasibility of using fans installed inside a computer to create controlled vibrations that can be used to steal data from air-gapped systems. The technique, codenamed AiR-ViBeR, is the latest in a long list of wacky data exfiltration techniques devised by Mordechai Guri, the head of R&D at the ...

  • Financial Cyberthreats in 2019

    April 16, 2020

    Financial cyberthreats are malicious programs that target users of services such as online banking, e-money, and cryptocurrency, or that attempt to gain access to financial organizations and their infrastructure. These threats are usually accompanied by spam and phishing activities, with malicious users creating fake financial-themed pages and emails to steal victims’ credentials. In order to study ...

  • US offers $5 million reward for information on North Korean hackers

    April 15, 2020

    The US government is willing to pay up to $5 million for information on North Korea’s hackers and their ongoing hacking operations. The reward for reporting North Korean hackers was announced today in a joint report published by the Departments of State, Treasury, Homeland Security, and the Federal Bureau of Investigation. The joint report contains a summary ...