News – August 2020


  • Upgraded Agent Tesla malware steals passwords from browsers, VPNs

    August 10, 2020

    New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. Agent Tesla is a commercially available .Net-based infostealer with both remote access Trojan (RAT) and with keylogging capabilities active since at least 2014. This malware is ...

  • A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks

    August 10, 2020

    Since January 2020, a mysterious threat actor has been adding servers to the Tor network in order to perform SSL stripping attacks on users accessing cryptocurrency-related sites through the Tor Browser. The group has been so prodigious and persistent in their attacks, that by May 2020, they ran a quarter of all Tor exit relays — ...

  • TeamViewer Flaw in Windows App Allows Password-Cracking

    August 10, 2020

    Popular remote-support software TeamViewer has patched a high-severity flaw in its desktop app for Windows. If exploited, the flaw could allow remote, unauthenticated attackers to execute code on users’ systems or crack their TeamViewer passwords. TeamViewer is a proprietary software application used by businesses for remote-control functionalities, desktop sharing, online meetings, web conferencing and file transfer ...

  • Google Chrome Browser Bug Exposes Billions of Users to Data Theft

    August 10, 2020

    A vulnerability in Google’s Chromium-based browsers would allow attackers to bypass the Content Security Policy (CSP) on websites, in order to steal data and execute rogue code. The bug (CVE-2020-6519) is found in Chrome, Opera and Edge, on Windows, Mac and Android – potentially affecting billions of web users, according to PerimeterX cybersecurity researcher Gal Weizman. ...

  • Hacked government, college sites push malware via fake hacking tools

    August 10, 2020

    A large scale hacking campaign is targeting governments and university websites to host articles on hacking social network accounts that lead to malware and scams. BleepingComputer first learned about this campaign after security intelligence firm Cyble shared a screenshot of the UNESCO.org site compromised to host an article on how to hack Instagram accounts. Clicking on the ...

  • FBI: Iranian hackers trying to exploit critical F5 BIG-IP flaw

    August 8, 2020

    The FBI warns of Iranian hackers actively attempting to exploit an unauthenticated remote code execution flaw affecting F5 Big-IP application delivery controller (ADC) devices used by Fortune 500 firms, government agencies, and banks. F5 Networks (F5) released security updates to fix the critical 10/10 CVSSv3 rating F5 Big-IP ADC vulnerability tracked as CVE-2020-5902 on July 3, ...

  • Bugs in HDL Automation expose IoT devices to remote hijacking

    August 8, 2020

    A security researcher discovered vulnerabilities in an automation system for smart homes and buildings that allowed taking over accounts belonging to other users and control associated devices. In a presentation on Saturday at the IoT Village during the DEF CON hacker conference, Barak Sternberg shows how some weak spots in the HDL automation system could have ...

  • Bulgarian police arrest hacker Instakilla

    August 7, 2020

    Bulgarian law enforcement has arrested on Wednesday a local hacker going by the name of Instakilla on accusations of hacking, extorting companies, and selling hacked data online. Authorities raided two of the hacker’s residences in Plovdiv, a city in central Bulgaria, and confiscated several computers, smartphones, flash drives, and cryptocurrency, according to a press release from ...

  • Qualcomm Bugs Open 40 Percent of Android Handsets to Attack

    August 7, 2020

    Six serious bugs in Qualcomm’s Snapdragon mobile chipset impact up to 40 percent of Android phones in use, according research released at the DEF CON Safe Mode security conference Friday. The flaws open up handsets made by Google, Samsung, LG, Xiaomi and OnePlus to DoS and escalation-of-privileges attacks – ultimately giving hackers control of targeted handsets. ...

  • ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros

    August 6, 2020

    A new “zero-click” MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The attack bypasses security measures that both Microsoft and Apple have put in place to protect MacOS users from malicious macros. The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at ...

  • Hackers can remotely hijack enterprise, healthcare Temi robots

    August 6, 2020

    Robots used in hospitals and care homes to assist patients and the vulnerable can be fully hijacked by cyberattackers. On Thursday at Black Hat USA, McAfee’s Advanced Threat Research (ATR) team disclosed new research into the robots, in which remotely-exploitable vulnerabilities were uncovered, potentially leading to mobile, audio, and video tampering on the hospital floor. The robot ...

  • Using Botnets to Manipulate Energy Markets for Big Profits

    August 6, 2020

    Researchers are warning that a new class of botnets could be marshaled and used to manipulate energy markets via zombie armies of power-hungry connected devices such as air conditioners, heaters, dryers and digital thermostats. A coordinated attack could cause an energy stock index to predictably go up or down – creating an opportunity for a ...

  • Cisco alert: Four high-severity flaws in routers, switches and AnyConnect VPN for Windows

    August 6, 2020

    Cisco is urging customers to update small business switches, its DNA Center software, routers with its StarOS software, and its AnyConnect Secure Mobility VPN client for Windows. Cisco has disclosed a bug in the IPv6 packet processing engine of several Cisco Small Business Smart and Managed Switches that could allow a remote attacker without credentials to ...

  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

    August 6, 2020

    A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the United States and Canada. The fraudsters, whom we named “Water Nue,” primarily target accounts of ...

  • Linux Spyware Stack Ties Together 5 Chinese APTs

    August 5, 2020

    A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers. According to an analysis from BlackBerry released at Black Hat 2020 on Wednesday, those five groups have turned out to all be splinters of ...

  • How hackers gain root access to SAP enterprise servers through SolMan

    August 5, 2020

    Researchers have demonstrated how a set of vulnerabilities in SAP Solution Manager could be exploited to obtain root access to enterprise servers. Speaking at Black Hat USA on Wednesday, Onapsis cybersecurity researchers Pablo Artuso and Yvan Genuer explained how the bugs were found in SAP Solution Manager (SolMan), a system comparable to Windows Active Directory. SolMan is ...

  • Canon hit by Maze Ransomware attack, 10TB data allegedly stolen

    August 5, 2020

    Canon has suffered a ransomware attack that impacts numerous services, including Canon’s email, Microsoft Teams, USA website, and other internal applications. BleepingComputer has been tracking a suspicious outage on Canon’s image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature. The image.canon site suffered an outage ...

  • A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return

    August 5, 2020

    The banking trojan Emotet has returned after a five-month hiatus. But, in an amusing twist, one cyber vigilante is thwarting the malware’s comeback. Researchers say a mysterious vigilante is fighting the threat actors behind the malware’s comeback by replacing malicious Emotet payloads with whimsical GIFs and memes. “Emotet was finding default username and password WordPress installs ...

  • Hacker leaks passwords for 900+ enterprise VPN servers

    August 5, 2020

    A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. According to a review, the list ...

  • Lost in Translation: When Industrial Protocol Translation goes Wrong

    August 5, 2020

    Translation makes it possible to exchange information across the globe, regardless of language differences. Translation plays a similar role in industrial internet of things (IIoT) environments where different devices, such as interfaces, sensors, and machines, use different protocols. Protocol gateways handle the translation of these different protocols in an industrial facility, allowing devices to communicate ...