News – November 2020


  • A Closer Look at the Web Skimmer

    November 9, 2020

    The formjacking attack has been one of the fastest-growing cyberattacks in recent years. As explained in our previous blog, “Anatomy of Formjacking Attacks,” the formjacking attack is easy to deploy but hard to detect. It has gained popularity among threat actors, especially against e-commerce websites. Between May and September 2020, we detected an average of ...

  • Ghimob: a Tétrade threat actor moves to infect mobile devices

    November 9, 2020

    Guildma, a threat actor that is part of the Tétrade family of banking trojans, has been working on bringing in new techniques, creating new malware and targeting new victims. Recently, their new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies in ...

  • Australia’s critical infrastructure definition to span communications, data storage, space

    November 9, 2020

    The federal government on Monday published an exposure draft on the Security Legislation Amendment (Critical Infrastructure) Bill 2020. It seeks to amend the Security of Critical Infrastructure Act 2018 to implement “an enhanced framework to uplift the security and resilience of Australia’s critical infrastructure”. The Australian government’s Critical Infrastructure Resilience Strategy currently defines critical infrastructure as: ...

  • An Old Joker’s New Tricks: Using Github To Hide Its Payload

    November 9, 2020

    The Joker malware has consistently plagued mobile users since its discovery in 2017. In January 2020, Google removed 1700 infected applications from the Play Store — a list that grew over three years. More recently, in September, security company Zscaler found 17 samples that were uploaded to the Google Play Store. Joker has been responsible ...

  • Compal, the second-largest laptop manufacturer in the world, hit by ransomware

    November 9, 2020

    Compal, a Taiwanese electronics company that builds laptops for some of the world’s largest computer brands such as Apple, Acer, Lenovo, Dell, Toshiba, HP, and Fujitsu, suffered a ransomware attack over the weekend. Responsible for the breach is believed to be the DoppelPaymer ransomware gang, according to a screenshot of the ransom note shared by Compal ...

  • xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunnelling for C2

    November 9, 2020

    The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Recently, we observed evidence that the threat actors compromised a Microsoft Exchange Server at an organization in Kuwait. We do not have visibility into how the actors gained access to ...

  • Ransomware hits e-commerce platform X-Cart

    November 9, 2020

    E-commerce software vendor X-Cart suffered a ransomware attack at the end of October that brought down customer stores hosted on the company’s hosting platform. The incident is believed to have taken place after attackers exploited a vulnerability in a third-party software to gain access to X-Cart’s store hosting systems. “We have identified what we believed to have ...

  • Gitpaste-12 malware wants to add your Linux servers and IoT devices to its botnet

    November 9, 2020

    A new form of malware is targeting Linux servers and Internet of Things (IoT) devices and adding them to a botnet in what appears to be the first stage of a hacking campaign targeting cloud computing infrastructure – although the purpose of the attacks remains unclear. Uncovered by cybersecurity researchers at Juniper Threat Labs, the malicious ...

  • New Slipstream NAT bypass attacks to be blocked by browsers

    November 9, 2020

    Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim’s NAT, firewall, or router to gain access to any TCP/UDP service hosted on their devices. The attack method, dubbed NAT Slipstreaming, was discovered by security researcher Samy Kamkar and it requires the victims to visit the threat ...

  • FBI: Hackers stole source code from US government agencies and private companies

    November 7, 2020

    The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses. Intrusions have taken place since at least April 2020, the FBI said in an alert sent out last month and made public ...

  • When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777

    November 6, 2020

    As security practitioners, Palo Alto Unit 42 researchers spend a lot of time focusing on the threat actors and malware families that leverage the most impactful exploits or affect the highest number of victims. But what happens when a threat actor goes “low and slow” to fly under the radar? One could argue that, in ...

  • RansomEXX Trojan attacks Linux systems

    November 6, 2020

    Kaspersky researchers have recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems. After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion, which suggested that we had ...

  • Apple Patches Bugs Tied to Previously Identified Zero-Days

    November 6, 2020

    Apple has patched three previously identified zero-day vulnerabilities in its iPhone, iPod and iPad devices potentially related to a spate of related flaws recently discovered by the Google Project Zero team that also affect Google Chrome and Windows. Apple this week released iOS 14.2 and iPadOS 14.2, which patch a total of 24 vulnerabilities—including the three ...

  • US: We’ve just seized $1bn in bitcoin stolen from Silk Road by ‘Individual X’ hacker

    November 6, 2020

    The US Justice Department says it’s seized $1bn in bitcoin allegedly stolen by a hacker from Silk Road creator Ross Ulbricht before his arrest for running the dark-web market. Announcing the bitcoin seizure from the unnamed hacker, the Department of Justice revealed it is now seeking forfeiture of the illicit funds, which represent its largest haul ...

  • Operation North Star: Behind The Scenes

    November 5, 2020

    It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. The only transparency afforded is a limited view of victims, a malware sample, and perhaps the IP addresses of historical command and control (C2) infrastructure. The Operation North Star campaign we detailed earlier this year ...

  • Italian beverage vendor Campari knocked offline after ransomware attack

    November 5, 2020

    Campari Group, the famed Italian beverage vendor behind brands like Campari, Cinzano, and Appleton, has been hit by a ransomware attack and has taken down a large part of its IT network. The attack took place last Sunday, on November 1, and has been linked to the RagnarLocker ransomware gang, according to a copy of the ...

  • Brazil’s court system under massive RansomExx ransomware attack

    November 5, 2020

    Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference. “The Superior Court of Justice (STJ) announces that the court’s information technology network suffered a hacker attack on Tuesday (3), during the afternoon, when the six group classes’ judgment sessions took place,” STJ ...

  • Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched

    November 5, 2020

    Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept (PoC) exploit code has been released, opening ...

  • Attacks on industrial enterprises using RMS and TeamViewer: new data

    November 5, 2020

    In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. We reported these attacks in 2018 in an article entitled “Attacks on industrial enterprises using RMS ...

  • US, Brazilian law enforcement seize $24 million in cryptocurrency generated through online fraud

    November 5, 2020

    US and Brazilian authorities have seized $24 million in cryptocurrency connected to an online scheme that allegedly defrauded “tens of thousands” of investors. Upon request from the government of Brazil, US law enforcement participated in “Operation Egypto,” a Brazilian federal investigation into the suspected scam, the US Department of Justice (DoJ) said on Wednesday. Read more… Source: ZDNet