It has been reported that a “targeted” surveillance attack was discovered in WhatsApp, hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in WhatsApp. The attack targeted a ‘select number’ of users and was orchestrated by ‘an advanced cyber actor”. Social Media Reaction: https://twitter.com/christinespolar/status/1128250133848711169 https://twitter.com/damienics/status/1128129860147253248 Expert Comments: Leigh-Anne Galloway, Cyber Security Resilience lead at Positive Technologies: “Almost all applications contain some form of vulnerability and when those applications are as popular as WhatsApp, those flaws will be hunted out with far more vigour than others. That doesn’t negate the fact that this is going to be incredibly…
ISBuzz Team
Adware bundles are installing a VPN software called Pirate Chick, which then connects to a remote server to download and install malicious payloads such the AZORult password-stealing Trojan. MalwareHunter, who discovered and shared this Pirate Chick with Bleeping Computer, analysed this sample and came to the conclusion that this is a Trojan that pretends to be a legitimate VPN software, but in the background downloads and installs a malware payload on a victim. Expert Comments: Paul Bischoff, Privacy Advocate at Comparitech.com: “The web is full of malicious and poorly-secured VPN apps that do the exact opposite of what users want: better security and privacy. I…
Hackers have injected malicious code into Alpaca forms and Picreel, an analytics service to steal payment information and passwords according to Security researcher Willhelm DeGroot.* DeGroot who discovered the attack believes more than 4,600 websites have been affected. https://twitter.com/gwillem/status/1127617495911804935 Mike Bittner, Digital Security and Operations Manager at The Media Trust: “Hackers have realized that third-party code suppliers are soft targets and provide a window to a large number of client companies, high-profile or not. Security vulnerabilities aren’t limited to open source code either—they are widespread across the software industry, which thrives on short product cycles and narrow cost margins that give little priority to…
WIRED reported yesterday that a security bug in a Cisco router has massive global implications. According to the article, to compromise the routers, researchers from the security firm Red Balloon exploited two vulnerabilities. The first is a bug in Cisco’s IOS operating system—not to be confused with Apple’s iOS—which would allow a hacker to remotely obtain root access to the devices…The second vulnerability, though, is much more sinister. Once the researchers gain root access, they can bypass the router’s most fundamental security protection. Known as the Trust Anchor, this Cisco security feature has been implemented in almost all of the company’s enterprise devices…
A security researcher has discovered an Elasticsearch server that was left connected to the internet without a password, or firewall protection and has leaked what appears to be personal records and patient information for roughly 85 percent of Panama’s citizens. Experts Comments: Hugo van den Toorn, Manager Offensive Security at Outpost24: “At first glance, it seems an almost classical mistake of a system that should not have been accessible over the Internet. Unfortunately, this still is something we see all too frequent. A system that is brought up for probably all the right use cases, but security is either added later or…
The Indiana Pacers, a major franchise team in the NBA was hit by a data breach between October 15, 2018, and December 4, 2018. Pacers Sports & Entertainment (PSE), which also manages operations of the Bankers Life Fieldhouse arena, said that unauthorized access to several of its employee accounts had been gained by “unknown actors”. The news comes soon after the Pacers were knocked out of the first round of the NBA playoffs, losing to the Boston Celtics. https://twitter.com/Stealthcare_/status/1127982097765945344 Experts Comments: Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG: “When comparing these cyber-attacks, in the case of the Indiana Pacers, an…
It has been reported that hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on the infrastructure of these two companies to embed malicious code on over 4,600 websites, https://twitter.com/JinsonCyberSec/status/1127801522102738944 Expert Comments: Tim Mackey, Principal Security Strategist at Synopsys CyRC (Cybersecurity Research Center): “This is the latest in a series of efforts by malicious actors to compromise web sites through their use of open source components. As a background, in the 2019 OSSRA report it was observed that open source components were in use in 96% of the audited applications, and that’s due in large part to the ability for application…
It has been reported that a massive SMS spamming operation kicked out tens of millions of text messages, pestering unsuspecting recipients with links to fake sites flogging loans and free money. The operation was simple but smart. The system processed vast batches of phone numbers and curated custom messages on the fly with links to the fake sites. These fake sites urged spam victims to sign up with their name, email address and phone number and promised “free money… for real.” Security researcher Bob Diachenko found the spam-sending database on an exposed server last month. https://twitter.com/M157q_News_RSS/status/1126580658145390592 Expert Comments: Tom Davison, Director EMEA at Lookout: “As more of…
AT&T Alien Labs researcher Chris Doman has seen a number of reports of active exploitation of a vulnerability in Microsoft Sharepoint (CVE-2019-0604). One report by the Saudi Cyber Security Centre appears to be primarily targeted at organisations within the kingdom. An earlier report by the Canadian Cyber Security Centre identified similar deployment of the tiny China Chopper web-shell to gain an initial foothold. https://twitter.com/chrisdoman/status/1126442126408024065 Expert Comments: Chris Doman at AlienVault: The vision2030 domains are impersonating the Saudi government site https://vision2030.gov.sa/ – indicating the campaign the Saudi’s reported on was likely targeting them. The exploit isn’t particularly widely used at this point. Recent server side vulnerabilities like the Atlassian Confluence vulnerability and Oracle Weblogic vulnerabilities are…
Its been reported that the apps bundled with many Android phones are presenting threats to security and privacy greater than most users think. This according to a paper (PDF) from university researchers in the US and Spain who studied the pre-installed software that 214 different vendors included in their Android devices. They found that everyone from the hardware builders to mobile carriers and third-party advertisers were loading products up with risky code. https://twitter.com/Stealthcare_/status/1110602690252492800 Tom Davison, Director EMEA at Lookout: “Users should always be aware that apps may impact privacy or handle personal data in a way that might be unexpected or unwanted. Pre-Installed apps are often assumed…