<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 04/08/2021

SHARE

Breaches

PHP Developers Share Update on Recent Breach

The developers of the PHP scripting language have shared an update on the recently disclosed breach in which attackers planted malicious code. The malicious code, discovered in late March, was found in the php-src repository hosted on the git.php.net server and it was apparently designed to allow an attacker to remotely execute arbitrary PHP code. PHP developers said the backdoor was discovered before it was pushed out to users via an update. READ MORE...


Ransomware disrupted production at two manufacturing sites in Italy, investigators say

A ransomware incident earlier this year temporarily shut down production for two days at a pair of manufacturing facilities in Italy, incident responders at security firm Kaspersky said Wednesday. Kaspersky did not publicly identify the victim organization. But Vyacheslav Kopeytsev, a researcher with the firm's ICS-CERT unit, said in an email that the victim was a multinational firm headquartered in Germany that has factories in Italy. "The servers with the databases required [...]" READ MORE...

Hacking

VISA: Hackers increasingly using web shells to steal credit cards

Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers. Web shells are tools (scripts or programs) deployed by threat actors to gain and/or maintain access to hacked servers, remotely execute arbitrary code or commands, move laterally within a target's network, or deliver additional malicious payloads. READ MORE...


Tech support scammers lure victims with fake antivirus billing emails

Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign. While browsing the web, most people at one time or another have been redirected to a tech support scam web site that pretends your computer is infected and then prompts you to dial a displayed phone number. These scams are widespread on sites using low-quality ad networks, but it is far less common to receive them via email. READ MORE...

Malware

North Korean hackers use new Vyveva malware to attack freighters

The North Korean-backed Lazarus hacking group used new malware with backdoor capabilities dubbed Vyveva n targeted attacks against a South African freight logistics company. Vyveva was first used in a June 2020 attack as ESET researchers discovered, but further evidence shows Lazarus has been deploying it in previous attacks going back to at least December 2018. While ESET only found two machines infected with this malware, both of them belonging to the same South African freight company. READ MORE...


Hackers are abusing Discord, Slack file-sharing to distribute malware

Hackers are increasingly using Slack and Discord to distribute malware to unsuspecting victims, according to Cisco Talos research published Wednesday. Suspected cybercriminals have been uploading files to the platforms, which are then stored within the apps' content delivery networks, resulting in a link to malicious content. Attackers then share the link outside of Slack and Discord - over email or on other chat applications, for instance - allowing hackers to share the link wherever they want. READ MORE...


Fake Netflix App on Google Play Spreads Malware Via WhatsApp

Malware disguised as a Netflix app, lurking on the Google Play store, spread through WhatsApp messages, researchers have discovered. According to a Check Point Research analysis released on Wednesday, the malware masqueraded as an app called "FlixOnline," which advertised via WhatsApp messages promising "2 Months of Netflix Premium Free Anywhere in the World for 60 days." But once installed, the malware sets about stealing data and credentials. READ MORE...

Information Security

Voice-Changing Software Found on APT Attackers' Server

The discovery of voice-changing software on the server of APT-C-23 could have implications for the group's future phishing attacks, Cado Security researchers report. APT-C-23, a group connected to attacks in the Middle East, is known as part of a larger group called "Molerats" that is mostly located in Palestine, the report states. Molerats usually target political parties in Palestine and the Israeli government, specifically the Israeli Defense Force (IDF). READ MORE...


Cybercriminals are using Telegram bots, Google Forms to gather stolen user data

Cybercriminals are increasingly using legitimate services such as Google Forms and Telegram to gather user data stolen on phishing websites. Alternative ways to collect data help cybercriminals keep it safe and start using the information immediately, says Group-IB. In addition, ready-to-go platforms that automate phishing and which are available on the darknet also have Telegram bots at their core, with admin panel that is used to manage the entire process of the phishing attack. READ MORE...

Exploits/Vulnerabilities

$200,000 Awarded for Zero-Click Zoom Exploit at Pwn2Own

Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction. The exploit, demonstrated by Daan Keuper and Thijs Alkemade from Computest, involves three vulnerabilities and it works on the latest versions of Windows 10 and Zoom. In the demo at Pwn2Own, the victim saw a meeting invitation from the attacker, but the victim didn't actually have to click anything to trigger the code execution. READ MORE...


Cring Ransomware Used in Attacks on European Industrial Firms

Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report. Researchers with Kaspersky say several companies in Europe's industrial sector were recent victims of attacks using Cring ransomware. Attackers exploited CVE-2018-13379, a vulnerability in Fortigate SSL VPN servers, to gain access to the victim's networks, researchers report. The unpatched servers were exposed to the Internet. READ MORE...

Encryption

Belgian police seize 28 tons of cocaine after 'cracking' Sky ECC's chat app encryption

The Belgian plod says it seized 27.64 tons of cocaine worth €1.4bn (£1.2bn, $1.65bn) from shipments into Antwerp in the past six weeks after defeating the encryption in the Sky ECC chat app to read drug smugglers' messages. "During a judicial investigation into a potential service criminal organization suspected of knowingly providing encrypted telephones to the criminal environment, police specialist managed to crack the encrypted messages from Sky ECC," the Belgian police claimed, CNN reports. READ MORE...

On This Date

  • ...in 1820, the Venus de Milo is discovered in ancient Greek ruins on the Aegean island of Milos.
  • ...in 1904, Longacre Square in Manhattan is renamed Times Square, after The New York Times.
  • ...in 1959, computer scientist Grace Hopper and leaders from science and industry discuss the creation of a new programming language, COBOL.
  • ...in 1974, Hank Aaron of the Atlanta Braves hits his 715th career home run, breaking Babe Ruth's record.