IT Security Newsletter - 1/24/2020
The big questions from FTI's report on the Jeff Bezos hack
A cybersecurity forensics team has concluded with “medium to high confidence” that Saudi Crown Prince Mohammed bin Salman hacked Jeff Bezos’ iPhone X in 2018, but the analysis has not impressed the information security community. The firm, FTI Consulting, may have good reasons to conclude there was unauthorized exfiltration of data from Bezos’ phone after bin Salman sent him a WhatsApp message containing a suspicious video file.
9th Methbot suspect arrested in massive clickfraud ring
New York police have arrested yet another man suspected of running the clickfraud factory known as Methbot: a farm of 1,900 data servers rented to host 5,000 bogus websites and to concoct fictional traffic coming from fake visitors, thereby running up profits from advertising fraud. Methbot got its name from White Ops, the bot mitigation firm that discovered the Russian/Kazakhstani cyberforgery ring in 2016.
U.S. Gov Agency Targeted With Malware-Laced Emails
A U.S. government agency was targeted with spear phishing emails harboring several malware strains – including a never-before-seen malware downloader that researchers call “Carrotball.” The campaign, which researchers observed occurring from July to October and code-named “Fractured Statue,” involved six unique malicious document lures being sent as attachments from four different Russian email addresses to 10 unique targets.
Mac users are getting bombarded by laughably unsophisticated malware
Almost two years have passed since the appearance of Shlayer, a piece of Mac malware that gets installed by tricking targets into installing fake Adobe Flash updates. It usually does so after promising pirated videos, which are also fake. The lure may be trite and easy to spot, but Shlayer continues to be common—so much so that it’s the number one threat encountered by users of Kaspersky Labs’ antivirus programs for macOS.
TrickBot Now Steals Windows Active Directory Credentials
A new module for the TrickBot trojan has been discovered that targets the Active Directory database stored on compromised Windows domain controllers. TrickBot is typically download and installed on a computer through other malware. This most common malware that installs TrickBot is Emotet, which is distributed through spam with malicious Word document attachments.
Insecure configurations expose GE Healthcare devices to attacks
Researchers have found insecure configurations of the remote access and administration features present in several patient monitoring devices and servers made by GE Healthcare that are used in clinics and hospitals around the world. The identified issues involve the use of shared hard-coded credentials or no credentials at all for remote management features, as well as the use of outdated applications with known vulnerabilities.