IT Security Newsletter - 11/7/2019
North Korean hackers allegedly targeted Indian space agency
At least five critical Indian government agencies have been reportedly targeted by North Korean hackers in recent months, including its atomic regulatory board and space agency. The Indian Space Research Organisation (ISRO) was alerted by a US cyber security company to a potential malware breach in early September, according to the Indian Express. The alert suggested that cyber criminals had infiltrated master 'domain controllers' at the Kudankulam nuclear power plant and the ISRO using the same malware strain.
Legitimate TDS Platform Abused to Push Malware via Exploit Kits
Threat actors abused the legitimate Keitaro Traffic Direction System (TDS) to drive traffic to malware pushing RIG and Fallout exploit kits as part of both malvertising and malspam campaigns. A TDS is a web-based gateway designed to use various criteria to redirect users to a specific online resource. Legitimate ones like Keitaro are used by advertisers to optimize their advertising campaigns and to target specific audiences but are also known to be often leveraged by threat actors for various malicious tasks.
Specially Crafted ZIP Files Used to Bypass Secure Email Gateways
Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing campaign that utilized a specially crafted ZIP file that was designed to bypass secure email gateways to distribute the NanoCore RAT. Every ZIP archive contains a special structure that contains the compressed data and information about the compressed files.
WordPress sites hit by malvertising
An old piece of malware is storming the WordPress community, enabling its perpetrators to take control of sites and inject code of their choosing. According to WordPress security company Wordfence, which published a detailed white paper on the malware earlier this week, WP-VCD isn’t a new piece of malware. It dates back to February 2017, but it has recently become even more successful. The company says that it has topped their list of WordPress malware infections since August this year. New features have been added to the malware, but its core functions have remained the same.
A flaw in Amazon's Ring doorbells leaked customers' Wi-Fi credentials
Internet-connected doorbells sold by Amazon’s Ring service contained a security vulnerability that would have made it possible for hackers to intercept a customer’s Wi-Fi username and password, then launch a larger attack on the network, according to findings made public Thursday. Researchers from the Romanian security firm Bitdefender discovered earlier this year that when a user first configured their Ring doorbell app, it accepted credentials in an unsecure format.
Linux users warned to update libarchive to beat flaw
Every now and again, a security vulnerability is discovered in a program with little fanfare, despite the fact that it’s buried in plain sight inside software lots of people depend on. A good example is libarchive, which has a flaw discovered by Google researchers in May using the ClusterFuzz and OSSFuzz automated ‘fuzzing’ tools and fixed by libarchive’s maintainers on 12 June in version 3.4.0.