The scope of cyberattacks is expanding and so is the malicious intent of cybercriminals. In an interesting twist, cryptominers are widely targeting educational organizations in the U.S. to covertly mine cryptocurrency. Researchers indicate that a miner dubbed UPX-packed cpuminer is being used to drive the campaign.
A new backdoor named SideTwist has emerged in the past 24 hours. The development came to light after researchers uncovered a new cyberespionage campaign that is linked to the Iran-based APT34 group and targeted organizations in Lebanon.
Top Breaches Reported in the Last 24 Hours
Michigan State University impacted
Michigan State University (MSU) has been impacted by a data breach that arose due to a cyberattack on an Ohio law firm Bricker & Eckler LLP. An investigation into the incident revealed that an unauthorized party had gained access to certain internal systems of the law firm between January 14 and January 31.
Belden updates on data breach
In a new revelation, Belden has disclosed that additional details were accessed and copied during the cyberattack in November 2020. The data accessed includes some current and former employee details, as well as limited company information regarding some business partners.
Educational organizations targeted
U.S. educational organizations are being targeted by threat actors in a massive cryptojacking attack. The first attack was spotted on February 16. Researchers say that a UPX-packed cpuminer has been delivered through malicious traffic.
Top Malware Reported in the Last 24 Hours
Iran-based APT34 group has been held responsible for a cyberespionage campaign that targeted organizations in Lebanon. The campaign was carried out through phishing emails that ultimately resulted in the deployment of a new backdoor called SideTwist. The backdoor is capable of exfiltrating sensitive information from compromised systems.
Adware through malicious apps
Malicious Android apps disguised as TikTok and offers for free Lenovo laptops are being used to propagate adware on smartphones. Threat actors are taking advantage of SMSes and WhatsApp messages to lure users into downloading malicious apps.
Top Vulnerabilities Reported in the Last 24 Hours
PoC for Moodle flaw released
Researchers have released a PoC for a security flaw affecting the open-source learning platform Moodle. The flaw affects versions from 2.8 to 3.10 of the software and could lead to an account takeover of students and staff.
Mitigation for Slipstreaming attack
Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent ports from being abused in NAT Slipstreaming 2.0 attacks. The flaw allows attackers to bypass visitors’ NAT firewall and gain access to any TCP/UDP port on the visitors’ internal network.
PoC for BleedingTooth released
Google has disclosed details about three zero-click vulnerabilities in a Linux Bluetooth subsystem. Dubbed ‘BleedingTooth’, the flaws are tracked as CVE-2020-12352, CVE-2020-12351, and CVE-2020-24490.
Top Scams Reported in the Last 24 Hours
HTML code used for phishing
Fake antivirus billing scam
Researchers have uncovered a large-scale tech support scam that warns users to renew their antivirus subscriptions. The scam is widespread on sites using low-quality ad networks. When visitors visit any of these sites, they are redirected to a tech support scam website that warns them that their system is infected and prompts them to dial a displayed phone number.