Cyware Daily Threat Intelligence, April 24, 2020

Share Blog post

The popular video-conferencing app, Zoom, has come under the scanner again for a newly discovered vulnerability that can let hackers spy on a session. The seriousness of the flaw lies in the fact that it can allow malicious actors to record meetings anonymously even when the recording option is disabled. Moreover, it affects all the latest versions of the software. 

Meanwhile, Apple too has disclosed a bug that arises due to a string of texts - an Italian flag emoji and characters in the Sindhi language. While details about the strings’ origin are unclear, researchers claim that the flaw can cause an iPhone or iPad to crash.  

The terror of Sodinokibi ransomware was also noticed in the last 24 hours after its operators published pictures of documents stolen from SeaChange, online. The images included a screenshot of folders containing a bank statement, insurance certificates, a driver’s license, and a cover letter for a proposal for a Pentagon video-on-demand service.

Top Breaches Reported in the Last 24 Hours

SeaChange hit by ransomware
Massachusetts-based video delivery software solutions company, SeaChange, has become the latest victim of the Sodinokibi ransomware. As proof of the attack, the operators had published images of some of the documents that were stolen from the company. The images included a screenshot of folders containing a bank statement, insurance certificates, a driver’s license, and a cover letter for a proposal for a Pentagon video-on-demand service.

Leaked source code
The leaked source code for Counter-Strike: Global Offensive and Team Fortress 2 has raised security concerns for gamers. However, Valve, the developer of the two games, has claimed that the source code in question is older and that it was already part of a known leak from 2018.

Top Malware Reported in the Last 24 Hours

Phishing campaign abuses gTLD domain
A new phishing campaign that targets remote workers using Skype has been observed recently. The users are lured with emails that claim to provide fake notifications about the service. The email includes a link, which when clicked, redirects the victim to a phishing page that uses the “.app” generic top-level domain (gTLD) - managed by Google. By using the gTLD domain, the attackers aim to bypass phishing protection while stealing credentials from users.

Top Vulnerabilities Reported in the Last 24 Hours

Text bomb bug
A bug in iOS has emerged enabling a certain string of text to cause an iPhone or iPad to crash. The text string, for which the bug has been noticed, includes the Italian flag emoji and characters in the Sindhi language. Though details about the origin of the text string are unclear, it is claimed that the original source seems to have been from a Telegram group. One temporary fix for this bug is to disable notifications on your devices.

Serious bug in Zoom
Security researchers have observed a new vulnerability that can be abused to spy on Zoom sessions. The vulnerability lets attackers inject malware into the Zoom process, even when the recording option is disabled for the user. The flaw is dangerous as attackers can exploit it in the latest version of Zoom, with all the security features turned on and antivirus software installed and running.

Microsoft patches RCE flaws
Microsoft has released a new patch for multiple RCE vulnerabilities in software that uses the Autodesk FBX library. The flaws are tracked as CVE-2020-7080, CVE-2020-7081, CVE-2020-7082, CVE-2020-7083, CVE-2020-7084, and CVE-2020-7085. Other products that are affected by the flaws in the library include Fusion, FBX-SDK, Maya, MotionBuilder, Mudbox, and Infraworks.

Bluetooth bug patched
A vulnerability found in a protocol used by Bluetooth to stream music on a connected device has been fixed by Android’s security team. A hacker in close proximity to a Bluetooth-enabled Android device could exploit the flaw to compromise a user’s mobile device wirelessly.

Top Scams Reported in the Last 24 Hours

BEC scam
In a highly-targeted BEC attack, hackers tricked three British private equity firms into making wire transfers of $1.3 million. While nearly $70,000 was lost to the attackers, the remaining amount was recovered after researchers alerted the targeted firms in time. The attack was carried out by a sophisticated cybercrime gang, dubbed ‘The Florentine Banker’. The gang had launched similar spear-phishing attacks against the manufacturing, construction, legal, and finance sectors located in the US, Canada, Switzerland, Italy, Germany, and India.

Fake Heineken freebies
Fraudsters are leveraging the COVID-19 lockdown to trick users into free Heineken beer kegs. The scam is circulated via WhatsApp and claims to be a limited-time offer to grab a free beer. An individual willing to have a free beer is required to fill out a one-minute survey.

 Tags

gtld domain
text bomb bug
sodinokibi ransomware
zoom
covid 19 lockdown
bluetooth bug
british private equity firms

Posted on: April 24, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!