The cybersecurity landscape is full of surprises, especially when it comes to new malware and attack methods. Lately, researchers have deciphered a new SoCGholish attack technique that can help cyber crooks impersonate software updates to trick users into executing malicious ZIP files. The software impersonated includes legitimate browsers, Flash, and Microsoft Teams.
There has also been a discovery of a new ransomware called CoderWare that is being distributed via fake Android and Windows Installers for the Cyberpunk 2077 game. The ransomware uses the RC4 algorithm to encrypt files.
Top Breaches Reported in the Last 24 Hours
NSA warns about cloud attacks
The US National Security Agency has issued a security advisory
to warn people about two techniques that are being used to compromise local networks into cloud-based infrastructure. The advisory comes on the heel of the massive SolarWinds supply chain hack that has hit several US government agencies and private firms.
250,000 customers’ data affected
Ethical power supplier
has revealed that details of its 250,000 customers have been affected due to a security flaw in its IT system. The hackers exploited the flaw in order to steal data from the system.
Top Malware Reported in the Last 24 Hours
Cybercriminals have been distributing fake Android
and Windows installers for the Cyberpunk 2077 game which installs a ransomware called CoderWare onto the victims’ devices. These installers are distributed through cracks of copyright software and cheats.
Fake TousAntiCovid app
An unknown threat actor is making attempts to scam people using a fake COVID contact-tracing app called TousAntiCovid. The app is being used to distribute the Cerberus trojan.
Top Vulnerabilities Reported in the Last 24 Hours
Contact Form 7 flaw
A potential unrestricted file upload vulnerability in Contact Form 7
is found to have affected 5 million WordPress sites. Attackers can exploit the vulnerability to upload a file that can be executed as a script file on the underlying server. The flaw has been addressed with the release of the 7 5.3.2 version of the plugin.
Crypto authentication bypass
A severe authentication bypass vulnerability in Bouncy Castle
can allow an attacker to gain access to user or administrator accounts due to cryptographic weakness. The flaw is tracked as CVE-2020-28052 and exists in the OpenBSDBcrypt class of Bouncy Castle which implements the Bcrypt password hashing algorithm.
Researchers have devised a highly active attack framework called SocGholish that impersonates legitimate browser, Flash, and Microsoft Teams updates to trick users into executing malicious ZIP files. This iFrame technique helps attackers end around basic web filtering based on website categories since they are delivered from legitimate categories.