Cyware Daily Threat Intelligence, October 06, 2020

Share Blog post

Messing with previously-known vulnerabilities for cyberattacks has never been out-of-fashion for threat actors. Throwing light on the growing threat, researchers have discovered a new jailbreaking technique that uses the combination of checkm8 exploit with the Blackbird vulnerability. With this, they claim that an attacker can get access to iMacs, Mac Pro, and MacBook devices, including those that use Apple’s latest line of T2 security chips.

In other news, Microsoft has warned about an ongoing attack campaign that leverages the Zerologon vulnerability. The attack is carried out by the Iranian-based MuddyWater threat actor group and has been active for the last two weeks.

Moreover, a bunch of vulnerabilities found in a wide range of security solutions from various vendors, including the likes of Kaspersky, McAfee, Symantec, Fortinet, and Microsoft Defender, could have allowed threat actors to install malware into devices.

Top Breaches Reported in the Last 24 Hours

BOOM! Mobile firm targeted
Oklahoma-based Boom! Mobile has become the latest target of the Fullz House group’s skimming attack. The hacker group injected a malicious JavaScript code into the payment portal of the website to steal shopper information. Researchers believe that the website was compromised due to the use of an old version of PHP that is no longer supported.

Israeli executives targeted
Hackers targeted about 20 Israeli cryptocurrency executives in early September in an attempt to pilfer their funds by hacking into their phones and stealing identities. Many of the executives had their Telegram and email accounts breached in this attempt.

Snewpit exposes data
Snewpit, an Australian news sharing platform, took an unsecured bucket offline after it was left open on the internet for almost five weeks. The bucket contained close to 80,000 user records, including usernames, full names, email addresses, and profile pictures.

Top Malware Reported in the Last 24 Hours

Emotet campaign
Researchers are warning of a fresh wave of phishing attacks that causes the propagation of Emotet trojan. The attackers are using election-related lures to trick users into clicking on the email. The spoofed messages appear to come from the Democratic National Committee or the U.S. Election Assistance Commission.

MosaicRegressor UEFI rootkit
MosaicRegressor is the second-ever UEFI rootkit after LoJax that is being used in the wild. It is a multi-stage malware framework used by Chinese-speaking hackers in data theft and espionage operations.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable antivirus solutions
Security vulnerabilities impacting a wide range of antivirus software could have enabled attackers to elevate their privileges and install malware on compromised devices. The impacted software includes those from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira, and Microsoft Defender. The respective vendors have released patches to fix the flaws.

New jailbreak method
Researchers claim to have devised a new jailbreaking method against iMac, Mac Pro, and MacBook devices that use Apple’s latest line of T2 security chips. This includes the combination of last year’s checkm8 exploit with the recently discovered Blackbird vulnerability.

Zerologon flaw exploited in the wild
Microsoft has issued an alert about an ongoing attack that involves the exploitation of the Zerologon flaw. Carried out by the Iranian-based MuddyWater threat actor group, the attack campaign has been active for the last two weeks. The firm has recommended several measures to prevent such attacks.

WordPress plugins fixed
Two high-severity vulnerabilities found in Post Grid and Team Showcase plugins have been fixed by developers. The issues are related to cross-site scripting and PHP object-injection flaws. They could have let attackers take control of websites.

Top Scams Reported in the Last 24 Hours

$15 million heist
Cybercrooks made off with $15 million from a U.S. company in a two-month-long BEC scam. The attackers had leveraged Microsoft Office 365 email service for domain impersonating the two parties involved in the transaction. Moreover, these fake domains were registered under the GoDaddy registrar to trick the recipients. The attackers had used inbox filtering rules to move messages from specific email addresses to a hidden folder. 

 Tags

checkm8 exploit
snewpit
zerologon vulnerability
kaspersky antivirus
boom mobile
emotet campaign
fortinet

Posted on: October 06, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!