North Korean cybercriminals are using a trio of malware—FastFire, FastViewer, and FastSpy—against South Koreans. The Android malware set is capable of compromising almost all phone functions, ranging from hijacking communication channels to taking over the camera. In other news, researchers warned about a critical GitHub vulnerability exploiting which, an attacker can infect all applications and other code relying on the targeted GitHub repository. The hack is possible if a hacker applies the repojacking technique.
What more? Researchers found cyber adversaries posing as the Hungarian government to distribute Warzone RAT. The trick involves informing unsuspecting users about the arrival of new credentials pertaining to a government portal.
Top Breaches Reported in the Last 24 Hours
Medlab Pathology blurts out sensitive data
Australian Clinical Labs-owned Medlab Pathology exposed the health records and credit card information of nearly 223,000 patients and staff in a ransomware incident. The impacted Medlab server was taken offline to contain the attack. ACL said there was no evidence of misuse of any of the affected data, neither it came across any ransom demand.
Top Malware Reported in the Last 24 Hours
Malware campaign targeting South Korea
North Korean cyberespionage group Kimsuky was seen using three different malware to infect Android users in South Korea. The malware strains were identified as FastFire, FastViewer, and FastSpy. FastFire disguises itself as a Google security plug-in, FastViewer malware pretends to be Hancom Office Viewer, and FastSpy is downloaded via FastViewer, which attempts to seize control, intercept communications, and harvest other sensitive data.
New bypass behavior detection in Qakbot
Researchers at ASEC found a campaign by the Qakbot malware operators targeting Korean users. Hackers load the malware in ISO files but have now added a twist in bypass behavior detection methods. In one scenario, they hijacked an existing email thread and replied to it with a malicious file in the attachment.
Warzone RAT comes in ZIP
A phishing email impersonating the Hungarian government was discovered dropping Warzone RAT on Windows systems. Threat actors lure users into opening an attachment by telling them that their credentials have changed and the new ones have arrived in the attachment. The attached ZIP executable extracts the Warzone RAT and loads it into the memory.
Top Vulnerabilities Reported in the Last 24 Hours
High-severity GitHub flaw
Checkmarx uncovered a sensitive GitHub flaw that could let an unauthenticated user seize a GitHub repository and potentially infect all applications with malicious code by pulling off supply chain attacks. Attackers are reportedly using Repo Jacking, a technique to penetrate a GitHub repository by exploiting a “hidden” logical flaw in the architecture that makes renamed users susceptible to attacks.
Unfixed bugs in Windows
Two bugs in different Windows versions have been allowing cybercriminals to slip malicious documents past Microsoft's Mark of the Web (MotW) security feature. The researcher, who discovered the issues, stated that Microsoft has not released any fixes or any workaround for organizations to protect their users. The MotW feature offers protection to users against files from unsolicited sources on the internet.
Top Scams Reported in the Last 24 Hours
Fake LinkedIn email targets travel firm
Scammers are sending phishing emails purportedly originating from LinkedIn with the subject line "We noticed some unusual activity." The cyberattack is directed at a travel organization. As observed, hackers attempt to extract the social media credentials of the users from the targeted organization. It is to be noted that the phishing email cheated Google's email security controls after bypassing email authentication checks via SFP and DMARC.