Share Blog Post
- The Spanish Police confiscated servers and arrested the developers of Mobdro, an Android app that entrapped smartphones into proxies and DDoS botnets.
- The U.S. Department of Justice (DOJ) indicted a Swiss national for attacking more than 100 organizations and publishing proprietary information on their online website. Among the companies hacked, include Verkada, Intel Corp, and Nissan Motor Co.
- The CISA released a new tool to identify post-compromise malicious activity related to the SolarWinds hack. Named CISA Hunt and Incident Response Program (CHIRP), the Python-based forensics collection tool has been designed for Windows OS.
- The Telecommunications Industry Association (TIA) published a new white paper on SCS 9001, the first process-based supply chain security standard for the ICT industry. The new standard will be released later this year.
- Security agencies were found leaking troves of sensitive data in a major security lapse. Among the exposed data, includes the name of the author, operating system, author email, device details, file path information, and name of the PDF app.
- Around 103GB worth of data belonging to New Jersey-based Descartes Aljex Software was left exposed due to a misconfigured AWS S3 bucket. This affected more than 4,000 people that included customers, company employees, sales reps, and people working for third-party.
- Mimecast revealed that SolarWinds attackers broke into its internal network and downloaded source code from a limited number of repositories. The attackers, moreover, gained access to a subset of email addresses, salted and hashed credentials, and contact info.
- A threat actor leaked data, including customer and payment information, from the WeLeakInfo data breach site and published it on another hacker forum - RaidForums.
- Two cryptocurrency portals—Cream Finance and PancakeSwap services—are currently dealing with DNS hijacking attacks that redirected visitors to fake versions of their websites. The crooks attempted to collect seed phrases and private keys from visitors to gain access to wallets and steal their funds.
- The Canada Revenue Agency locked more than 800,000 taxpayers out of its platform on Saturday after it detected unauthorized third-party access. Following the attack, the attackers had obtained access to usernames and passwords.
- The infamous China Chopper web shell has been detected in Exchange Server-related attacks, alongside DearCry ransomware deployment. The web shell is one of the tools used by the Hafnium threat actor group.
- Around 20 popular travel apps are at risk of exposing data due to several misconfiguration issues. These apps are mainly related to booking and ride-sharing apps. The data that could be exposed includes bank account numbers, phone numbers, home addresses, credit card details, healthcare data, and dates of birth.
- ZHtrap is a new IoT botnet that inherits functionalities from the infamous Mirai botnet. The botnet works by exploiting vulnerabilities in DVRs, CCTV cameras, Netgear routers, and Realtek devices.
- An investigation reveals that the Satori botnet has added a new exploit that abuses a remote command execution vulnerability (CVE-2020-9020) in Iteris Vantage Velocity field unit version 2.3.1, 2.4.2, and 3.0.
- A phishing campaign that impersonates the IRS has been spotted distributing the Dridex banking trojan. The email uses the agency’s official logo and a spoofed sender domain of IRS[.]gov that claims to offer an application for financial assistance.
- Researchers have analyzed an active campaign that targets U.S. taxpayers with an intent to spread NetWire and Remcos trojans. The campaign leverages the U.S. tax season to lure victims.
- XcodeSpy is a new malware that targets Xcode projects used in macOS for developing Apple software and applications. The ultimate goal of the malware is to spread custom EggShell backdoors. So far, two variants of EggShell have been detected, one of which shared an encrypted string with XcodeSpy.
- Threat actors are using Google Ads to distribute a fake version of the Telegram desktop app. Three links spoofing Telegram’s website have been detected so far. One of these sites was used to spread AZORult trojan.
- Security researchers have discovered a new type of steganography technique that involves of hiding data inside a PNG image file posted on Twitter. Threat actors can exploit the method to obscure their nefarious activities on social media platforms.
- An espionage campaign dubbed Operation Diànxùn has been identified by the McAfee Advanced Threat Research Strategic Intelligence team. The attack tactics match those of RedDelta and Mustang Panda threat actors. The campaign is actively targeting telecommunication firms and the goal is suspected to be gaining access to covert information related to 5G technology.
- Researchers have discovered that more than 30 hacker groups have been using a malware crypter dubbed OnionCrypter. Written in C++, the malware crypter uses three layers of the encryption process. Some of the known malware that used the OnionCrypter include Lokibot, Zeus, AgentTesla, and Smokeloader.
- CopperStealer is an actively developed password and cookie stealer that targets the users of major service providers including Google, Facebook, Amazon, and Apple. The threat actors behind the malware are using compromised accounts to run malicious ads and deliver additional malware in subsequent malvertising campaigns. CopperStealer shows similar targeting and delivery methods with the SilentFade malware.
Posted on: March 19, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...