Author: Eduard Kovacs

Several cybersecurity companies have spotted campaigns that use coronavirus-themed emails to deliver malware, phishing attempts and scams. The new coronavirus outbreak, which started in China, has made a lot of headlines recently and has caused global panic. Over 40,000 infections have been confirmed and the death toll has exceeded 1,000. The virus has been named 2019-nCoV and Covid-19. Given the virus’s impact, it’s not surprising that cybercriminals and fraudsters have been leveraging the panic for their own gain. Alerts about cyber threats exploiting the coronavirus outbreak have been issued by several firms and new campaigns continue to emerge. One new…

Read More

Microsoft’s Patch Tuesday updates for February 2020 address 99 vulnerabilities, including an Internet Explorer zero-day reportedly exploited by a threat group known as DarkHotel. Microsoft disclosed the existence of the Internet Explorer zero-day on January 17, when it promised to release patches and provided a workaround. At the time, the company noted that it would likely only fix it with its February updates. The vulnerability, tracked as CVE-2020-0674, is caused by a memory corruption in the scripting engine used by Internet Explorer 9, 10 and 11. More precisely, the weakness exists in a library named jscript.dll, which provides compatibility with…

Read More

Adobe’s February 2020 Patch Tuesday updates fix a total of 42 vulnerabilities across the company’s Framemaker, Acrobat and Reader, Flash Player, Digital Editions and Experience Manager products. The highest number of flaws, 21, has been fixed in the Windows version of the Framemaker document processor. The vulnerabilities have been described as critical buffer overflow, heap overflow, out-of-bounds write, and memory corrupt issues that can lead to arbitrary code execution in the context of the current user. The security holes were reported to Adobe by a researcher who uses the online moniker “Kdot” through Trend Micro’s Zero Day Initiative. While the…

Read More

A researcher has discovered another DLL hijacking vulnerability in Dell SupportAssist that can be used to execute code with elevated privileges, and exploitation only requires low permissions. In an advisory published last week, Dell revealed that Dell SupportAssist for both business and home PCs is affected by an uncontrolled search path vulnerability that allows a local user with low privileges to execute arbitrary code with elevated permissions by getting the SupportAssist binaries to load arbitrary DLLs. The flaw, tracked as CVE-2020-5316 and classified as high severity, has been patched by Dell with the release of SupportAssist for business PCs version…

Read More

Attacks targeting operational technology (OT) infrastructure increased by over 2000 percent in 2019 compared to the previous year, and the piece of malware most commonly seen in these attacks was the Mirai variant named Echobot, IBM revealed on Tuesday. IBM’s 2020 X-Force Threat Intelligence Index summarizes the most prominent threats observed by the company’s researchers last year, including OT threats. Based on data derived from network event logs, IBM saw an increase of over 2000 percent in attacks targeting industrial control systems (ICS) and other OT assets compared to 2018. “In fact, the number of events targeting OT assets in…

Read More

An election application used by Israel’s Likud party has exposed the personal information of over 6 million voters. Likud, the party of Israeli Prime Minister Benjamin Netanyahu, has contracted a company named Feed-b to create an election management system called Elector, which has been advertised as highly secure. Developer and journalist Ran Bar-Zik discovered that the source code of the Elector website, which could easily be accessed by anyone from a browser using the “view page source” option, included administrator credentials. Using those credentials, anyone could have easily gained full access to the Elector application and all the data it…

Read More

A group of hackers called OurMine hijacked some of Facebook’s official Twitter and Instagram accounts over the weekend through a third-party social media management service. The hackers briefly hijacked the Twitter accounts of Facebook and its Messenger application, and the Instagram accounts of Facebook and Facebook Messenger. The hackers used the hijacked accounts to promote their “security services.” The group has offered to help individuals and companies protect their social media and email accounts. They claim to be an “elite” group of white hat hackers. “We have no bad intentions and only care about the security and privacy of your…

Read More

Three of the world’s largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to be a supply chain attack. TrapX Security reported this week that it had identified a cryptocurrency miner on several IoT devices at some major manufacturers, including automatic guided vehicles, a printer and a smart TV. Ori Bach, the CEO of TrapX, told SecurityWeek that the attacks appeared to be part of the same campaign. He said his company’s researchers discovered infections at three manufacturers, with multiple incidents recorded across over 50 sites in the Middle East,…

Read More

The U.S. Department of Justice has asked victims of the Quantum Stresser DDoS-for-hire service, whose operator was recently sentenced, to come forward. Quantum Stresser was run by 24-year-old David Bukoski of Hanover Township, Pennsylvania. According to authorities, the service had roughly 70-80,000 subscribers between 2011 and 2018, and in 2018 customers launched or attempted to launch approximately 50,000 DDoS attacks aimed at individuals or organizations. Bukoski was indicted in 2018 and in August 2019 he pleaded guilty to aiding and abetting computer intrusions. He was sentenced on February 4 to five years probation and six months of community confinement —…

Read More

Japanese defense contractors Pasco and Kobe Steel this week disclosed cyber intrusions they suffered back in 2016 and 2018. Pasco is Japan’s largest geospatial service provider and Kobe Steel is a major steel manufacturer. The two companies disclosed the breaches after Japan’s Ministry of Defense announced last week that two unnamed contractors, in addition to Mitsubishi Electric and NEC, had been targeted in cyberattacks. Both companies and the Ministry of Defense said that no classified government information was compromised. Pasco also said it had not found any evidence that personal or business information had been exfiltrated, but in Kobe’s case…

Read More