Light Dark
April 27, 2020 By David Bisson 3 min read

Last week in security news, researchers revealed their discovery of a vulnerability that enables bad actors to infect iPads and iPhones by sending a specially crafted email. Speaking of vulnerabilities, a rising botnet leveraged an exploit that incorporated a zero-day flaw in order to target fiber routers. Another botnet also made headlines after security researchers succeeded in sinkholing its domains.

Top Story of the Week: Infecting a Device via a Specially Crafted Email

ZecOps observed that digital attackers could trigger a vulnerability by sending a specially crafted message to a target’s mailbox. When opened in the iOS MobileMail application on iOS 12 or maild on iOS 13, the vulnerability enabled malicious actors to execute remote code for the purpose of infecting their mobile devices. Threat actors used this vulnerability to go after a VIP from Germany, a journalist in Europe and other specific targets.

Over the course of its investigation, ZecOps attempted to discover another trigger. This effort led it to uncover another vulnerability that amounted to a remote heap overflow flaw.

Source: iStock

Also in Security News

  • New Evasion Capabilities Added to Emotet: MalwareTech observed that one Emotet botnet known as “E2” was leveraging hashbusting to change its file hash on every infected machine, thereby making it more difficult to track. The researcher also revealed that malware authors could obfuscate code flow in Emotet to mutate the malware.
  • Typosquatting Leveraged by Bad Actors to Conceal Malicious RubyGems: ReversingLabs discovered more than 400 malicious packages in the RubyGems software repository, including one that users had downloaded 2,100 times. Those packages used typosquatting to make their names similar to those of popular packages, or gems.
  • Wi-Fi Profile Credentials Targeted by AgentTesla Variant: Researchers at Malwarebytes detected that a new variant of AgentTesla used the “netsh” process to pass “wlan show profile” as its argument. After extracting available Wi-Fi names, the malware used a command to steal the credentials for each Wi-Fi profile.
  • Malware Dropper Incorporated Obfuscation Into Arrays: Sucuri Security detected a malware dropper that used concatenated array values defined in the malicious code’s first variable to obfuscate its code. Upon downloading its payload and its intended fileneame via curl, the dropper also used file_put_contents to create a malicious file on a web server.
  • Spanish and Portuguese-Speaking Users Targeted by New Android Banker: A new Android banking Trojan attracted IBM X-Force’s attention for its attacks targeting users in Portugal, Spain, Brazil and Latin America. For distribution, the malware relied on malicious messages which redirected users to web pages that attempted to trick them into downloading an updated version of a security software app.
  • Cybersecurity Incidents Affect Employees’ Personal Lives, Study Reveals: In a new report, Kaspersky found that security incidents had affected the personal lives of employees in multiple ways. Nearly a third (32 percent) of employees said they needed to work overnight due to a security incident, while others said they had to miss an important personal event or cancel a vacation at 30 percent and 27 percent, respectively.
  • Zero-Day Vulnerabilities Abused by Moobot to Target Routers: The Moobot botnet attracted the attention of the Network Security Research Lab at 360 earlier in the spring when it began abusing an exploit that leveraged two bugs, including a zero-day flaw, to target routers. The Fbot and Gafgyt botnets also attempted to abuse the flaw, but those attempts were largely unsuccessful.
  • Monero-Mining VictoryGate Botnet’s Activity Disrupted: ESET revealed that it had actively sinkholed some of the command-and-control (C&C) domains used by VictoryGate, a previously undocumented botnet that performs Monero-mining functionality on victims’ devices. It also disclosed that it had cooperated with a DNS provider to remove the attacker’s control of the bots.

Security Tip of the Week: Focus on Your Patch Management Efforts

Security professionals need to make sure they’ve tuned their patching programs, so they can quickly respond to newly disclosed vulnerabilities as needed. One way to stay prepared is by continually assessing and prioritizing the systems and functions that are most critical to enterprise environments. Security teams should also periodically review the success of their patching systems by evaluating historical data on how long it takes to implement a patch.

 |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

May 2, 2024

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

May 1, 2024

New proposed federal data privacy law suggests big changes

3 min read - After years of work and unsuccessful attempts at legislation, a draft of a federal data privacy law was recently released. The United States House Committee on Energy and Commerce released the American Privacy Rights Act on April 7, 2024. Several issues stood in the way of passing legislation in the past, such as whether states could issue tougher rules and if individuals could sue companies for privacy violations. With the American Privacy Rights Act of 2024, the U.S. government established…

April 30, 2024

AI cybersecurity solutions detect ransomware in under 60 seconds

2 min read - Worried about ransomware? If so, it’s not surprising. According to the World Economic Forum, for large cyber losses (€1 million+), the number of cases in which data is exfiltrated is increasing, doubling from 40% in 2019 to almost 80% in 2022. And more recent activity is tracking even higher.Meanwhile, other dangers are appearing on the horizon. For example, the 2024 IBM X-Force Threat Intelligence Index states that threat group investment is increasingly focused on generative AI attack tools.Criminals have been…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature