April 27, 2020 By David Bisson 3 min read

Last week in security news, researchers revealed their discovery of a vulnerability that enables bad actors to infect iPads and iPhones by sending a specially crafted email. Speaking of vulnerabilities, a rising botnet leveraged an exploit that incorporated a zero-day flaw in order to target fiber routers. Another botnet also made headlines after security researchers succeeded in sinkholing its domains.

Top Story of the Week: Infecting a Device via a Specially Crafted Email

ZecOps observed that digital attackers could trigger a vulnerability by sending a specially crafted message to a target’s mailbox. When opened in the iOS MobileMail application on iOS 12 or maild on iOS 13, the vulnerability enabled malicious actors to execute remote code for the purpose of infecting their mobile devices. Threat actors used this vulnerability to go after a VIP from Germany, a journalist in Europe and other specific targets.

Over the course of its investigation, ZecOps attempted to discover another trigger. This effort led it to uncover another vulnerability that amounted to a remote heap overflow flaw.

Source: iStock

Also in Security News

  • New Evasion Capabilities Added to Emotet: MalwareTech observed that one Emotet botnet known as “E2” was leveraging hashbusting to change its file hash on every infected machine, thereby making it more difficult to track. The researcher also revealed that malware authors could obfuscate code flow in Emotet to mutate the malware.
  • Typosquatting Leveraged by Bad Actors to Conceal Malicious RubyGems: ReversingLabs discovered more than 400 malicious packages in the RubyGems software repository, including one that users had downloaded 2,100 times. Those packages used typosquatting to make their names similar to those of popular packages, or gems.
  • Wi-Fi Profile Credentials Targeted by AgentTesla Variant: Researchers at Malwarebytes detected that a new variant of AgentTesla used the “netsh” process to pass “wlan show profile” as its argument. After extracting available Wi-Fi names, the malware used a command to steal the credentials for each Wi-Fi profile.
  • Malware Dropper Incorporated Obfuscation Into Arrays: Sucuri Security detected a malware dropper that used concatenated array values defined in the malicious code’s first variable to obfuscate its code. Upon downloading its payload and its intended fileneame via curl, the dropper also used file_put_contents to create a malicious file on a web server.
  • Spanish and Portuguese-Speaking Users Targeted by New Android Banker: A new Android banking Trojan attracted IBM X-Force’s attention for its attacks targeting users in Portugal, Spain, Brazil and Latin America. For distribution, the malware relied on malicious messages which redirected users to web pages that attempted to trick them into downloading an updated version of a security software app.
  • Cybersecurity Incidents Affect Employees’ Personal Lives, Study Reveals: In a new report, Kaspersky found that security incidents had affected the personal lives of employees in multiple ways. Nearly a third (32 percent) of employees said they needed to work overnight due to a security incident, while others said they had to miss an important personal event or cancel a vacation at 30 percent and 27 percent, respectively.
  • Zero-Day Vulnerabilities Abused by Moobot to Target Routers: The Moobot botnet attracted the attention of the Network Security Research Lab at 360 earlier in the spring when it began abusing an exploit that leveraged two bugs, including a zero-day flaw, to target routers. The Fbot and Gafgyt botnets also attempted to abuse the flaw, but those attempts were largely unsuccessful.
  • Monero-Mining VictoryGate Botnet’s Activity Disrupted: ESET revealed that it had actively sinkholed some of the command-and-control (C&C) domains used by VictoryGate, a previously undocumented botnet that performs Monero-mining functionality on victims’ devices. It also disclosed that it had cooperated with a DNS provider to remove the attacker’s control of the bots.

Security Tip of the Week: Focus on Your Patch Management Efforts

Security professionals need to make sure they’ve tuned their patching programs, so they can quickly respond to newly disclosed vulnerabilities as needed. One way to stay prepared is by continually assessing and prioritizing the systems and functions that are most critical to enterprise environments. Security teams should also periodically review the success of their patching systems by evaluating historical data on how long it takes to implement a patch.

More from

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today