Last week in security news, researchers revealed their discovery of a vulnerability that enables bad actors to infect iPads and iPhones by sending a specially crafted email. Speaking of vulnerabilities, a rising botnet leveraged an exploit that incorporated a zero-day flaw in order to target fiber routers. Another botnet also made headlines after security researchers succeeded in sinkholing its domains.

Top Story of the Week: Infecting a Device via a Specially Crafted Email

ZecOps observed that digital attackers could trigger a vulnerability by sending a specially crafted message to a target’s mailbox. When opened in the iOS MobileMail application on iOS 12 or maild on iOS 13, the vulnerability enabled malicious actors to execute remote code for the purpose of infecting their mobile devices. Threat actors used this vulnerability to go after a VIP from Germany, a journalist in Europe and other specific targets.

Over the course of its investigation, ZecOps attempted to discover another trigger. This effort led it to uncover another vulnerability that amounted to a remote heap overflow flaw.

Source: iStock

Also in Security News

  • New Evasion Capabilities Added to Emotet: MalwareTech observed that one Emotet botnet known as “E2” was leveraging hashbusting to change its file hash on every infected machine, thereby making it more difficult to track. The researcher also revealed that malware authors could obfuscate code flow in Emotet to mutate the malware.
  • Typosquatting Leveraged by Bad Actors to Conceal Malicious RubyGems: ReversingLabs discovered more than 400 malicious packages in the RubyGems software repository, including one that users had downloaded 2,100 times. Those packages used typosquatting to make their names similar to those of popular packages, or gems.
  • Wi-Fi Profile Credentials Targeted by AgentTesla Variant: Researchers at Malwarebytes detected that a new variant of AgentTesla used the “netsh” process to pass “wlan show profile” as its argument. After extracting available Wi-Fi names, the malware used a command to steal the credentials for each Wi-Fi profile.
  • Malware Dropper Incorporated Obfuscation Into Arrays: Sucuri Security detected a malware dropper that used concatenated array values defined in the malicious code’s first variable to obfuscate its code. Upon downloading its payload and its intended fileneame via curl, the dropper also used file_put_contents to create a malicious file on a web server.
  • Spanish and Portuguese-Speaking Users Targeted by New Android Banker: A new Android banking Trojan attracted IBM X-Force’s attention for its attacks targeting users in Portugal, Spain, Brazil and Latin America. For distribution, the malware relied on malicious messages which redirected users to web pages that attempted to trick them into downloading an updated version of a security software app.
  • Cybersecurity Incidents Affect Employees’ Personal Lives, Study Reveals: In a new report, Kaspersky found that security incidents had affected the personal lives of employees in multiple ways. Nearly a third (32 percent) of employees said they needed to work overnight due to a security incident, while others said they had to miss an important personal event or cancel a vacation at 30 percent and 27 percent, respectively.
  • Zero-Day Vulnerabilities Abused by Moobot to Target Routers: The Moobot botnet attracted the attention of the Network Security Research Lab at 360 earlier in the spring when it began abusing an exploit that leveraged two bugs, including a zero-day flaw, to target routers. The Fbot and Gafgyt botnets also attempted to abuse the flaw, but those attempts were largely unsuccessful.
  • Monero-Mining VictoryGate Botnet’s Activity Disrupted: ESET revealed that it had actively sinkholed some of the command-and-control (C&C) domains used by VictoryGate, a previously undocumented botnet that performs Monero-mining functionality on victims’ devices. It also disclosed that it had cooperated with a DNS provider to remove the attacker’s control of the bots.

Security Tip of the Week: Focus on Your Patch Management Efforts

Security professionals need to make sure they’ve tuned their patching programs, so they can quickly respond to newly disclosed vulnerabilities as needed. One way to stay prepared is by continually assessing and prioritizing the systems and functions that are most critical to enterprise environments. Security teams should also periodically review the success of their patching systems by evaluating historical data on how long it takes to implement a patch.

More from

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read