Last week in security news, researchers revealed their discovery of a vulnerability that enables bad actors to infect iPads and iPhones by sending a specially crafted email. Speaking of vulnerabilities, a rising botnet leveraged an exploit that incorporated a zero-day flaw in order to target fiber routers. Another botnet also made headlines after security researchers succeeded in sinkholing its domains.

Top Story of the Week: Infecting a Device via a Specially Crafted Email

ZecOps observed that digital attackers could trigger a vulnerability by sending a specially crafted message to a target’s mailbox. When opened in the iOS MobileMail application on iOS 12 or maild on iOS 13, the vulnerability enabled malicious actors to execute remote code for the purpose of infecting their mobile devices. Threat actors used this vulnerability to go after a VIP from Germany, a journalist in Europe and other specific targets.

Over the course of its investigation, ZecOps attempted to discover another trigger. This effort led it to uncover another vulnerability that amounted to a remote heap overflow flaw.

Source: iStock

Also in Security News

  • New Evasion Capabilities Added to Emotet: MalwareTech observed that one Emotet botnet known as “E2” was leveraging hashbusting to change its file hash on every infected machine, thereby making it more difficult to track. The researcher also revealed that malware authors could obfuscate code flow in Emotet to mutate the malware.
  • Typosquatting Leveraged by Bad Actors to Conceal Malicious RubyGems: ReversingLabs discovered more than 400 malicious packages in the RubyGems software repository, including one that users had downloaded 2,100 times. Those packages used typosquatting to make their names similar to those of popular packages, or gems.
  • Wi-Fi Profile Credentials Targeted by AgentTesla Variant: Researchers at Malwarebytes detected that a new variant of AgentTesla used the “netsh” process to pass “wlan show profile” as its argument. After extracting available Wi-Fi names, the malware used a command to steal the credentials for each Wi-Fi profile.
  • Malware Dropper Incorporated Obfuscation Into Arrays: Sucuri Security detected a malware dropper that used concatenated array values defined in the malicious code’s first variable to obfuscate its code. Upon downloading its payload and its intended fileneame via curl, the dropper also used file_put_contents to create a malicious file on a web server.
  • Spanish and Portuguese-Speaking Users Targeted by New Android Banker: A new Android banking Trojan attracted IBM X-Force’s attention for its attacks targeting users in Portugal, Spain, Brazil and Latin America. For distribution, the malware relied on malicious messages which redirected users to web pages that attempted to trick them into downloading an updated version of a security software app.
  • Cybersecurity Incidents Affect Employees’ Personal Lives, Study Reveals: In a new report, Kaspersky found that security incidents had affected the personal lives of employees in multiple ways. Nearly a third (32 percent) of employees said they needed to work overnight due to a security incident, while others said they had to miss an important personal event or cancel a vacation at 30 percent and 27 percent, respectively.
  • Zero-Day Vulnerabilities Abused by Moobot to Target Routers: The Moobot botnet attracted the attention of the Network Security Research Lab at 360 earlier in the spring when it began abusing an exploit that leveraged two bugs, including a zero-day flaw, to target routers. The Fbot and Gafgyt botnets also attempted to abuse the flaw, but those attempts were largely unsuccessful.
  • Monero-Mining VictoryGate Botnet’s Activity Disrupted: ESET revealed that it had actively sinkholed some of the command-and-control (C&C) domains used by VictoryGate, a previously undocumented botnet that performs Monero-mining functionality on victims’ devices. It also disclosed that it had cooperated with a DNS provider to remove the attacker’s control of the bots.

Security Tip of the Week: Focus on Your Patch Management Efforts

Security professionals need to make sure they’ve tuned their patching programs, so they can quickly respond to newly disclosed vulnerabilities as needed. One way to stay prepared is by continually assessing and prioritizing the systems and functions that are most critical to enterprise environments. Security teams should also periodically review the success of their patching systems by evaluating historical data on how long it takes to implement a patch.

More from

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk…

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

How Do Threat Hunters Keep Organizations Safe?

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and…

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…