April 27, 2020 By David Bisson 3 min read

Last week in security news, researchers revealed their discovery of a vulnerability that enables bad actors to infect iPads and iPhones by sending a specially crafted email. Speaking of vulnerabilities, a rising botnet leveraged an exploit that incorporated a zero-day flaw in order to target fiber routers. Another botnet also made headlines after security researchers succeeded in sinkholing its domains.

Top Story of the Week: Infecting a Device via a Specially Crafted Email

ZecOps observed that digital attackers could trigger a vulnerability by sending a specially crafted message to a target’s mailbox. When opened in the iOS MobileMail application on iOS 12 or maild on iOS 13, the vulnerability enabled malicious actors to execute remote code for the purpose of infecting their mobile devices. Threat actors used this vulnerability to go after a VIP from Germany, a journalist in Europe and other specific targets.

Over the course of its investigation, ZecOps attempted to discover another trigger. This effort led it to uncover another vulnerability that amounted to a remote heap overflow flaw.

Source: iStock

Also in Security News

  • New Evasion Capabilities Added to Emotet: MalwareTech observed that one Emotet botnet known as “E2” was leveraging hashbusting to change its file hash on every infected machine, thereby making it more difficult to track. The researcher also revealed that malware authors could obfuscate code flow in Emotet to mutate the malware.
  • Typosquatting Leveraged by Bad Actors to Conceal Malicious RubyGems: ReversingLabs discovered more than 400 malicious packages in the RubyGems software repository, including one that users had downloaded 2,100 times. Those packages used typosquatting to make their names similar to those of popular packages, or gems.
  • Wi-Fi Profile Credentials Targeted by AgentTesla Variant: Researchers at Malwarebytes detected that a new variant of AgentTesla used the “netsh” process to pass “wlan show profile” as its argument. After extracting available Wi-Fi names, the malware used a command to steal the credentials for each Wi-Fi profile.
  • Malware Dropper Incorporated Obfuscation Into Arrays: Sucuri Security detected a malware dropper that used concatenated array values defined in the malicious code’s first variable to obfuscate its code. Upon downloading its payload and its intended fileneame via curl, the dropper also used file_put_contents to create a malicious file on a web server.
  • Spanish and Portuguese-Speaking Users Targeted by New Android Banker: A new Android banking Trojan attracted IBM X-Force’s attention for its attacks targeting users in Portugal, Spain, Brazil and Latin America. For distribution, the malware relied on malicious messages which redirected users to web pages that attempted to trick them into downloading an updated version of a security software app.
  • Cybersecurity Incidents Affect Employees’ Personal Lives, Study Reveals: In a new report, Kaspersky found that security incidents had affected the personal lives of employees in multiple ways. Nearly a third (32 percent) of employees said they needed to work overnight due to a security incident, while others said they had to miss an important personal event or cancel a vacation at 30 percent and 27 percent, respectively.
  • Zero-Day Vulnerabilities Abused by Moobot to Target Routers: The Moobot botnet attracted the attention of the Network Security Research Lab at 360 earlier in the spring when it began abusing an exploit that leveraged two bugs, including a zero-day flaw, to target routers. The Fbot and Gafgyt botnets also attempted to abuse the flaw, but those attempts were largely unsuccessful.
  • Monero-Mining VictoryGate Botnet’s Activity Disrupted: ESET revealed that it had actively sinkholed some of the command-and-control (C&C) domains used by VictoryGate, a previously undocumented botnet that performs Monero-mining functionality on victims’ devices. It also disclosed that it had cooperated with a DNS provider to remove the attacker’s control of the bots.

Security Tip of the Week: Focus on Your Patch Management Efforts

Security professionals need to make sure they’ve tuned their patching programs, so they can quickly respond to newly disclosed vulnerabilities as needed. One way to stay prepared is by continually assessing and prioritizing the systems and functions that are most critical to enterprise environments. Security teams should also periodically review the success of their patching systems by evaluating historical data on how long it takes to implement a patch.

More from

Change Healthcare discloses $22M ransomware payment

3 min read - UnitedHealth Group CEO Andrew Witty found himself answering questions in front of Congress on May 1 regarding the Change Healthcare ransomware attack that occurred in February. During the hearing, he admitted that his organization paid the attacker's ransomware request. It has been reported that the hacker organization BlackCat, also known as ALPHV, received a payment of $22 million via Bitcoin.Even though they made the ransomware payment, Witty shared that Change Healthcare did not get its data back. This is a…

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

How I got started: AI security researcher

4 min read - For the enterprise, there’s no escape from deploying AI in some form. Careers focused on AI are proliferating, but one you may not be familiar with is AI security researcher. These AI specialists are cybersecurity professionals who focus on the unique vulnerabilities and threats that arise from the use of AI and machine learning (ML) systems. Their responsibilities vary, but key roles include identifying and analyzing potential security flaws in AI models and developing and testing methods malicious actors could…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today