Cyber Security News - July 2021
29/07/2021
New Android Malware identified to Spy and Steal Passwords from Victims
RAT, a undocumented Android-based remote access trojan has been identified to use screen recording features to steal user sensitive information on the device, such as banking credentials, and open the door for on-device fraud.
Dubbed "Vultur", its use of Virtual Network Computing (VNC)'s remote screen-sharing technology allows the threat actor full visibility on targeted users with additional keylogging. The mobile malware, named "Protection Guard' was distributed via the official Google Play Store, attracting over 5,000 installations. It is said that banking and crypto-wallet apps from users were the primary targets.
"For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," ThreatFabric said in a write-up shared with The Hacker News.
28/07/2021
XLoader malware infects Macs by collecting keystrokes, screenshots, and more
According to reports, XLoader malware, which was previously only thought to be on Windows machines, has been identified to attack Mac OS devices also. An evolution of the malware known as Formbook, which lets attackers log keystrokes, take screenshots, and access other private information is thought to be active since 21/07/2021.
The malware, Formbook, is sold on the dark web for $49, enabling anyone to deploy it against both Windows and Mac users. The positive news is that it requires user action before the malware can be triggered.
Security researchers at Check Point discovered it. Yaniv Balmas, head of cyber research at Check Point Software, said that Mac owners shouldn’t be complacent.
"Historically, MacOS malware hasn’t been that common. They usually fall into the category of ‘spyware’, not causing too much damage. I think there is a common incorrect belief with MacOS users that Apple platforms are more secure than other more widely used platforms. While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous. Our recent findings are a perfect example and confirm this growing trend. With the increasing popularity of MacOS platforms, it makes sense for cyber criminals to show more interest in this domain, and I personally anticipate seeing more cyber threats following the Formbook malware family"
28/07/2021
Apple Releases Urgent 0-Day vulnerability Patch for Mac, iPhone and iPad Devices
On Monday (26/07/2021), Apple rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day vulnerability that may have been actively exploited. This latest patch makes it the thirteenth known vulnerability Apple has patched since the start of 2021
The update has now gone live, after the released their latest software updates: iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5. The Apple patch fixes a memory corruption issue (CVE-2021-30807) in the IOMobileFrameBuffer component, a kernel extension for managing the screen framebuffer, that could be abused to execute arbitrary code with kernel privileges.
Apple have stated that they have addressed the issue, noting they are "aware of a report that this issue may have been actively exploited." Additional details about the flaw have not been disclosed to prevent the weaponization of the vulnerability for additional attacks.
20/07/2021
China accused of attacking Microsoft Exchange Servers
According to BBC, the attack targeted Microsoft Exchange Servers, impacting at least 30,000 organisations globally'. The UK, US and EU have all accused China of carrying out the attack which began in January 2021, where Chinese-linked group, 'Hafnium' began creating backdoors within Microsoft Exchange, so that they could continue returning. Microsoft announced the vulnerbility and have said to of patched it on March 2nd.
"We believe that cyber-operators working under the control of Chinese intelligence learned about the Microsoft vulnerability in early January, and were racing to exploit the vulnerability before [it] was widely identified in the public domain," a security source told the BBC.
China has since denied allegations and say they oppose 'all forms of cyber-crime.'
.
19/07/2021
NSO Group spyware deployed on iPhones running latest iOS
Amnesty International, a human rights non-governmental organisation has revealed in a recent report they have found spyware made by Israeli firm NSO group deployed on Apple iPhones running the latest IOS release, IOS 14.6, and older IOS versions, hacked using zero-day, zero-click iMessage exploits. Reports also suggest that the exploit does not require any interaction from the intended target to be successful.
Furthermore, reports suggest Citizen Lab has been able to observe NSO Pegasus spyware being installed on certain iPhone models running certain versions of IOS (such as 14.4 and 14.0.1). Pegasus is a spyware tool developed by NSO Group that has been marketed as a surveillance tool only "licensed to legitimate government agencies for the sole purpose of investigating crime and terror.". This is not the only report relating documenting NSO Group's Pegasus spyware spying on users worldwide - in 2019 WhatsApp was exploited by NSO Group and sold - ultimately they were sued by Facebook.
We at JC Cyber Security will continue to monitor the latest news regarding Cyber Security and any potential risks - if you feel like you need some advice regarding your security posture, don't hesitate to
get in touch.
15/07/2021
Microsoft delivers comprehensive solution to battle rise in consent phishing emails
According to Microsoft threat analysts, with COVID-19 and the increase in staff working remotely, there has been an increase in 'consent phishing emails' also known as 'illicit consent grants'. Consent phishing attacks exploit legitimate cloud service providers (such as Google, Microsoft, Facebook) that use OAuth 2.0 authorisation, a protocol that requests user consent from third-party apps, so that they can access and perform actions on the user's behalf.
Typically, you would see phishing campaigns impersonate a trusted entity by creating fake websites/services so users with a lack of training or awareness will enter their personal credentials, however, consent phishing attacks prompt users to log in to a legitimate sign-in page first, rather than a fake one by registering an app (made to resemble legitimate businesses) on a platform that uses OAuth.
Consent Phishing Methodology
- Attacker registers their malicious app with OAuth 2.0
- A phishing email is sent asking for consent to access and perform actions on a users behalf
- User clicks on OAuth URL
- The service provider generates an authentic consent prompt
- Authorisation code is sent to the attacker
- Attacker gains access to personal user data
- Attacker maintains persistence and can perform reconnaissance and gain further information/access over time.
Follow Us
Be the first to know
You might also like
