Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts

The Hacker News

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack.

In an update shared on Wednesday, Google’s Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and LinkedIn in an attempt to trick unsuspecting researchers into visiting the company’s booby-trapped website where a browser exploit was waiting to be triggered.

Full article

Watch Out! That Android System Update May Contain A Powerful Spyware

The Hacker News

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls.

While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app masquerades itself as a System Update application to take control of compromised devices.

The spyware creates a notification if the device’s screen is off when it receives a command using the Firebase messaging service, Zimperium researchers said in a Friday analysis. The ‘Searching for update..’ is not a legitimate notification from the operating system, but the spyware.

Full article

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack

The Hacker News

Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has released yet another security update for iPhone, iPad, Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild.

Tracked as CVE-2021-1879, the vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks.

“This issue was addressed by improved management of object lifetimes,” the iPhone maker noted.

Apple has credited Clement Lecigne and Billy Leonard of Google’s Threat Analysis Group for discovering and reporting the issue. While details of the flaw have not been disclosed, the company said it’s aware of reports that CVE-2021-1879 may have been actively exploited.

Full article

Yandex Employee Caught Selling Access to Users’ Email Inboxes

The Hacker News

Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users.

The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users’ mailboxes for personal gain.

The employee was one of three system administrators with the necessary access rights to provide technical support for the service, Yandex said in a statement.

The company said the security breach was identified during a routine audit of its systems by its security team. It also said there was no evidence that user payment details were compromised during the incident and that it had notified affected mailbox owners to change their passwords.

Full article

Eight Brits arrested after probe into SIM-swapping scam targeting US celebs

The Hacker News

Brit cops have cuffed eight men in England and Scotland amid a probe into SIM-swapping attacks on high-profile US targets – including sports stars, musicians, and “influencers” – that had money and personal data stolen.

The suspects, aged between 18 and 26, were nabbed in an operation co-ordinated by Police Scotland, the Metropolitan Police, East Midlands and North East Special Operations Units, and the West Midlands Organised Crime Unit.

Full article

Apple Patches 10-Year-Old macOS SUDO Root Privilege Escalation Bug

The Hacker News

Apple has rolled out a fix for a critical sudo vulnerability in macOS Big Sur, Catalina, and Mojave that could allow unauthenticated local users to gain root-level privileges on the system.

A local attacker may be able to elevate their privileges, Apple said in a security advisory. This issue was addressed by updating to sudo version 1.9.5p2.

Sudo is a common utility built into most Unix and Linux operating systems that lets a user without security privileges access and run a program with the credentials of another user.

Full article

Detailed: Here’s How Iran Spies on Dissidents with the Help of Hackers

The Hacker News

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish natives.

Tracing the extensive espionage operations to two advanced Iranian cyber-groups Domestic Kitten (or APT-C-50) and Infy, cybersecurity firm Check Point revealed new and recent evidence of their ongoing activities that involve the use of a revamped malware toolset as well as tricking unwitting users into downloading malicious software under the guise of popular apps.

Both groups have conducted long-running cyberattacks and intrusive surveillance campaigns which target both individuals’ mobile devices and personal computers, Check Point researchers said in a new analysis. The operators of these campaigns are clearly active, responsive and constantly seeking new attack vectors and techniques to ensure the longevity of their operations.

Full article

Hackers Using Fake Trump’s Scandal Video to Spread QNode Malware

The Hacker News

Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump.

The emails, which carry with the subject line “GOOD LOAN OFFER!!,” come attached with a Java archive (JAR) file called “TRUMP_SEX_SCANDAL_VIDEO.jar,” which, when downloaded, installs Qua or Quaverse RAT (QRAT) onto the infiltrated system.

We suspect that the bad guys are attempting to ride the frenzy brought about by the recently concluded Presidential elections since the filename they used on the attachment is totally unrelated to the email’s theme, Trustwave’s Senior Security Researcher Diana Lopera said in a write-up published today.

Full article