Hackers Using Fake Trump’s Scandal Video to Spread QNode Malware

The Hacker News

Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump.

The emails, which carry with the subject line “GOOD LOAN OFFER!!,” come attached with a Java archive (JAR) file called “TRUMP_SEX_SCANDAL_VIDEO.jar,” which, when downloaded, installs Qua or Quaverse RAT (QRAT) onto the infiltrated system.

We suspect that the bad guys are attempting to ride the frenzy brought about by the recently concluded Presidential elections since the filename they used on the attachment is totally unrelated to the email’s theme, Trustwave’s Senior Security Researcher Diana Lopera said in a write-up published today.

Full article

WhatsApp Will Delete Your Account If You Don’t Agree Sharing Data With Facebook

The Hacker News

“Respect for your privacy is coded into our DNA,” opens WhatsApp’s privacy policy. “Since we started WhatsApp, we’ve aspired to build our Services with a set of strong privacy principles in mind.”

But come February 8, 2021, this opening statement will no longer find a place in the policy.

The Facebook-owned messaging service is alerting users in India of an update to its terms of service and privacy policy that’s expected to go into effect next month.

The “key updates” concern how it processes user data, “how businesses can use Facebook hosted services to store and manage their WhatsApp chats,” and “how we partner with Facebook to offer integrations across the Facebook Company Products.”

Users failing to agree to the revised terms by the cut-off date will have their accounts deleted, the company said in the notification.

Full article

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

The Hacker News

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices.

The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified Security Gateway (USG), USG FLEX, ATP, and VPN firewall products.

Full article

Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

The Hacker News

New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company’s email.

The hacking endeavor was reported to the company by Microsoft’s Threat Intelligence Center on December 15, which identified a third-party reseller’s Microsoft Azure account to be making “abnormal calls” to Microsoft cloud APIs during a 17-hour period several months ago.

The undisclosed affected reseller’s Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike.

Although there was an attempt by unidentified threat actors to read email, it was ultimately foiled as the firm does not use Microsoft’s Office 365 email service, CrowdStrike said.

Full article

Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered

The Hacker News

Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild.

Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges.

The zero-days were discovered and reported to Apple by Google’s Project Zero security team.

Full article

55 New Security Flaws Reported in Apple Software and Services

The Hacker News

A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity.

The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to “fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.”

The flaws meant a bad actor could easily hijack a user’s iCloud account and steal all the photos, calendar information, videos, and documents, in addition to forwarding the same exploit to all of their contacts.

The findings were reported by Sam Curry along with Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes over a three month period between July and September.

Full article

EU sanctions hackers from China, Russia, North Korea who’re wanted by the FBI

The Hacker News

The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states.

The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud Hopper,’ as well as an attempted cyber-attack against the organization for the prohibition of chemical weapons.

Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals. The companies involved in carrying out cyberattacks include an export firm based in North Korea, and technology companies from China and Russia.

The sanctions imposed include a ban on persons traveling to any EU countries and a freeze of assets on persons and entities.

Full article

Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network

The Hacker News

In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders.

Dubbed EncroChat, the top-secret encrypted communication app comes pre-installed on a customized Android-based handset with GPS, camera, and microphone functionality removed for anonymity and security.

EncroChat phones aim to securely exchange data and messages with pre-loaded apps for secure instant messaging, VOIP calling, self destruct messages, and includes a ‘kill code’ functionality to let users remotely wipe complete data in times of trouble.

The handset and its services, which cost around £1,500 for a six-month subscription, had 60,000 users worldwide and approximately 10,000 users in the United Kingdom.

EncroChat phones were presented to customers as guaranteeing perfect anonymity (no device or SIM card association on the customer’s account, acquisition under conditions guaranteeing the absence of traceability) and perfect discretion both of the encrypted interface (dual operating system, the encrypted interface being hidden so as not to be detectable) and the terminal itself (removal of the camera, microphone, GPS and USB port).

Europol

Full article

In addition the above you can read a blog post at europol.europa.eu.

Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards

The Hacker News

Researchers reported on Monday that hackers are now exploiting Google’s Analytics service to stealthily pilfer credit card information from infected e-commerce sites.

According to several independent reports from PerimeterX, Kaspersky and Sansec, threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for their own account, letting them exfiltrate payment information entered by users even in conditions where content security policies are enforced for maximum web security.

Attackers injected malicious code into sites, which collected all the data entered by users and then sent it via Analytics, Kaspersky said in a report published yesterday. As a result, the attackers could access the stolen data in their Google Analytics account.

The cybersecurity firm said it found about two dozen infected websites across Europe and North and South America that specialized in selling digital equipment, cosmetics, food products, and spare parts.

Full article

Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room

The Hacker News

You might not believe it, but it’s possible to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in there—visible from a window—and measuring the amount of light it emits.

A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover full sound from a victim’s room that contains an overhead hanging bulb.

The findings were published in a new paper by a team of academics—Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici and Boris Zadov—from the Israeli’s Ben-Gurion University of the Negev and the Weizmann Institute of Science, which will also be presented at the Black Hat USA 2020 conference later this August.

Full article