Cybersecurity Weekly: Apple Mail flaw, hackers make millions, Trickbot exploits COVID-19

April 27, 2020 by Sam Fay

Apple devices found to be vulnerable to a zero-day flaw in the default mail app. Hackers trick British private equity firms into sending $1.3 million. Microsoft warns of prolific Trickbot malware exploiting COVID-19 crisis. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Apple devices found to be vulnerable to zero-day flaw in mail app

Security researchers found two critical flaws on the pre-installed mail app on millions of iPhones and iPads. Attackers have been exploiting these flaws in the wild for at least the last two years to spy on high-profile victims. The flaws let remote hackers secretly take complete control over Apple devices just by sending an email to the victim.
Read more »


2. Hackers trick British private equity firms into sending $1.3 million

Cybersecurity researchers say nearly $700,000 of the total wire transferred amount was permanently lost to the attackers, with the rest of the amount being recovered after the targeted firms were alerted in time. The cybercrime gang behind this attack is highly-skilled and has been active for several years, according to law enforcement.
Read more »


3. Microsoft warns of prolific Trickbot malware exploiting COVID-19

In a recent statement, Microsoft Security Intelligence warned that hackers are posing as the USA Volunteer Organization and the USA Humanitarian Group to send hundreds of emails offering free COVID-19 medical advice and testing. Each email aims to install the Trickbot malware using unique macro-laced document attachments.
Read more »


4. SeaChange video platform allegedly hit by Sodinokibi ransomware

A leading supplier of video delivery software solutions is the latest victim of the Sodinokibi ransomware, who posted images of data they claim to have stolen from the company during a cyberattack. The Sodinokinobi operators refused to divulge the amount of data that was stolen and how much they demanded in ransom.
Read more »


5. Malicious USB drives infect 35,000 computers with crypto-mining botnet

Cybersecurity researchers took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were using to mine Monero cryptocurrency. The botnet, named VictoryGate, has been active since May 2019, with infections mainly reported in Latin America.
Read more »


6. NSA warns of hackers exploiting vulnerable web servers to deploy backdoors

The security advisory published by the National Security Agency contains a wide range of information for security teams who want to detect hidden web shells, manage the response and recovery processes after detecting web shells, and block malicious actors from deploying such tools on unpatched servers.
Read more »


7. Researcher discloses four zero-day bugs in IBM’s enterprise security software

A cybersecurity researcher publicly disclosed technical details and proof of concept for four unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. When chained together, these four bugs can lead to a hacker gaining root access on remote servers.
Read more »


8. Paay misconfiguration leaves transaction data exposed

New York-based card payment processor Paay failed to enable a password on a server storing personal information related to some 2.5 million consumer transactions. The server was open to the internet for approximately three weeks before being pulled offline once Paay was notified of the open server. Records included full plaintext credit card information.
Read more »


9. Kinomap data breach exposes 42 million records

Approximately 40GB worth of information belonging to users of Kinomap, a service that creates workout videos, was discovered by security researchers in March. This data amounted to 42 million records and affected the platform’s entire user base, including people from a number of countries across the UK, Europe and the U.S.
Read more »


10. Zoom rolls out security updates following Zoombombing and security flaws

Zoom announced a series of updates that include support for AES 256-bit encryption as well as features intended to make controlling security aspects of Zoom meetings more intuitive. The Zoom 5.0 update, which is rolling out this week, also introduces the ability to report a user to Zoom and enables the waiting room feature and meeting passwords by default.
Read more »

Posted: April 27, 2020
Sam Fay
View Profile