Cybersecurity Weekly: Apple patches, job offer phishing, Cisco zero-day

November 10, 2020 by Sam Fay

Apple patched three actively exploited iOS zero-days. Hackers used Torisma spyware in job offer phishing attacks. A Cisco zero-day in AnyConnect Secure Mobility Client remains unpatched. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Apple patched three actively exploited iOS zero-days

Apple patched three iOS zero-day vulnerabilities actively exploited in the wild and affecting iPhone, iPad and iPod devices. The list of affected devices includes iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later and iPad mini 4 and later. The zero-days were addressed by Apple last week with the release of iOS 14.2.
Read more »


2. Hackers used Torisma spyware in job offer phishing attacks

A cyberespionage campaign aimed at aerospace and defense sectors may have been more sophisticated than previously thought. This campaign aimed to install data gathering implants on victims’ machines for purposes of surveillance and data exfiltration.
Read more »


3. Cisco zero-day in AnyConnect Secure Mobility Client remains unpatched

Cisco disclosed a zero-day vulnerability in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said proof-of-concept exploit code has been released, opening up risks of cybercriminals potentially leveraging the flaw.
Read more »

4. Campari hit by Ragnar Locker Ransomware, $15 million ransom

Italian liquor company Campari Group was hit by a Ragnar Locker ransomware attack, where 2 TB of unencrypted files were allegedly stolen. To recover their files, Ragnar Locker is demanding $15 million. The group’s IT department, with the support of IT security experts, immediately took action to limit the spread of malware in data and systems.
Read more »


5. Reverse shell botnet Gitpaste-12 spreads via GitHub and Pastebin

A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code. The advanced malware comes equipped with reverse shell and crypto-mining capabilities and exploits over 12 known vulnerabilities. Gitpaste-12 was first detected on GitHub around October 15.
Read more »


6. Brazil’s court system under massive RansomExx ransomware attack

Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over a video conference. The websites of multiple other Brazilian agencies are also currently offline. However, it is not yet known if they were attacked by the same threat actors or if they are hosted on the same site as the courts.
Read more »


7. Premium-rate phone fraudsters hack VoIP servers of 1200 companies

​Last week, cybersecurity researchers took the wraps off of an ongoing cyber fraud operation led by hackers in Gaza, West Bank and Egypt to compromise VoIP servers of more than 1,200 organizations across 60 countries. The threat actors targeted Sangoma PBX, an open-sourced user interface that’s used to manage and control Asterisk VoIP phone systems.
Read more »


8. New KilllSomeOne APT group leverages DLL sideloading

A new Chinese APT group, tracked as KilllSomeOne, appeared in the threat landscape targeting corporate organizations in Myanmar with DLL side-loading attacks. The technique was already employed by other Chinese APT groups since 2013, later it was also adopted by other cybercrime gangs in attacks in the wild.
Read more »


9. HMRC smishing tax scam targets UK banking customers

An advanced HM Revenue and Customs tax rebate scam is targeting UK residents this week via text message. The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters.
Read more »


10. Capcom hit by Ragnar Locker ransomware

Video game giant Capcom has reportedly been hit by a ransomware attack that affected access to certain systems — including email and file servers — and encrypted 1 terabyte of sensitive data. There is no indication that any customer information was breached.
Read more »

Posted: November 10, 2020
Sam Fay
View Profile