Cybersecurity Weekly: Coronavirus phishing scam, Android Bluetooth worm, Philips Hue flaw

February 10, 2020 by Sam Fay

Phishers impersonate the World Health Organization with a new coronavirus email scam. A critical Android Bluetooth flaw leaves the mobile OS exploitable without any user interaction. Philips Hue smart lights expose Wi-Fi networks to hackers. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Phishers impersonate WHO, exploit coronavirus-related anxiety

As cases of the virus infection keep popping up across the world, so do related malware, phishing schemes and other scams. Security researchers at Sophos identified a phishing email claiming to be from the World Health Organization. This email asks recipients to download safety measures and redirects them to a fake webpage that prompts for a username and password.
Read more »

2. Critical Android Bluetooth flaw exploitable without user interaction

Microsoft urged Android users to apply the latest security patches last week that address a critical vulnerability in the Bluetooth system. A hacker can leverage the security flaw without user interaction to run malicious code on the device with elevated privileges. Attackers can also spread the infection like a worm to other phones through the Bluetooth connection.
Read more »

3. Flaw in Philips smart light bulbs exposes your Wi-Fi network to hackers

Security researchers revealed a vulnerability affecting Philips Hue smart light bulbs that can be exploited wirelessly from over 100 meters away to gain entry into a Wi-Fi network. The underlying high-severity vulnerability resides in the way Philips implemented the wireless communication protocol in its smart light bulb.
Read more »

4. Phishing attack disables Google Play Protect, drops Anubis trojan

An Android phishing campaign is infecting devices with the Anubis banking trojan. It then steals financial information from more than 250 banking and shopping apps. In order to bypass security systems, the malware asks users to enable Google Play Protect while actually disabling it after being granted permissions on the device.
Read more »

5. Iowa prosecutors drop charges against men hired to test their security

In September 2019, the State of Iowa hired two security experts to perform a penetration test of its judicial system. They were then arrested for probing the security of an Iowa county courthouse and released on $100,000 bail. All charges were dropped by prosecutors last week.
Read more »

6. Wacom tablets collecting and storing user data

A security expert recently took a deep dive into the privacy policy of Wacom’s drawing tablets. After some research, he found logs being sent back to Wacom of every application he opened, along with a detailed timestamp. Furthermore, he uncovered that if you opt-out of this data collection, the next software update will turn it back on.
Read more »

7. Google Chrome to block mixed content downloads, preventing MitM attacks

Google is moving forward with its plan to block mixed content downloads from websites to protect users from man-in-the-middle attacks. Much like how they phased in HTTPS acceptance, Google will gradually roll out this feature in Chrome by first displaying console warnings before eventually blocking all mixed content downloads.
Read more »

8. Yahoo’s $117 million data breach settlement finalized

Following a series of Yahoo data breaches between 2012 and 2016, a proposed compensation package of $117 million is now nearly finalized. Although approximately three billion users across the world were affected by the breaches, compensation up to $358 per impacted user will only be available to 194 million U.S. and Israeli users.
Read more »

9. Ransomware exploits GIGABYTE driver to kill AV processes

The attackers behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious driver into Windows. The driver is used to terminate antivirus and security software with elevated privileges. Windows would normally prevent the installation of unsigned third-party drivers, but this attack piggybacks off of the legitimate GIGABYTE driver.
Read more »

10. Exfiltrating data from air-gapped computers using screen brightness

Hackers can exfiltrate sensitive data from your computer by simply changing the brightness of the screen, according to a new cybersecurity research study. These brightness changes are invisible to the human eye, but high-frame rate cameras are able to pick up the signal and decode it, much like Morse code.
Read more »

Posted: February 10, 2020
Sam Fay
View Profile