Cybersecurity Weekly: DNS vulnerabilities, W-2 phishing scam, Google URL malware

April 14, 2021 by Sam Fay

DNS vulnerabilities affect over 100 million devices. A W-2 phishing scam is targeting the 2021 tax season. Microsoft warns of malware delivery via Google URLs. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. DNS vulnerabilities affect over 100 million devices

Last week, security researchers disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. The flaws could be leveraged to take affected devices offline or to gain control over them.
Read more »


2. W-2 phishing scam targeting the 2021 tax season

With the United States’ tax season in high gear, threat actors have sprung into action with a recent tax document phishing scam that abuses TypeForm forms to steal login credentials. The scam starts with users receiving an email pretending to be from OneDrive where a file named 2020_TaxReturn&W2.pdf is shared with the user.
Read more »

3. Microsoft warns of malware delivery via Google URLs

Microsoft warned organizations of a new attack campaign that uses legitimate website contact forms to deliver malicious links to businesses via emails containing fake legal threats. Analysts believe the influx of emails stemming from contact forms indicates the attackers may have automated the process by bypassing CAPTCHA protections.
Read more »

4. BRATA malware poses as Android security scanners

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. The apps in question were designed to target users in Brazil, Spain and the U.S., with most of them accruing anywhere between 1,000 and 5,000 installs.
Read more »


5. RCE exploit released for unpatched Chrome and Opera browsers

A security researcher has published a proof-of-concept exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera and Brave. The working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers.
Read more »


6. Upstox suffers data breach leaking 2.5 million users’ data

Online trading and discount brokerage platform Upstox became the latest company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth and bank account information.
Read more »


7. Adobe fixes critical vulnerabilities in Photoshop and Digital Editions

The company addressed ten security vulnerabilities affecting four products, with seven of them rated as critical as they allow arbitrary code execution or arbitrary file writes. Adobe advises customers using vulnerable products to update to the latest versions as soon as possible to fix bugs that could lead to successful exploitation of unpatched installations.
Read more »


8. ParkMobile breach exposes license plate data, mobile numbers of 21 million users

Someone is selling account information for 21 million customers of ParkMobile, a popular mobile parking app in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.
Read more »


9. Expired certificate caused a Pulse Secure VPN global scale outage

Pulse Secure VPN users were not able to login after a code signing certificate expired. The outage stems from a bug related to the improper verification of the signature for Pulse Secure components. The check of the signature was performed on the certificate’s expiration date rather than the timestamp on a digitally signed file.
Read more »


10. New Linux, macOS malware hidden in fake Browserify NPM package

A new malicious package has been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems. The malicious package is called web-browserify, and imitates the popular Browserify NPM component downloaded over 160 million times.
Read more »

Posted: April 14, 2021
Sam Fay
View Profile