Cybersecurity Weekly: Hackers for hire, DNS cache poisoning, The North Face attacked

November 17, 2020 by Sam Fay

APT hackers for hire target financial and entertainment firms. DNS cache poisoning attacks return due to Linux weakness. The North Face website suffered a credential stuffing attack. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. APT hackers for hire target financial, entertainment firms

A hackers-for-hire operation is using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed CostaRicto, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities.
Read more »


2. DNS cache poisoning attacks return due to Linux weakness

Researchers from Tsinghua University and the University of California identified a new method that can be used to conduct DNS cache poisoning attacks.The new discovery revives a 2008 bug that had once been thought to have resolved for good.
Read more »


3. The North Face website suffered a credential stuffing attack

Outdoor retail giant The North Face forced a password reset for a number of its customers following a successful credential stuffing attack that took place on October 8th and 9th. The threat actors were able to gain access to the accounts of several customers and related personal information. Attackers targeted accounts registered to website.
Read more »


4. Trojanized security software hits South Korea users in supply chain attack

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools on target systems. The hackers leveraged the mandatory requirement that internet users in the country must install additional security software.
Read more »


5. Hacker shares 3.2 million Pluto TV accounts for free on forum

Over the past week, threat actors have been releasing user databases for various commercial websites that were stolen during data breaches on a hacker forum. All of these breaches are credited to ShinyHunters, who has been responsible for numerous data breaches and the hack of Microsoft’s private GitHub repository in the past.
Read more »


6. New ModPipe point of sale malware targeting restaurants, hotels

Cybersecurity researchers last week disclosed a new kind of modular backdoor that targets point-of-sale restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices. Exfiltrated credentials allow ModPipe’s operators access to database contents.
Read more »


7. Retail giant Cencosud hit by ransomware attack, stores impacted

This weekend, Cencosud was hit with a ransomware attack by the Egregor ransomware operation that encrypted devices throughout their retail outlets and impacted the company’s operations. According to Argentinian publisher Clarín, retail stores are still open, but some services are impacted.
Read more »


8. New Jupyter information stealer appeared in the threat landscape

Newly-discovered threat actors have been using a piece of malware, dubbed Jupyter malware, to steal information from their victims. The Jupyter malware is able to collect data from multiple applications, including major browsers and is also able to establish a backdoor on the infected system.
Read more »


9. 7,500 educational organizations hacked, access being sold on hacker forums

Network access to 7,500 organizations is being sold by a threat actor on multiple hacker forums. According to the listings posted on October 3 and October 26, these mainly include educational organizations. However, the package also includes access to corporate networks from other verticals, such as entertainment and the bar industry.
Read more »


10. Windows 10, iOS, Chrome, Firefox and others hacked at Tianfu Cup competition

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla and Samsung were successfully hacked with previously unseen exploits in Tianfu Cup 2020. Similar to Pwn2Own, this is the third edition of the international cybersecurity contest held in the city of Chengdu, China.
Read more »

Posted: November 17, 2020
Sam Fay
View Profile