Cybersecurity Weekly: Instagram phishing scam, hackers pose as journalists, QakBot banking trojan

September 1, 2020 by Sam Fay

An Instagram Help Center phishing scam is stealing credentials. Hackers pose as journalists to trick victims into installing malware. QakBot banking trojan returned with new tricks to steal money. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Instagram Help Center phishing scam stealing credentials

Cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials. Researchers said the campaign has been targeting hundreds of celebrities, startup business owners and other entities with sizable followings on Instagram.
Read more »


2. Hackers pose as journalists to trick victims into installing malware

An Iranian cyberespionage group known for targeting government, defense technology, military and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn. This is the first time the threat actor carried out a watering hole attack through LinkedIn, which also includes making phone calls to victims.
Read more »


3. QakBot banking trojan returned with new tricks to steal money
A notorious banking trojan aimed at stealing bank account credentials and other financial information is back with new tricks up its sleeve to target government, military and manufacturing sectors in the US and Europe. The latest wave of Qbot activity reportedly dovetailed with the return of Emotet.
Read more »


4. Sendgrid under siege from hacked accounts

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers and abused for sending phishing and email malware attacks. Sendgrid’s parent company is working on a plan to require multi-factor authentication for all of its customers.
Read more »


5. Hacker arrested for offering $1 million to company employee for planting malware

The FBI arrested a Russian hacker who recently traveled to the United States and offered a $1 million bribe to an employee of a company for his help in installing malware into the company’s computer network. He also asked the employee to participate in developing tailored malware by sharing information about the company’s infrastructure.
Read more »


6. APT hackers exploit Autodesk 3ds Max software for industrial espionage

Cybersecurity researchers discovered another instance of an espionage attack targeting an international company that had all the hallmarks of a carefully orchestrated campaign. The cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max.
Read more »


7. Popular iOS SDK accused of spying on billions of users and committing ad fraud

A popular iOS software development kit is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. This code can collect URLs, device identifiers, IP Address, operating system versions and other user sensitive data from compromised apps to a remote logging server.
Read more »


8. CenturyLink routing issue led to outages on many internet services

A CenturyLink BGP routing mistake led to a ripple effect across the Internet that led to outages for numerous Internet-connected services such as Cloudflare, Amazon and many more. CenturyLink states that their Level3 CA3 data center is causing this outage and were able to fix the issue within a few hours.
Read more »


9. Slack pays $1,750 reward for a desktop hijack vulnerability

A researcher responsibly disclosed multiple vulnerabilities to Slack that allowed an attacker to hijack a user’s computer, and they were only rewarded $1,750. Using these vulnerabilities, an attacker could simply upload a file and share with another Slack user or channel to trigger the exploit on a victim’s Slack app.
Read more »


10. Emotet malware’s new Red Dawn attachment is even more dangerous

After a five-month hiatus, the Emotet malware returned in July 2020 and began to spew massive amounts of malicious spam worldwide. These spam campaigns pretend to be invoices, shipping information, COVID-19 information, resumes, financial documents or scanned documents.
Read more »

Posted: September 1, 2020
Sam Fay
View Profile