Cybersecurity Weekly: Job offer ID theft, Bluetooth vulnerability, SolarWinds hackers target think tanks

June 1, 2021 by Sam Fay

How to tell a job offer from an ID theft trap. A Bluetooth vulnerability enables hackers to mimic genuine devices. SolarWinds hackers target think tanks with a new NativeZone backdoor. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. How to tell a job offer from an ID theft trap

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, according to an FBI warning. Last year, more than 16,000 people reported being victims of employment scams with losses totaling more than $59 million.
Read more »


2. Bluetooth vulnerability enables hackers to mimic genuine devices

Hackers could exploit newly discovered flaws in Bluetooth Core and Mesh Profile Specifications to disguise themselves as legitimate devices and carry out man-in-the-middle attacks. These attacks work even when the victims use Bluetooth’s strongest security modes, including SSP and Secure Connections.
Read more »


3. SolarWinds hackers target think tanks with new NativeZone backdoor

The threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants and non-governmental organizations located across 24 countries. This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations.
Read more »


4. FBI to share compromised passwords with Have I Been Pwned

The FBI will soon begin to share compromised passwords with Have I Been Pwned’s Password Pwned service that were discovered during law enforcement investigations. By providing this feed, the FBI will allow administrators and users to check for passwords that are known to be used for malicious purposes.
Read more »


5. Cyber espionage hackers continue to target Pulse Secure VPN devices

Cybersecurity researchers unmasked additional tactics, techniques and procedures adopted by threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks.
Read more »


6. Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer

Cybersecurity researchers publicized the disruption of a clever malvertising network targeting AnyDesk. This network delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign involves a malicious file that masquerades as a setup executable for AnyDesk.
Read more »


7. Ransomware gangs’ slow decryptors prompt victims to seek alternatives

Recently, two highly publicized ransomware victims received a decryptor that was too slow to make it effective in quickly restoring the victim’s network. The first was Colonial Pipeline, which paid a $4.4 million ransom for a decryptor after being attacked by the DarkSide ransomware operation. However, the decryptor was so slow that the company resorted to restoring from backups.
Read more »


8. Bose admits ransomware attack exposed employee data

Bose confirmed that it experienced a data breach, having fallen victim to a ransomware attack in early March. Immediately upon discovering the attack on March 7, Bose initiated incident response protocols, activated its technical team to contain the incident, and hardened its defenses against unauthorized activity.
Read more »


9. Facefish backdoor spreading Linux rootkits

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed Facefish owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to its server.
Read more »


10. Researchers demonstrate two new hacks to modify certified PDF documents

Cybersecurity researchers disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document’s visible content by displaying malicious content over the certified content without invalidating its signature. The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents.
Read more »

Posted: June 1, 2021
Sam Fay
View Profile