Cybersecurity Weekly: LokiBot spearphish, Marriott breach, Zoom vulnerability

April 6, 2020 by Sam Fay

A spearphishing campaign exploits COVID-19 to spread LokiBot infostealer. Marriott suffers a second breach, exposing data of 5.2 million hotel guests. A new Zoom hack lets attackers compromise Windows and its login password. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Spearphishing campaign exploits COVID-19 to spread LokiBot infostealer

Researchers discovered threat actors harnessing a new spearphishing campaign designed to spread the LokiBot trojan. Using the WHO trademark as a lure, this new attack claims to address misinformation about the pandemic, but actually sends an attachment that unleashes LokiBot if downloaded and executed.
Read more »


2. Marriott suffers second breach, exposing data of 5.2 million hotel guests

Last week, international hotel chain Marriott disclosed a data breach impacting 5.2 million hotel guests — the second security incident to hit the company in recent years. The company believes guest data was accessed between January and February 2020, but found no evidence of compromised passwords or payment information.
Read more »


3. New Zoom hack lets attackers compromise Windows and its login password

According to cybersecurity researchers, the Zoom video conferencing software for Windows is vulnerable to a UNC path injection vulnerability that could allow remote attackers to steal victims’ Windows login credentials. Once the malicious link is clicked, the attack allows the attacker-controlled SMB share to automatically capture authentication data.
Read more »


4. Some mobile phone apps may contain hidden behaviors that users never see

Cybersecurity researchers discovered a large number of cell phone applications that contain hardcoded secrets, allowing others to access private data or block content provided by users. Of the 150,000 apps they tested, about 8.5% contained backdoor secrets, such as unnecessarily invasive permissions, master passwords or a payment authorization bypass.
Read more »


5. iPhone and Macbook cameras hacked using Safari zero-day

Merely visiting a website using Safari browser could let remote attackers secretly access a device’s camera, microphone or location, and in some cases, saved passwords as well. Apple recently paid a $75,000 bounty to an ethical hacker who demonstrated the attack and helped the company patch seven new vulnerabilities.
Read more »


6. WordPress plugin bug can be exploited to create rogue admins

The Contact Form 7 datepicker plugin allows attackers to create rogue admins or take over admin sessions after exploiting an authenticated stored cross-site scripting vulnerability. The development team behind the plugin said the plugin will no longer be maintained and they were okay with its removal from the WordPress repository.
Read more »


7. Unidentified database exposes 200 million Americans

Cybersecurity researchers uncovered an unsecured database owned by an unidentified party, comprising 800 gigabytes of personal user information.The database in question was left on a publicly accessible server and contained more than 200 million detailed user records. On March 3, the entire database was wiped by the anonymous owner.
Read more »


8. Office 365 phishing uses CSS tricks to bypass email gateways

An Office 365 voicemail phishing campaign is tricking victims into visiting landing pages designed to steal their personal information or infect their computers with malware. The malicious emails use the old trick of reversing some of the text elements in the source code and rendering forward within the email displayed to the target.
Read more »


9. 14 million Key Ring users exposed in open database

A misconfigured Amazon Web Services S3 bucket exposed the data of 14 million users of the popular Key Ring app that includes some payment and medical card information. The open buckets were first spotted in January, but may have been open for a longer period of time. They were finally locked down or taken offline on February 20.
Read more »


10. Twitter tells users Firefox possibly exposed personal information

Twitter recently discovered that Firefox’s cache stored some private information associated with the use of its platform, including sent or received direct messages and the downloaded data archive. Twitter has made some changes on its end to ensure Firefox no longer stores potentially sensitive information belonging to its users.
Read more »

Posted: April 6, 2020
Sam Fay
View Profile