Cybersecurity Weekly: One-click hack, Discord Nitro ransomware, Codecov hacked

April 20, 2021 by Sam Fay

A one-click hack was found in popular desktop apps. Discord Nitro gift codes are now demanded as ransomware payments. The Codecov code coverage tool was hacked to steal dev credentials. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. One-click hack found in popular desktop apps

Researchers discovered multiple one-click vulnerabilities across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble.
Read more »


2. Discord Nitro gift codes now demanded as ransomware payments

In a novel approach to ransom demands, a new ransomware calling itself NitroRansomware encrypts files and then demands a Discord Nitro gift code to decrypt files. While most ransomware operations demand thousands of dollars or more in cryptocurrency, Nitro Ransomware deviates from the norm by demanding a $9.99 Nitro gift code instead.
Read more »


3. Codecov code coverage tool hacked to steal dev credentials

The Codecov online platform for hosted code testing reports and statistics announced that a threat actor modified its Bash Uploader script, exposing sensitive information in customers’ continuous integration environment. The company learned of the compromise on April 1st but the first signs of this software supply-chain attack occurred in late January.
Read more »


4. HackBoss malware poses as hacker tools on Telegram

The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications. Researchers have named the malware HackBoss and say that its operators likely stole more than $500,000 from novice hackers that fell for the trick.
Read more »


5. Severe bugs reported in EtherNet/IP stack for industrial systems

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service attacks, data leaks and remote code execution.
Read more »


6. Celsius email system breach leads to phishing attack

Cryptocurrency rewards platform Celsius Network disclosed a security breach exposing customer information that led to a phishing attack. After gaining access to the customer list, the threat actors impersonated Celsius Networks in phishing texts and emails that promoted a new Celsius Web Wallet.
Read more »


7. Hackers flood the web with pages offering malicious PDFs

Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a remote access trojan. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires and receipts as a stepping stone toward infiltrating the systems.
Read more »


8. Xcode project malware now targeting Apple’s M1-based Macs

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple’s new M1 chips. It expanded its features to steal confidential information from cryptocurrency apps. The modules can steal credentials, inject malicious JavaScript into websites, plunder user data from different apps and encrypt files for a ransom.
Read more »


9. WordPress may automatically disable Google FLoC on websites

WordPress is now treating Google’s new FLoC tracking technology as a security concern and may block it by default on WordPress sites. After Google began testing FLoC this month in Google Chrome, there has been a consensus among privacy advocates that Google’s FLoC implementation just replaces one privacy risk with another one.
Read more »


10. U.S. sanctions cryptocurrency addresses linked to Russian cyberactivities

The U.S. government sanctioned twenty-eight cryptocurrency addresses allegedly associated with entities or individuals linked to Russian cyberattacks or election interference. The government introduced these sanctions in an executive order by President Biden that formally announced that the Russian SVR was behind the recent SolarWinds supply chain attack.
Read more »

Posted: April 20, 2021
Sam Fay
View Profile