Cybersecurity Weekly: Phishing attacks spike, SHAREit patch, NSA exploit

February 25, 2021 by Sam Fay

Malformed URL prefix phishing attacks spike 6,000%. SHAREit fixes security bugs in their app with one billion downloads. Hackers used an NSA exploit years before the Shadow Brokers leak. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Malformed URL prefix phishing attacks spike 6,000%

Cybersecurity researchers have observed a nearly 6,000% jump in attacks using malformed URL prefixes to evade protections and deliver phishing emails that look legit. Typosquatting is a common phishing email tactic where everyday business names are misspelled, like — to trick unobservant users into clicking.
Read more »


2. SHAREit fixes security bugs in app with 1 billion downloads

Singapore-based Smart Media4U Technology fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users’ devices. The security flaws also expose users of unpatched SHAREit versions to man-in-the-disk attacks, allowing attackers to manipulate application resources stored on external storage via code injection.
Read more »

3. Hackers used NSA exploit years before Shadow Brokers leak

Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. The vulnerability was used for escalating Windows user privileges after gaining access to targeted devices through the use of a local privilege escalation bug affecting devices on Windows XP up to Windows 8.
Read more »

4. Global Accellion data breaches linked to Clop ransomware gang

Threat actors associated with financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion’s legacy File Transfer Appliance and steal sensitive files. The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group.
Read more »


5. NurseryCam daycare cam service shut down after security breach

Late last week, nursery camera company NurseryCam announced a compromise of their network. In response to the incident, the company shut down its IoT camera service on Saturday and reported the security breach to the parents. NurseryCam has also reported a possible data breach to the UK’s data watchdog.
Read more »


6. Shadow attacks let attackers replace content in digitally signed PDFs

Researchers demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. The technique uses the enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant.
Read more »


7. VMware addresses a critical RCE issue in vCenter Server

VMware has addressed a critical remote code execution vulnerability in the vCenter Server virtual infrastructure management platform that could be exploited by attackers to potentially take control of affected systems. The issue affects vCenter Server plugin for vROPs which is available in all default installations.
Read more »


8. New Silver Sparrow malware infected nearly 30,000 Apple Macs

Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers disclosed another piece of malicious software that was found in about 30,000 Macs running Intel x86_64 and the iPhone maker’s M1 processors. Upon execution, the x86_64 binary simply displays the message “Hello, World!” whereas the M1 binary reads “You did it!”
Read more »


9. Texas electric company warns of scammers threatening to cut power

Last week, Austin Energy warned of unknown individuals impersonating the company and threatening customers over the phone that their power will be cut off unless they pay fictitious overdue bills. During these ongoing scam attempts, the scammers warn the customers that their utilities will be disconnected if they don’t make immediate payments.
Read more »


10. TDoS attacks take aim at emergency first-responder services

The FBI warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services. The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service.
Read more »

Posted: February 25, 2021
Sam Fay
View Profile