Cybersecurity Weekly: PoC Kerberos exploit, Subway phishing scam, distance learning attacks

December 15, 2020 by Sam Fay

An expert published PoC exploit code for a Kerberos Bronze Bit attack. A massive Subway U.K. phishing attack is pushing TrickBot malware. The U.S. warns of increased cyberattacks against K-12 distance learning. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Expert published PoC exploit code for Kerberos Bronze Bit attack

The proof-of-concept exploit code for the Kerberos Bronze Bit attack was published online last week. It allows intruders to bypass authentication and access sensitive network services. Microsoft initially addressed the flaw for Bronze Bit attacks in the November 2020 patch, but some Windows 10 users started reporting Kerberos authentication issues.
Read more »


2. Massive Subway U.K. phishing attack is pushing TrickBot malware

A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware. This attack may indicate a data breach at Subway U.K. that allowed the threat actors to gain access to customer’s names and email addresses.
Read more »


3. U.S. warns of increased cyberattacks against K-12 distance learning

K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft and general disruption of normal activity. The trend will continue through the 2020-21 academic year. The alert comes from the FBI and the CISA based on reports from K-12 institutions incurring cyberattacks.
Read more »


4. Fingerprint-jacking attack technique manipulates Android UI

In a Black Hat Europe talk, researchers explained how they were hunting for bugs in a mobile wallet app when they found a tactic to enable fingerprint-jacking, which is a user interface-based attack that targets fingerprints in Android apps. The term stems from clickjacking, as this type of attack conceals a malicious application interface beneath a fake covering.
Read more »


5. Adrozek malware hijacking Chrome, Firefox, Edge, Yandex browsers

Microsoft revealed an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising. Adrozek employs an attacker infrastructure consisting of 159 unique domains, each of which hosts an average of 17,300 unique URLs, which in turn host more than 15,300 unique malware samples.
Read more »


6. Cisco reissues patches for critical bugs in Jabber video conferencing software

Cisco has once again fixed four previously disclosed critical bugs in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks. The vulnerabilities could allow an authenticated, remote attacker to execute arbitrary code on target systems.
Read more »


7. Valve’s Steam server bugs could’ve let hackers hijack online games

Critical flaws in a core networking library powering Valve’s online gaming functionality could have allowed malicious actors to remotely crash games and take control of affected third-party game servers. An attacker could remotely crash an opponent’s game client to force a win or crash the Valve game server to end the game completely.
Read more »

8. Mount Locker ransomware offering double extortion scheme to other hackers

A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software with the ability for its affiliates to launch double extortion attacks. The MountLocker ransomware has already gained notoriety for stealing files before encryption and extortion.
Read more »


9. Attack on Vermont Medical Center is costing the hospital $1.5 million per day

In October, ransomware operators hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The ransomware attack disrupted services at the UVM Medical Center and affiliated facilities. A month later, the University of Vermont Medical Center continues to recover from the cyberattack that affected the systems at the Burlington hospital.
Read more »


10. Researchers simulate privacy leaks in functional genomics studies

The functional genomics field generally relies on aggregating information from many samples for its statistical power. This means that broadly sharing raw data is vital; however, sharing these data currently is challenging because of the privacy concerns of individuals within those datasets, leading to the data being largely inaccessible behind firewalls.
Read more »

Posted: December 15, 2020
Sam Fay
View Profile