Cybersecurity Weekly: RDP vulnerability, RATicate malware, Android 2FA bypass
An improper Microsoft patch leaves third-party RDP clients vulnerable to reverse RDP. RATicate drops info-stealing malware and RATs on industrial targets. A new Android banking trojan is able to bypass two-factor authentication. All this, and more, in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Improper Microsoft patch leaves third-party RDP clients vulnerable
Though Microsoft patched the infamous reverse RDP vulnerability in July 2019, researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes. Microsoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update.
Read more »
2. RATicate drops info-stealing malware and RATs on industrial targets
Security researchers identified a hacking group that abused NSIS installers to deploy remote access tools and information-stealing malware in attacks targeting industrial companies. To infect the targets' systems, the attackers used two infection chains, both of them involving the delivery of payloads via phishing emails.
Read more »
3. New Android banking trojan is able to bypass two-factor authentication
A new mobile-based trojan is able to compromise Android’s accessibility features in order to steal user data from banking applications and read user’s SMS messages, allowing the malware to bypass two-factor authentication. Named Eventbot, the trojan was discovered by a group of cybersecurity experts who found it targeting over 200 financial banking applications.
Read more »
4. Researcher spots new malware tailored for air-gapped networks
A security researcher published an analysis of a new piece of malware, a sample of which was spotted on the Virustotal malware scanning engine. They believe the hacker behind it is likely interested in some high-value computers protected behind air‑gapped networks. Dubbed Ramsay, the malware is still under development with two more variants spotted in the wild.
Read more »
5. Ransomware recruits affiliates with huge payouts, automated leaks
The Netwalker ransomware operation is recruiting potential affiliates with the possibility of million-dollar payouts and an auto-publishing data leak blog to help drive successful ransom payments. Started as Mailto, the ransomware operators rebranded as Netwalker in March 2020 when they began to recruit potential affiliates to distribute their ransomware.
Read more »
6. Expert found 1,236 websites infected with MageCart e-skimmer
A security researcher is warning of a new wave of MageCart attackers, he has found over 1,000 domains infected with e-skimmers. Millions of MageCart instances were detected over time, security experts discovered tens of software skimming scripts. The list of victims includes several major platforms, such as British Airways, Newegg and Ticketmaster.
Read more »
7. Innovative spy trojan aimed at European diplomatic targets
A fresh malware trojan has emerged, built from the same code base as the stealthy COMPFun remote access trojan. The malware is using spoofed Visa applications to hit diplomatic targets in Europe and may be the work of the Turla APT. According to researchers, the fake Visa application harbors code that acts as a first-stage dropper.
8. Ransomware hit ATM giant Diebold Nixdorf
Diebold Nixdorf, a major provider of ATMs and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network.
Read more »
9. Microsoft open-sources COVID-19 threat intelligence
Last week, Microsoft announced that it made some of its COVID-19 threat intelligence available to the public. By publishing these indicators, which included file hashes and known malicious email attachments, Microsoft aims to raise awareness of the shift in attackers’ techniques and help detect them.
Read more »
See Infosec IQ in action
10. 22 million emails found in mystery open database
An open Elasticsearch database containing millions of records became a mystery as cybersecurity researchers cannot figure out the database’s origins. Troy Hunt of Have I Been Pwned was informed in February about an open database containing 90GB of data containing 22.8 million emails.
Read more »
In this Series
- Cybersecurity Weekly: RDP vulnerability, RATicate malware, Android 2FA bypass
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
