Cyber Bites

A banking malware called ZLoader, last seen in early 2018, has been spotted in more than 100 email campaigns since the beginning of the year. The trojan is under active development with 25 versions seen in the wild since its comeback in December 2019, the latest one observed this month. The malicious email campaigns target users in the U.S., Canada, Germany, Poland, and Australia with lures related to the COVID-19 topics (tips to avoid scams,...

Meal kit delivery service Home Chef announced a data breach Wednesday, two weeks after reports that its customer information was for sale on the dark web. Home Chef, which was acquired by Kroger Co. in 2018, said it was notifying customers of the breach but didn’t say how many customers were affected. In a statement, Home Chef said that customer email addresses, names and phone numbers, in addition to the last four digits of credit...

A security researcher has published details of how a series of web security flaws in QNAP network attached storage (NAS) devices leave many systems open to pwnage. Multiple vulnerabilities in QNAP Photo Station and CGI programs can be chained together to achieve a pre-authentication remote code execution attack, Henry Huang from CyCarrier CSIRT discovered. Huang discovered and reported four vulnerabilities to QNAP NAS devices last June (CVE-2019–7192, CVE-2019–7193, CVE-2019–7194, and CVE-2019–7195). The clutch of bugs...

 A hacker has put up for sale today the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll. The data is being advertised across multiple hacking forums and being sold for 0.85 bitcoin (~$8000), according to ads seen by ZDNet. According to the seller's claims and a sample of the data published online, the Wishbone data includes user information such as...

Toll Group has provided an update on the ransomware attack it suffered following a January infection. The Australian transport giant said, after revealing the extent of data theft it suffered earlier this month, that the stolen information has found its way onto the "dark web". "Following our announcement last week that a ransomware attacker had stolen data contained on at least one Toll corporate server, our ongoing investigation has established that the attacker has now...

The business email compromise (BEC) gang Scattered Canary has filed more than 200 fraudulent claims for unemployment benefits and for COVID-19 relief funds. An infamous business email compromise (BEC) gang has submitted hundreds of fraudulent claims with state-level U.S. unemployment websites and coronavirus relief funds. Researchers who tracked the fraudulent activity said cybercriminals may have made millions so far from the fraudulent activity. Behind the attacks is Scattered Canary, a highly-organized Nigerian cybergang that employs...

 A new Trojan has been caught targeting Thai users of Whatsapp, Facebook Messenger, and Line messaging apps on the Android mobile platform. On Tuesday, Cisco Talos researchers said the malware, dubbed WolfRAT, is a new variant of DenDroid, a mobile Remote Access Trojan (RAT) that had its source code leaked in 2015. At the time, DenDroid was considered a sophisticated malware package that was on offer in underground forums with a price tag of $300....

 A critical remote code execution flaw in Adobe Character Animator was fixed in an out-of-band Tuesday patch. Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos. The flaw can be exploited by a remote attacker to execute code on affected systems. The flaw (CVE-2020-9586) is found in versions 3.2 and earlier and exists within the parsing of the BoundingBox element in PostScript....

BlockFi disclosed a data breach that potentially leaked the physical addresses and account activity of its customers, highlighting the risks of KYC finance platforms. Crypto lending provider BlockFi reported on Tuesday that it suffered a data breach that may put some of its clients in physical danger. According to its incident report, some of the company’s client data was breached through a SIM card swap attack performed on one of its employees. The attackers successfully...

A host of unpatched security bugs that allow BIAS attacks affects Bluetooth chips from Apple, Intel, Qualcomm, Samsung and others. Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to capture sensitive data from the other device. The bugs allow Bluetooth Impersonation...