Cyber Bites

The Dacls RAT has been ported from an existing Linux version. The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. The new version for Mac is now spreading via a trojanized two-factor authentication (2FA) application for macOS called MinaOTP, mostly...

A major ransomware attack has disrupted operations at Germany-based Fresenius Group, Europe's largest private hospital operator whose dialysis products and services are in huge demand in the middle of the COVID-19 pandemic. The ransomware attack was first reported to security researcher Brian Krebs of KrebsOnSecurity by an employee of Fresenius Kabi, a division of the Fresenius Group that supplies pharmaceutical drugs and medical devices. The employee told Krebs that "a cyber attack had affected every...

Mozilla has released Firefox 76 today, May 5th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with bug fixes, new features, and security fixes. Included with today's release are data breach notifications in the integrated Firefox Lockwise password manager, Picture-in-Picture, and new Audio Worklets for better audio processing. Windows, Mac, and Linux desktop users can upgrade to Firefox 76 by going to Options -> Help -> About Firefox and the browser will...

The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week. Google has patched a vulnerability in its Android OS that could allow attackers to completely take over someone’s device to install programs, steal or change data, or create new accounts with full privileges. The flaw (CVE-2020-0103) was one of 39 vulnerabilities affecting Android OS builds that use older security profiles and are...

Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop. CPC Corp., an important national asset responsible for delivering oil products and importing liquefied natural gas (LNG), said Tuesday that, after hackers attacked its IT network, the company had restored some of it computers and servers. Although the attack didn’t affect the company’s energy production, it did disrupt some customers’ efforts...

Australia's incumbent telco Telstra announced on Wednesday it has stepped up its DNS filtering capabilities in an effort to fight malware passing through its network. Dubbed Cleaner Pipes, the initiative focuses on blocking command and control communications of botnets, the downloading of remote access trojans, as well as other forms of malware. The telco said it is already blocking "millions of malware communications" when the traffic hits its infrastructure. "This action reduces the impact of...

An existing version of the Android device screen-locking malware SLocker has apparently been copied and repackaged in the form of a mobile coronavirus app, in hopes of drawing in victims and encouraging downloads from third-party marketplace sites. Researchers at Bitdefender found the malicious app, which has been targeting users in Ukraine, Russia, Kazakhstan, Turkmenistan and parts of India and North Africa. The Uzbek-language app, called “Koronavirus haqida” or “About Coronavirus,” confounds its victims by locking...

French flooring company Tarkett has revealed that its operations have been disrupted by a cyber-attack that struck last week. In a press release published today (May 4), Tarkett said the attack “has affected part of its operations since April 29th” despite the company taking prompt remedial action. “In response, Tarkett immediately shut down its information technology systems and put in place the necessary preventive measures to protect its operations as well as the data of...

Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play. This story was updated on 5/4 to include comments from Zoom. A newly discovered attack campaign is abusing Zoom installers to spread the RevCode WebMonitor RAT and exploit reliance on messaging apps to communicate and work remotely. Trend Micro researchers who detected the attack say it resembles an early April campaign...

The home affairs and employment departments are investigating a data breach revealing the personal details of 774,000 migrants and people aspiring to migrate to Australia, despite playing down the seriousness of the breach. On Sunday, Guardian Australia revealed the government’s SkillSelect app allowed users to see unique identifiers of applicants for skilled visas, including partial names, which could then be used through searches with multiple filters to reveal other information about applicants. The employment department,...