Cyber Bites

Cyber scammers are starting to use legitimate reCAPTCHA walls to disguise malicious content from email security systems, Barracuda Networks has observed. The reCAPTCHA walls prevent email security systems from blocking phishing attacks and make the phishing site more believable in the eyes of the user. eCAPTCHA walls are typically used to verify human users before allowing access to web content, thus sophisticated scammers are starting to use the Google-owned service to prevent automated URL analysis...

Cisco’s IOS XE software for SD-WAN routers has a high-severity insufficient input validation flaw. Cisco has patched a high-severity vulnerability in its router software, which if exploited could enable a local, authenticated attacker to execute arbitrary commands with root privileges. The flaw exists in Cisco IOS XE. This Linux-based version of Cisco’s Internetworking Operating System (IOS) is used in Cisco software-defined wide area network (SD-WAN) routers. Affected routers include the Aggregation Services Routers (ASR) 1000...

Health secretary Matt Hancock has used emergency powers under the NHS Act of 2006 to give GCHQ special dispensation to access data on the NHS’s cyber security and other IT systems in order to better protect the health service from cyber attack during the Covid-19 coronavirus pandemic. Documents released by the government, which can be viewed online, were signed off by Karen Dooley, a senior civil service member at the Department for Health and Social...

 Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks. A rash of brute-forcing attempts aimed at users of Microsoft’s proprietary Remote Desktop Protocol (RDP) has come to light, striking millions per week. The attacks are a likely offshoot of cybercriminals looking to take advantage of the unprecedented numbers of employees working from home amid the COVID-19 pandemic, researchers noted. RDP is used to connect to an image...

Security researchers are sounding the alarm over a newly discovered Android malware that targets banking apps and cryptocurrency wallets. The malware, which researchers at security firm Cybereason  recently discovered and called EventBot, masquerades as a legitimate Android app — like Adobe Flash or Microsoft Word for Android — which abuses Android’s in-built accessibility features to obtain deep access to the device’s operating system. Once installed — either by an unsuspecting user or by a malicious...

A variant of the Black Rose Lucy malware-as-a-service dropper, which originated in Russia a little over two years ago, downloads ransomware that passes itself off as an official message from the US’s Federal Bureau of Investigation (FBI) in order to dupe victims into paying a ransom that they believe to be a fine. The new ransomware strain was uncovered by researchers at Check Point and affects devices running the Android mobile operating system (OS). When...

Malvertisers have stepped up their efforts to exploit potential victims during the ongoing Covid-19 pandemic. Cyber-attacks spread through tainted or malicious ads grew as lockdowns came into force around the world last month and hit a peak of more than double the baseline average on 28 March, according to research from AdSecure. The specialist adtech security firm reports that while bad ads surged globally over the period between March 1 to April 15, 2020, the...

The PhantomLance espionage campaign is targeting specific victims, mainly in Southeast Asia — and could be the work of the OceanLotus APT. A sophisticated, ongoing espionage campaign aimed at Android users in Asia is likely the work of the OceanLotus advanced persistent threat (APT) actor, researchers said this week. Dubbed PhantomLance by Kaspersky, the campaign is centered around a complex spyware that’s distributed via dozens of apps within the Google Play official market, as well...

Multimedia processing components are one of today's most dangerous attack surfaces in any operating system. When it comes to managing multimedia files, all operating systems work the same. Any new multimedia file -- image, audio, video -- that reaches a device is automatically transferred to a local OS library that parses the file to know what it is and what to do with it next. From an attacker's perspective, bugs in multimedia processing components are...

Zaha Hadid Architects has warned architecture practices to be vigilant after hackers held its server to ransom while the company works remotely during the coronavirus pandemic. The practice, founded by the late Zaha Hadid, alerted the police after data was stolen last week, reported the Architects' Journal. The hacker used ransomware to encrypt all the data on a company server and demanded money from the practice to release it. Source: Dezeen