Cyber Bites

2019 will be remembered as the year when major security bugs were disclosed in a large number of enterprise VPN servers, such as those sold by Pulse Secure, Palo Alto Networks, Fortinet, and Citrix. A new report published today reveals that Iran's government-backed hacking units have made a top priority last year to exploit VPN bugs as soon as they became public in order to infiltrate and plant backdoors in companies all over the world....

The South Korean government has warned the public of a sharp rise in smishing attempts -- scam text messages -- that use misinformation about the novel coronavirus outbreak. As of February 15, 9,688 smishing texts had been sent that used false information on the novel coronavirus, the Ministry of Science and ICT, South Korean police, and the country's financial regulator said Monday in a joint statement. These texts claim to provide free masks or pretend...

The Institute of International Education (IIE), a century-old educational organisation that operates numerous leading international scholarship and fellowship programmes across multiple countries, was detected to have left sections of its database unprotected and open to public search. The vulnerable database was detected by security researcher Bob Diachenko, who found the databases indexed in public domain on January 29th. He subsequently reported the vulnerability to the IIE, but states that he received no communication from IIE after...

An Instagram password leak that has exposed about 10,000 scraped user accounts stems from a popular “bot” app used to automatically grow a following on the platform. The app SocialCaptain stored Instagram usernames and passwords in plaintext, visible by viewing the source code of the app’s profile page. Source: CPO Magazine

Researchers are urging users of the GDPR Cookie Consent WordPress plugin to update as soon as possible. A popular WordPress plugin, which helps make websites compliant with the General Data Protection Regulation (GDPR), has issued fixes for a critical flaw. If exploited, the vulnerability could enable attackers to modify content or inject malicious JavaScript code into victim websites. Source: Threatpost

Researchers have observed a new malware campaign that’s been targeting the U.S., Argentina, Brazil and Costa Rica with an updated variant of the Loda RAT remote access trojan. In a company blog post on Wednesday, Cisco Talos said that since at least the last quarter of 2019, the campaign has been using malicious websites to host malicious documents that are used in a multi-step infection chain designed to bypass email filters and deliver Loda version 1.1.1. Source: SC Magazine

US store chain Rutter's disclosed a security breach today. The company says hackers gained access to its stores' network system and planted malware that collected payment card details as they were being processed. Stores in Pennsylvania and West Virginia were impacted, Rutter's said today in a press release and a notice posted on its website. Source: ZD Net

Nedbank says it has investigated a data security issue that occurred at the premises of a third-party service provider, namely Computer Facilities – a direct marketing company that issues SMS and email marketing information on behalf of Nedbank and a number of other companies. A subset of the potentially compromised data at Computer Facilities included personal information (names, ID numbers, telephone numbers, physical and/or email addresses) of some Nedbank clients, the bank said. Source: Business...

SAN JUAN, Puerto Rico — Puerto Rico's government has lost more than $2.6 million after falling for an email phishing scam, according to a senior official. The finance director of the island's Industrial Development Company, Rubén Rivera, said in a complaint filed to police Wednesday that the agency sent the money to a fraudulent account. Source: NBC News

A new cyberspying campaign has been detected in the Middle East which is going after victims in Palestinian territories. An investigation into the attacks, conducted by the Cybereason Nocturnus team and made public on Thursday, suggests that one of the Gaza Cybergang groups -- also known as MoleRATs -- is potentially responsible. Source: ZD Net