CyberIntelMag's Threat report

Weekly Cyber Threat Report, April 5-9

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week Google has rolled out a few patches for known vulnerabilities, announce Android to be built on Rust, and a handy way to check if your data have been compromised in a huge Facebook leak last week.

  • Google’s security researcher made a long-awaited disclosure of zero-click vulnerabilities in the Linux Bluetooth subsystem. Unauthenticated attackers could execute arbitrary code with kernel privileges on vulnerable devices. Security flaws dubbed “BleedingTooth” relate to BlueZ, the open-source Linux Bluetooth protocol stack used by Linux-based laptops and IoT devices.
  • In its April 2021 Android security bulletin, Google announced the now patched remote code execution flaw in the System component tracked as CVE-2021-0430. The critical severity flaw affected Android 10 and 11. It “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google explained in its advisory.
  • Cisco has patched a critical pre-authentication remote code execution vulnerability affecting a remote management component of SD-WAN vManage Software. The critical security flaw – CVE-2021-1479 – allowed unauthenticated attackers to remotely trigger a buffer overflow and execute arbitrary code on the underlying operating system with root privileges. PSIRT, the CISCO’s security team, said there have been no cases of exploitation of these vulnerabilities in the wild.
  • Google has announced a part of its operating system on the open-source version of Android will be possible to build in Rust. This is expected to prevent memory bugs in the Android OS, arguably the most frequent cause of security flaws. Google engineers expect that the whole migration process will take years. Some of the first projects to be rewritten in Rust were Android Bluetooth stack and Keystore 2.0.
  • The developer of the Have I Been Pwned data breach notification site updated its service to allow checking if your phone number and email address had been exposed in the huge Facebook data leak last week.

From the bad news:

This week brought more attacks on educational institutions, malicious apps faking Netflisx and Trezon, new Accellion attacks, among other news.

  • CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC) disclosed that sensitive data has been stolen by a “foreign cybercriminal” group in a data breach this week. The company wrote that the breach had taken place on January 28, but that it was too early to say how many customers had been affected or what data was taken. Although it hinted that the stolen information may have included names, dates of birth, addresses, phone numbers, Medicaid identification numbers, and other medical information. 
  • Cisco’s Talos, published new research on Wednesday warning that, over the course of the Covid-19 pandemic, chat apps Slack and, much more commonly, Discord are increasingly used by cybercriminals to carry out malware attacks on various organizations. Attackers’ goal is to spread via chat rooms ransomware and traditional malspam lures to infect victims. Slack and Discord have been used to deliver a variety of RATs, stealers, and other malware including Agent Tesla, AsyncRAT, Formbook, JSProxRAT, LimeRAT, Lokibot, Nanocore RAT, Phoenix Keylogger, Remcos, and WSHRAT.
  • A suspected hacker that last week put up for sale a huge Facebook database for a couple dollars, this week posted data of millions of LinkedIn profiles and sells it for a four-digit sum.
  • The massive database of stolen data contains IDs, names, phone numbers, email addresses and more. The whole set contains 500 million user records.
  • A Russian hacker has sold on an underground forum nearly 900,000 gift cards with a total value of $38 million. Cards from thousands of brands in this database may have originated from a previous breach at the now-defunct discount gift card provider Cardpool.
  • Users iOS and Android versions of a fake Trezor app have been tricked out of $1 million worth of cryptocurrency. The fake Trezor apps were downloaded nearly 1,000 times.
  • In the last few days, the US Department of Health and Human Service’s HIPAA Breach Reporting Tool website has added several large breaches related to attacks on unpatched Accellion FTA platforms. Among those impacted are Health Net Community Solutions, with nearly 687,000 individuals affected; Health Net of California, with 524,000 individuals affected; California Health & Wellness, with 80,000 affected; Health Net Life Insurance Co., with nearly 27,000 affected.
  • Several educational organizations are being targeted by threat actors this week. Palo Alto Network’s Unit 42 reported several Washington State educational organizations were hit in cryptojacking attacks. On Tuesday, the National College of Ireland (NCI) and the Technological University of Dublin announced ransomware attacks hit their IT systems and knocked them offline. And Michigan State University had a data breach that resulted from a cyber-attack on Bricker & Eckler LLP, an Ohio law firm.
  • Researchers at GRIMM found a remote code execution vulnerability that can let attackers hijack a popular Windows time synchronization software product, Greyware’s Domain Time II. The bug allowed to exploit a man-on-the-side (MotS) vulnerability and trick a user into downloading a malicious payload.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.