CyberIntelMag's Threat report

Weekly Cyber Threat Report, May 3-7

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week, we learned about Google’s new anti-spam efforts, the DoD expanding its bug-hunting program, Google embracing 2SV among other stories.

  • Google has teamed up with Stop Scams to clamp down on financial fraud in the United Kingdom. Stop Scams UK is an industry-led group fighting scams by sharing threat data and creating anti-scam initiatives. Google UK & Ireland is the first major tech giant to partner with Stop Scams UK.
  • Microsoft has open-sourced a new tool to help organizations protect their artificial intelligence (AI) systems against machine-learning attacks. Counterfit, the new tool, can be used to test security of AI systems in any cloud environment, on-premises, or on edge networks.
  • The US Department of Defense (DoD) expands the scope of its bug bounty program to include not just websites but also networks, frequency-based communication, industrial control systems, and IoT devices and networks. As a result, the number of bug reports to the DoD is expected to drastically increase.
  • Google to soon automatically enroll users in two-step verification (2SV); while today it prompts its two billion Gmail users to enroll in 2SV. “Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured.”
  • IBM announced new zero-trust capabilities in Cloud Pak for Security, its platform for preventing cybersecurity threats across multi-cloud and hybrid environments. Key features will include new zero trust blueprints designed around common zero-trust use cases.

From the bad news:

This week brought reports about a hacked Tesla, a Qualcomm flaw affecting millions of phones,  a new victim of Accellion attacks, and other important stories you can’t miss.

  • The Cuba Ransomware gang has teamed up with the Hancitor (Chancitor) malware operators to easier gain access to targeted networks. Hancitor downloader has been in operation since 2016. Usually distributed in malicious spam campaigns pretending to be DocuSign invoices, it installs password-stealers, such as Pony, Ficker, and since recently, Cobalt Strike.
  • European researchers have hacked a Tesla car remotely without any user interaction. They carried out the attack from a drone and exploited two vulnerabilities in ConnMan, Tesla’s internet connection manager. Researchers say possibly other smart cars are vulnerable too.
  • A researcher found Peloton’s API was leaking users’ private data. The company was slow to accept that its smark bikes were faulty. Besides privacy issues, the bikes were linked to 70 injuries and the death of a child forcing Peloton to recall all its Internet-connected treadmills.
  • Unknown attackers have been quietly employing a Windows rootkit, named Moriya, to install passive backdoors on vulnerable machines in a campaign dubbed Operation TunnelSnake by Kaspersky. The APT group with unknown origins but suspected of being Chinese, targets networks belonging to organizations in South Asia and Africa. 
  • A vulnerability in a widely used Qualcomm chipset affected millions of phones across the globe, according to researchers at Checkpoint. A security hole in Mobile Station Modem Interface “can be used to control the modem and dynamically patch it from the application processor… An attacker can use such a vulnerability to inject malicious code into the modem from Android,” Checkpoint’s researchers explained in a blog post on Friday.
  • The Qualys Research Team has reported 21 bugs in the Exim mail server, a popular mail transfer agent. Attackers could chain several flaws for unauthenticated remote code execution (RCE), gaining root privileges, and worm-style lateral movement. Attackers “could modify sensitive email settings on the mail servers, allow adversaries to create new accounts on the target mail servers,” Qualys Senior Manager of Vulnerabilities Bharat Jogi said in a post on Tuesday.
  • Proofpoint researchers warned organizations to watch for third-party OAuth apps. Proofpoint says 55% of its customers suffered an attack via open authorization (OAuth) apps with a success rate of 22%.
  • A new information stealer Panda Stealer is delivered in a worldwide email spam campaign. Emails with fake business quotes contain rigged Excel files that are aimed at stealing victims’ cryptocurrency. 
  • In Europe, a student installed an infected cracked version of a video-editing program that lead to Ryuk ransomware infecting a biomolecular institute’s network and destroying a weeks’ worth of vital research. 
  • The City of Toronto suffered a cyber breach from a possible attack on its Accellion server. The attack may have compromised the health-related information of individuals. It is unknown personal information of how many people had been exposed. The city has not received any ransom demand.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.