Cybersecurity Weekly: Anti-cybercrime ads, real estate data leak, WHO spoofed
A U.K. ad campaign seeks to deter cybercrime. A real estate app leaks thousands of user records and private messages. Hack-for-hire firms spoof WHO to target Google credentials. All this, and more, in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. U.K. ad campaign seeks to deter cybercrime
The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. The ad campaign follows a similar initiative launched in late 2017 that significantly lowered demand for such services.
Read more »
2. Real estate app leaks thousands of user records and private messages
Cybersecurity researchers uncovered an unsecured AWS bucket of confidential user chat logs belonging to real estate app Tellus, an American software company. The data bucket in question contains a folder with over 6,000 files related to the Tellus app that include the app’s user records, chat logs and transaction records.
Read more »
3. Hack-for-hire firms spoof WHO to target Google credentials
Hack-for-hire organizations are using COVID-19 as a lure in phishing emails bent on stealing victims’ Google credentials. The accounts have largely targeted business leaders in financial services, consulting and healthcare corporations within numerous countries, including the U.S., Bahrain, Canada, Cyprus, India, Slovenia and the U.K.
4. New Android flaw affecting over one billion phones let attackers hijack apps
A security vulnerability affects the Android OS that malicious apps can exploit to masquerade as any other app installed on a targeted device. Attackers then display fake interfaces to the users, tricking them into giving away sensitive information. Some hackers were already exploiting the flaw in the wild to steal users’ banking and other login credentials
Read more »
5. Cisco hacked by exploiting vulnerable SaltStack servers
Some of its Cisco Virtual Internet Routing Lab Personal Edition backend servers were hacked by exploiting critical SaltStack vulnerabilities patched last month. Cisco also says that the Cisco Modeling Labs and Cisco Virtual Internet Routing Lab products deployed in standalone or cluster configurations are also vulnerable to attacks.
Read more »
6. ComRAT malware uses Gmail to receive commands and exfiltrate data
Last week, cybersecurity researchers uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data. Turla has a long history of the watering hole and spearphishing campaigns.
Read more »
7. New tool can jailbreak any iPhone and iPad using an unpatched zero-day bug
The hacking team behind the unc0ver jailbreaking tool released a new version of the software that can unlock every iPhone, including those running the latest iOS 13.5 version. Unc0ver's lead developer said every other jailbreak released since iOS 9 used one-day exploits that were either patched in the next beta version or the hardware.
8. Fake Valorant mobile app pushes scams on eager gamers
As the eagerly anticipated tactical FPS game Valorant ends their closed beta, a fake mobile version is being distributed that displays nothing but scams to those who install it. Knowing that a mobile version is highly requested, malware distributors have created a fake Valorant mobile app and are promoting it in YouTube videos.
Read more »
9. 200,000 sites with buggy WordPress plugin exposed to wipe attacks
Two high-severity security vulnerabilities found in the PageLayer plugin can let attackers potentially wipe the contents or take over WordPress sites using vulnerable plugin versions. The vulnerabilities were reported to PageLayer's developer by the Wordfence Threat Intelligence team on April 30 and were patched with the release of version 1.1.2 on May 6.
Read more »
Phishing simulations & training
10. Minted discloses data breach after five million user records sold online
Minted, a U.S.-based marketplace for independent artists, disclosed a data breach after a hacker sold a database containing five million user records on a dark web marketplace. Based on samples collected by researchers, the user records included a user's email address and their blowfish hashed passwords.
Read more »