Cybersecurity Weekly: Job offer ID theft, Bluetooth vulnerability, SolarWinds hackers target think tanks
How to tell a job offer from an ID theft trap. A Bluetooth vulnerability enables hackers to mimic genuine devices. SolarWinds hackers target think tanks with a new NativeZone backdoor. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. How to tell a job offer from an ID theft trap
One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, according to an FBI warning. Last year, more than 16,000 people reported being victims of employment scams with losses totaling more than $59 million.
2. Bluetooth vulnerability enables hackers to mimic genuine devices
Hackers could exploit newly discovered flaws in Bluetooth Core and Mesh Profile Specifications to disguise themselves as legitimate devices and carry out man-in-the-middle attacks. These attacks work even when the victims use Bluetooth's strongest security modes, including SSP and Secure Connections.
3. SolarWinds hackers target think tanks with new NativeZone backdoor
The threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants and non-governmental organizations located across 24 countries. This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations.
4. FBI to share compromised passwords with Have I Been Pwned
The FBI will soon begin to share compromised passwords with Have I Been Pwned's Password Pwned service that were discovered during law enforcement investigations. By providing this feed, the FBI will allow administrators and users to check for passwords that are known to be used for malicious purposes.
5. Cyber espionage hackers continue to target Pulse Secure VPN devices
Cybersecurity researchers unmasked additional tactics, techniques and procedures adopted by threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks.
6. Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer
Cybersecurity researchers publicized the disruption of a clever malvertising network targeting AnyDesk. This network delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign involves a malicious file that masquerades as a setup executable for AnyDesk.
7. Ransomware gangs' slow decryptors prompt victims to seek alternatives
Recently, two highly publicized ransomware victims received a decryptor that was too slow to make it effective in quickly restoring the victim's network. The first was Colonial Pipeline, which paid a $4.4 million ransom for a decryptor after being attacked by the DarkSide ransomware operation. However, the decryptor was so slow that the company resorted to restoring from backups.
8. Bose admits ransomware attack exposed employee data
Bose confirmed that it experienced a data breach, having fallen victim to a ransomware attack in early March. Immediately upon discovering the attack on March 7, Bose initiated incident response protocols, activated its technical team to contain the incident, and hardened its defenses against unauthorized activity.
9. Facefish backdoor spreading Linux rootkits
Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed Facefish owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to its server.
10. Researchers demonstrate two new hacks to modify certified PDF documents
Cybersecurity researchers disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents.