Cybersecurity Weekly: One-click hack, Discord Nitro ransomware, Codecov hacked
A one-click hack was found in popular desktop apps. Discord Nitro gift codes are now demanded as ransomware payments. The Codecov code coverage tool was hacked to steal dev credentials. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. One-click hack found in popular desktop apps
Researchers discovered multiple one-click vulnerabilities across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble.
2. Discord Nitro gift codes now demanded as ransomware payments
In a novel approach to ransom demands, a new ransomware calling itself NitroRansomware encrypts files and then demands a Discord Nitro gift code to decrypt files. While most ransomware operations demand thousands of dollars or more in cryptocurrency, Nitro Ransomware deviates from the norm by demanding a $9.99 Nitro gift code instead.
3. Codecov code coverage tool hacked to steal dev credentials
The Codecov online platform for hosted code testing reports and statistics announced that a threat actor modified its Bash Uploader script, exposing sensitive information in customers’ continuous integration environment. The company learned of the compromise on April 1st but the first signs of this software supply-chain attack occurred in late January.
4. HackBoss malware poses as hacker tools on Telegram
The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications. Researchers have named the malware HackBoss and say that its operators likely stole more than $500,000 from novice hackers that fell for the trick.
5. Severe bugs reported in EtherNet/IP stack for industrial systems
The U.S. Cybersecurity and Infrastructure Security Agency on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service attacks, data leaks and remote code execution.
6. Celsius email system breach leads to phishing attack
Cryptocurrency rewards platform Celsius Network disclosed a security breach exposing customer information that led to a phishing attack. After gaining access to the customer list, the threat actors impersonated Celsius Networks in phishing texts and emails that promoted a new Celsius Web Wallet.
7. Hackers flood the web with pages offering malicious PDFs
Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a remote access trojan. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires and receipts as a stepping stone toward infiltrating the systems.
8. Xcode project malware now targeting Apple's M1-based Macs
A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips. It expanded its features to steal confidential information from cryptocurrency apps. The modules can steal credentials, inject malicious JavaScript into websites, plunder user data from different apps and encrypt files for a ransom.
9. WordPress may automatically disable Google FLoC on websites
WordPress is now treating Google's new FLoC tracking technology as a security concern and may block it by default on WordPress sites. After Google began testing FLoC this month in Google Chrome, there has been a consensus among privacy advocates that Google's FLoC implementation just replaces one privacy risk with another one.
10. U.S. sanctions cryptocurrency addresses linked to Russian cyberactivities
The U.S. government sanctioned twenty-eight cryptocurrency addresses allegedly associated with entities or individuals linked to Russian cyberattacks or election interference. The government introduced these sanctions in an executive order by President Biden that formally announced that the Russian SVR was behind the recent SolarWinds supply chain attack.