Alerts

Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its ‘Sign in with Apple‘ system.

The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted users’ accounts on third-party services and apps that have been registered using ‘Sign in with Apple’ option.

Launched last year at Apple’s WWDC conference, ‘Sign in with Apple’ feature was introduced to the world as a privacy-preserving login mechanism that allows users to sign up an account with 3rd-party apps without disclosing their actual email addresses (also used as Apple IDs).

Read more »

Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., resources.joomla.org.

The breach exposed affected users’ personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords.

The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory (JRD) team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company.

Read more »

Classified initially as a malware loader, Valak has morphed into an information stealer that targets Microsoft Exchange servers to rob email login credentials and certificates from enterprises.

Its original functionality remains, so it can still deliver other malware (banking trojans Ursnif and IcedID), but it now has plugins to run reconnaissance and steal sensitive info from the target.

 

Rich Modular Architecture

Valak evolved quickly since it was first noticed in late 2019, with more than 30 versions being detected in less than six months.

New variants of this malware family used in recent campaigns indicate significant improvements and a preference for enterprise environments, mainly companies in the U.S. and Germany.

Researchers at cybersecurity company Cybereason determined that the capabilities in the latest Valak samples include checking the geographical location of an infected machine, taking screenshots, downloading other payloads (plugins, malware), infiltrating Microsoft Exchange servers.

Valak hides its payloads, command and control (C2) details and other components in the registry. In later stages of the attack, it taps into the cache to pick the tools it needs for various tasks.

Read more »

Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems.

The botnet was traced back to a group it calls ShuangQiang (also called Double Gun), which has been behind several attacks since 2017 aimed at compromising Windows computers with MBR and VBR bootkits, and installing malicious drivers for financial gain and hijack web traffic to e-commerce sites.

Read more »

Cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.

Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal information that serves the country’s geopolitical interests.

“Victims of the analyzed campaigns fit into the pattern preferred by this actor, such as air transport and government sectors in the Middle East,” the researchers said in a report (PDF), adding at least one of the attacks went undiscovered for more than a year and a half since 2018.

“The campaigns were based on several tools, including ‘living off the land’ tools, which makes attribution difficult, as well as different hacking tools and a custom-built backdoor.”

Read more »