Security Digest 7E6-15

Here are this week’s highlights in cybersecurity:

Pwn2Own Vancouver showed amazing research in its 15th edition. $1,155,000 were awarded for 0-days in Microsoft Teams, VirtualBox, FireFox, Windows 11, Ubuntu & Safari. More
Google’s Threat Analysis Group determined that five 0-days used in 3 malware campaigns targeting journalists last year, were developed by spyware maker Cytrox. The surveillance company is the maker of Predator, an implant similar to that of NSO Group’s Pegasus, which enables its clients to penetrate iOS and Android devices. More
IBM published a report detailing the inner working of 13 crypters developed by hacker group known as Wizard Spider or Trickbot. Crypters are applications designed to encrypt and obfuscate malware to evade analysis by antivirus scanners and malware analysts. The crypters were used for Trickbot, BazarLoader, Conti, and Colibri, as well as malware developed by other groups such as Emotet, IcedID, Qakbot, and MountLocker. More
Chinese APT espionage group targets Russian’s state-owned defense institutes with spear-phishing campaigns, according to a CheckPoint report. More
A hacking campaign uses PDF files that embeds a malicious DOCX file. When the PDF is opened, Adobe Reader prompts the user to open the Word document. The file is named “has been verified. However PDF, Jpeg, xlsx, .docx“, making it look as part of Adobe Reader’s prompt. More
Web credit card skimming attacks are adapting their JavaScript injects to imitate Google Analytics and Meta Pixel so they would be harder to spot, according to a Microsoft report. More
According to a Nisos report, among other things, the Russian Fronton botnet is a system developed for coordinated inauthentic behavior on a massive scale on social media handling everything from creating accounts to posting content. More
Recent Zoom vulnerability allows attackers to hack a victim by sending them a message. The issue dubbed as XMPP Stanza Smuggling by the Google security researcher, allows an attacker to perform a man-in-the-middle attack and run arbitrary code on the victim’s machine. More
Trend Micro fixed a vulnerability in their consumer antivirus that was abused by Central-Asian-based threat actor dubbed “Moshen Dragon”.
Sometimes “privacy” isn’t exactly private. DuckDuckGo search engine doesn’t block tracking for Microsoft products LinkedIn & Bing, according to a researcher. DuckDuckGo CEO confirmed. More
Indian airline SpiceJet is impacted by ransomware, according to a company tweet. More
Suspected head of cybercrime gang identified as SilverTerrier was arrested in Nigeria. The group’s main activity was business email compromise (BEC) fraud. This was the result of an Interpol operation in collaboration with Group-IB, Palo Alto Networks Unit 42 and Trend Micro. More
Twitter was fined $150 million by FTC for privacy violations. From 2013 to 2019, the company requested users for their phone numbers to make their account more secure. However, Twitter failed to disclose that they use that data to show targeted ads. More
Security researchers demonstrated a class of attacks called “account pre-hijacking”. They tested 75 popular services and found that 35 were vulnerable to one or more account pre-hijacking attacks, including DropBox, Instagram, LinkedIn and Zoom . The distinctive feature of these attacks is that the attacker performs some action before the victim creates an account, which makes it trivial for the attacker to gain access after the victim has created or recovered the account. More
Cheerscrypt is a newly discovered ransomware family that targets enterprise ESXi servers. ESXi is a virtualization platform, so encrypting it might cause major disruptions to a company. More
ChromeLoader is a browser hijacker that modifies search results to show potentially unwanted software, phishing sites and other types of scams. Because the hijacking is done via a malicious Chrome extension, it’s able to infect both Windows and Macs. More