GLOBAL NEWS

Remote Code Execution Vulnerabilities In Apple Safari WebKit: 

Cisco Talos discovered several high-severity vulnerabilities that can be exploited for remote code execution. These are reported under CVE-2020-13584, CVE-2020-13558 and CVE-2020-13543.

Vietnam Threat Actor OceanLotus New Apple macOS Backdoor in Attacks: 

Trend Micro have identified a new macOS backdoor believed to be used by the OceanLotus (APT32, APT-C-00). A tested sample pretends to be a Word document but it is an app bundled in a ZIP archive. OceanLotus were linked to COVID-19 espionage attacks targeting China

Reports CIA Controlled Swiss Based Omnisec: 

Swiss public broadcaster SRF reports that a second Swiss encryption company Omnisec, was allegedly used by the CIA and its German counterpart to spy on governments worldwide.

Non-Profit FINRA Warns Brokerage Firms of Phishing Campaign: 

Cybercriminals are using a fake FINRA domain in a phishing campaign. FINRA warned brokerage firms about the attack leveraging the domain invest-finra[.]org, which has no connection with FINRA targeting United States organizations. The FINRA regulates over 624,000 brokerage firms in the United States.

FBI Warns of Email Rules Abused for BEC Scams: 

The FBI has issued a notification to warn organizations of scammers setting up auto-forwarding email rules to facilitate BEC schemes. Attackers are able to conceal their activity through auto-forwarding rules implemented on victims’ web-based email clients which may not sync with the desktop client, hiding the malicious rules from security administrators

Crutch Backdoor Used in Government Attacks: 

ESET have discovered new malware used by Russian threat actor Turla in government attacks. This threat actor is also tracked under Belugasturgeon, KRYPTON, Snake, Venomous Bear & Waterbug

iOS Exploit Allows ‘Unfettered Access’ to iPhone User Data Over Wi-Fi: 

Google Project Zero has disclosed the details of an iOS exploit that allows an attacker to hack iPhones remotely over Wi-Fi without interaction and steal sensitive user data.

Wormable, Zero-Click Vulnerability in Microsoft Teams: 

Microsoft has patched a wormable, zero-click vulnerability in Microsoft Teams. Evolution Gaming discovered a cross-site scripting (XSS) vulnerability at the ‘teams.microsoft.com’ domain that could be abused to trigger a remote code execution flaw in the Microsoft Teams desktop application.

Iranian Hackers Access Unprotected ICS at Israeli Water Facility: 

Iranian hackers have accessed an unprotected industrial control system (ICS) at a water facility in Israel. Security company OTORIO report that this gave the attackers easy access to the system and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature and more. All the adversaries needed was a connection to the world-wide-web, and a web browser.

Unpatched Google Play Store Vulnerability Leaves Android Apps Open To Attack Users: 

A vulnerability in the Google Play Core Library continues to impact many applications several months after official patches were released. The unpatched Core Library allows Android developers to deliver updates to their applications at runtime, via the Google API, without requiring interaction from the user. This vulnerability is tacked under CVE-2020-8913 released in March 2020 and allows path traversal that could result in local code execution.

 

 

CARIBSOC advises organisations to corroborate all data and information as a matter of course when determining impacts to their staff & infrastructure.