This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Apple iOS smartphone users in Hong Kong targeted in a new campaign exploiting online news readers to distribute malware. Also, read about how hackers are hijacking routers and changing Domain Name System (DNS) settings in order to redirect victims to attacker-controlled sites promoting fake coronavirus information apps.

Read on:

Apple iOS Users Served Mobile Malware in Poisoned News Campaign

Apple iOS smartphone users in Hong Kong are being targeted in a new campaign exploiting online news readers to serve malware. This week, Trend Micro researchers said the scheme, dubbed Operation Poisoned News, uses links posted on a variety of forums popular with Hong Kong residents that claim to lead to news stories. 

The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring

Data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records. The latest data breach from convenience store and gas station chain Wawa could be one of the largest ever, affecting 30 million card records from customers.

Infosec Industry Shows Compassionate Side Amid #COVID19 Pandemic

As the coronavirus pandemic continues, large numbers of organizations have been forced to implement work from home measures for staff. While working from home, employees are more susceptible to cybersecurity threats, especially with a rise in tailored COVID-19 cyber-scams. In this article, read about how Trend Micro and other information security companies have taken steps to offer free resources and support to organizations and employees at this difficult time.

Nefilim Ransomware Threatens to Expose Stolen Data

A new ransomware named Nefilim has been discovered threatening to release its victims’ data to the public if they fail to pay the ransom. It is most likely distributed through exposed Remote Desktop Protocol (RDP), as shared by SentinelLabs’ Vitali Krimez and ID Ransomware’s Michael Gillespie.

Remember Cryptojacking from Way, Way Back (2019)? Site Infections are Down 99% – Thanks to Death of Coinhive

Cryptojacking, the theft of computing power to mine digital currency, has been around at least since 2013 – and has shrunk in use dramatically with the death of Monero-mining service Coinhive. Since Coinhive’s closure last year, cryptojacking has been almost eliminated, according to a group of researchers from the University of Cincinnati in America, and Lakehead University in Canada.

Microsoft Alerts Users About Critical Font-Related Remote Code Execution Vulnerability in Windows

Microsoft released a security advisory on a zero-day remote code execution (RCE) vulnerability affecting Windows operating systems. The vulnerability is found in an unpatched library and comprises two RCE flaws found in Adobe Type Manager Library (atmfd.dll), a built-in library for the Adobe Type Manager font management tool in Windows. 

Credit Card Skimmer Found on Tupperware Website

Cybercriminals hacked and planted malicious code designed to steal payment card information, Malwarebytes warned this week. The credit card skimmer was planted on the main website and some of its localized versions. The website has nearly one million visitors every month, indicating that hackers may have obtained a significant number of payment card records.

Mirai Updates: New Variant Mukashi Targets NAS Devices, New Vulnerability Exploited in GPON Routers, UPX-Packed FBot

Researchers observed a number of new developments related to the internet of things (IoT) malware Mirai, which actively searches for vulnerabilities in IoT devices. A new Mirai variant named Mukashi was found attacking network-attached storage (NAS) devices, a new vulnerability in GPON routers was exploited by Mirai, and a UPX-packed Fbot variant was detected by a Trend Micro honeypot.

Hackers Hijack Routers to Spread Malware Via Coronavirus Apps

Cybercriminals are hijacking routers and changing Domain Name System (DNS) settings, in order to redirect victims to attacker-controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information stealing Oski malware. This latest attack shows that hackers are becoming more creative in how they leverage the coronavirus pandemic.

Working from Home? Here’s What You Need for a Secure Setup

In response to the ongoing coronavirus outbreak, many companies have rolled out work-from-home arrangements. As a result, there has been an influx of employees signing in remotely to corporate networks and using cloud-based applications, potentially opening doors to security risks. In this blog, Trend Micro shares how security teams and home office users can mitigate the risks that come with remote-working setups.

Russian Hackers Using Stolen Corporate Email Accounts to Mask their Phishing Attempts

In the last year, Russian military intelligence hackers have used previously hacked email accounts to send a wide array of phishing attempts. Feike Hacquebord, senior threat researcher at Trend Micro, explains new research regarding the group known as Fancy Bear, APT28, or Pawn Storm, and how they used hacked emails of high-profile personnel at defense firms in the Middle East to carry out an attack.

Review, Refocus, and Recalibrate: The 2019 Mobile Threat Landscape

Trend Micro analyzed 2019’s most notable mobile threats to assess the landscape and help users and enterprises reevaluate their measures and practices to defend against future threats. While there was a decrease in certain threats compared to 2018, in 2019 cybercriminals looked at the malicious mobile routines that worked in the past and adjusted these to make them more sophisticated, persistent, and profitable online and offline.

Have you seen any COVID-19 related cyber-scams? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE