Security week 4

Stay safe. We bring you our regular weekly overview of security news.

Malware has caused the failure to test vehicles in eight US states

The malware that attacked Appulus Technologies forced the company to disconnect their IT systems. The outage lasted several days also due to testing whether all parts of the system were free of malicious software. The disruption of the systems resulted in the failure of vehicle emission testing in eight US states. The US Department of Transportation had to ask police forces to cooperate so as not to penalize vehicles that have invalid emission controls during this period. The details of the attack are not known yet.

Several serious vulnerabilities have been identified in OpenSSL

OpenSSL plays a key role in applications that use TLS security. After a known HeartBleed bug, two serious bugs were detected and fixed. The first caused servers to crash when they received a specially modified request (renegotiation within a ClientHello message) from an unauthenticated user. The second vulnerability was caused in marginal cases by the application’s inability to detect and reject TLS certificates that were not signed by a browser-supported certification authority.

Apple has created an urgent update for its devices

The iPhone, iPad and Apple watch included a vulnerability in WebKite. Although the details of the bug are not known, it can be assumed that its misuse could have caused clients to be redirected to phishing sites. The urgency of the update was caused in particular by the fact that this vulnerability was also found to be actively exploited in the real world. To underline the importance, it should be pointed out that the update is also available for older devices (eg iPhone 5s).

Phishing attacks exploit vaccine surveys to obtain personal information

The US Department of Justice warns against phishing attacks that are used to trick people and steal their personal information or money. As an increasing part of the population begins to be vaccinated, attackers are abusing this and sending questionnaires to potential victims about the use of the vaccine. Completion is motivated by obtaining various prizes such as iPad Pro. The only fee is tied to shipping costs and small overheads. Of course, victims do not receive anything and are robbed of the fee paid, in addition, they fill in a lot of sensitive data that can be misused even in case of identity theft.

Hackers from North Korea have launched another campaign aimed at security experts

Through advanced social engineering, the North Korean APT Group seeks to re-target computer security experts. It created a fake website for an IT security company along with a number of Twitter profiles. The work they have done regarding this is at a high level. Several fake accounts are pretending to be looking for new employees for this fictitious company.

Botnet ZHtrap uses a honeypot to find more victims

Researchers at Netlab 360 have discovered that the new ZHtrap botnet, based on the Mirai botnet, uses an interesting method for its further spread. On a compromised device, it launches a honeypot over 23 different ports and collects attacker addresses. It then tries to attack these addresses. It is based on the assumption that these types of attacks are usually carried out by compromised devices that will have untreated vulnerabilities.