Security week 5

Stay safe. We bring you our regular weekly overview of security news.

The ransomware attack led to a shortage of cheese in the Netherlands

The malware that attacked Appulus Technologies forced the company to disconnect their IT systems. The outage lasted several days also due to testing whether all parts of the system were free of malicious software. The disruption of the systems resulted in the failure of vehicle emission testing in eight US states. The US Department of Transportation had to ask police forces to cooperate so as not to penalize vehicles that have invalid emission controls during this period. The details of the attack are not known yet.

A critical vulnerability in Zoom allows remote code execution without user interaction

Pwn2Own’s “white hats” competition led to the discovery of new unknown vulnerabilities. One team went up by $ 200,000 when it discovered a new Zoom vulnerability. As the company has not yet been able to issue a repair, the details of the attack are not known, but the demonstration showed a remote calculator launch. All an attacker needs is that his contact be from the same organization or be accepted from an external environment. This can be achieved through various phishing attacks. In the long run, it is recommended to add only those contacts that we know well.

New malware on Android offers free access to Netflix

Malware that seeks to disguise itself as a Netflix application tries to entice users to free Netflix for 60 days. Instead, it secures sufficient privileges to collect personal and login information (e.g., by creating an additional layer above the applications). At the same time, it spreads through the WhatsApp application, where it monitors incoming notifications and responds to them with sophisticated messages so as to force other users to download this application. It also succeeds in reducing users’ attention by making it look like a normal application and available on Google Play. It is not the first malware that managed to get to Google Play in this way, only in March,  9 applications were removed – malware.

Discord and Slack exploited to spread malware

Discord, Slack, and other collaborative tools often use the Content Delivery Network (CDN) to store shared files shared across discussion channels. Typically, a user can create an external link to these files and send them over the Internet, regardless of whether the recipient has Slack or another tool installed. The behavior is very similar to regular spam and is an attempt to persuade the user to click on a link with malicious software. Researchers have also found out that these applications can also be misused to communicate with command & control (C2) servers. The malware thus masks its communication, which appears to be normal within the network.

Another big leak of personal data

Following the recent major leak of user data, sales data on 500,000,000 Linkedin users appeared on forums, accounting for about two-thirds of all users. To prove their authenticity, hackers prepared a “tasting” for $ 2 in the form of data on 2,000,000 users in the form of: LinkedIn ID, full name, email address, phone number, gender, work. For the time being, the investigation of Microsoft, which owns the network, shows that it was data that could have been collected from a large number of sites of various companies, or it is data from past leaks.

A bug in WhatsApp allows you to “lock out” a user without their knowledge

With the latest type of attack, it is enough for attackers to know the victim’s phone number and use it to prevent access to the account in this application. If the user enters their phone number for multi factor authentication during registration, the attacker can use this number when logging in, to send verification codes for WhatsApp. After exceeding a certain number, the application will be blocked for 12 hours. The attacker then sends an e-mail to WhatsApp Customer Support and informs them about the stolen phone and access to the account is suspended for 12 hours. Attackers can then exploit a vulnerability that, after the third retry, blocks access to the account indefinitely. Again, a user can only gain access if he can find someone in WhatsApp Support to help unblock access.