Here’s the latest roundup highlighting the most interesting cyber security news that made headlines the previous week, including zero-day flaws in Apple’s Mail app, a discovery of a massive cryptomining botnet that propagates via infected USB drives, and more.
Security researchers disclosed a serious flaw impacting the native iOS Mail app that comes pre-installed on iPhones and iPads, which allows to compromise the devices via an email sent to a targeted individual with their email account logged-in to the vulnerable app.
The vulnerabilities in question are remote code execution flaws that reside in the MIME library of Apple's mail app. The first vulnerability exists due to boundary error when processing email in the iOS MobileMail. A remote attacker can send a specially crafted email message, trigger an out-of-bounds write and execute arbitrary code on the target system. The second bug is a heap-overflow bug.
Both flaws reportedly have been exploited in the wild since at least January 2018, however, Apple claims that it has found no evidence of these vulnerabilities were used in targeted attacks.
Researchers fr om ESET shared the details about a new massive botnet comprised of tens of thousands devises, which were used for illicit Monero cryptocurrency mining. The botnet, dubbed VictoryGate, spread via external USB drives and managed to infect at least 35,000 devices mainly located in Latin America, with more than 90% of victims located in Peru.
Over 267 million Facebook profiles have been offered for sale for €500 ($623) on dark web sites and hacker forums. While the dump did not include passwords, it contained Facebook user IDs, phone numbers, and names, as well as profile details, email addresses, and some other personal details.
Cyber-security firm Confiant uncovered an ongoing malvertising campaign, which is compromising Revive ad servers in order to deliver malicious advertising to unsuspecting users.
In the campaign a threat actor dubbed Tag Barnacle is targeting Revive installations by injecting an obfuscated Javascript payload that gives the hackers the ability to hijack and display their own ads. Those ads are typically for sites offering malware such as fraudulent Adobe Flash updates.
The Tag Barnacle group’s activity was observed on over 360 web properties, but the researchers estimate that the number of impacted websites might be much higher given that some of the hacked ad servers have deep RTB integrations with multiple ad exchanges.
Numerous users of the Nintendo platform have reported about their accounts being hacked. Some users reported their accounts had been used to buy digital items, such as bundles of Fortnite VBucks worth up to Ј100, via linked PayPal accounts.
Nintendo confirmed on Friday that 160,000 accounts were breached since the beginning of April, by hackers using others' Nintendo Network IDs without permission. The company said it disabled the ability to log into a Nintendo Account through a Nintendo Network ID (NNID) and recommended users to enable two-factor authentication.
Bitdefender researchers discovered a highly targeted espionage operation aimed at oil and gas sector in which threat actors attempt to deliver Agent Tesla info-stealer malware via spearphishing attacks impersonating shipment companies and engineering contractors. This marks the first time when Agent Tesla has been deployed as part of attacks targeting the oil & gas industries.
The first campaign was aimed at companies from Malaysia, Iran, and the United States, countries in which the oil & gas industry plays a significant role. The second campaign has started on April 12 and targeted only a handful of shipping companies based in the Philippines over the course of two days.
The hacking group Ocean Lotus, also known as APT32, has been targeting members of the Wuhan government (wh ere it is believed the pandemic started) and Chinese Ministry of Emergency Management with spear phishing emails since at least January to April 2020.
First attacks were observed in early January when the hackers sent a spearphishing email containing the METALJACK malware to China's Ministry of Emergency Management.
FireEye believes this recent attempt is part of an overall increase in coronavirus-related cyberespionage activity by nations seeking solutions and nonpublic information.