APT groups target US Think Tanks, CISA, FBI warn, Google Play Apps Remain Vulnerable to High-Severity Flaw, and more

Originally published at: https://cloudsek.com/threatintel/apt-groups-target-us-think-tanks-cisa-fbi-warn-google-play-apps-remain-vulnerable-to-high-severity-flaw-and-more/

Round Up of Major Breaches and Scams

APT groups target US Think Tanks, CISA, FBI warn

APT groups continue to target United States think tanks, the Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn. The work of US think tanks has a great relevance for nation-state attackers that focus on the U.S. policy.

Phishing targets US brokerage firms using FINRA lookalike domain

US securities industry regulator FINRA warned brokerage firms earlier this week of ongoing phishing attacks using a recently registered web domain spoofing a legitimate FINRA website.

Philly Food Bank Loses $1m in BEC Scam

A Philadelphia food bank has been scammed out of nearly $1m following a classic business email compromise (BEC) attack, it has emerged. Philabundance is the region’s largest hunger-relief organization and receives tens of millions of dollars in donations every year.

Round Up of Major Malware and Ransomware Incidents

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security researchers have analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. The botnet carries two payloads: 1) a Monero XMR Miner binaries; and 2) Tsunami binaries. This botnet is targeting cloud servers. An earlier version, carrying only XMR Miner payload was investigated and reported in Sep 2020.

Round Up of Major Vulnerabilities and Patches

TrickBot’s new module aims to infect your UEFI firmware

The developers of TrickBot have created a new module that probes for UEFI vulnerabilities, to give them ultimate control over infected machines. With access to UEFI firmware, a threat actor would establish on the compromised machine persistence that resists operating system reinstalls or replacing of storage drives.

Google Play Apps Remain Vulnerable to High-Severity Flaw

Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including mobile browser app Edge and business app Cisco Teams, have yet to push out an important update addressing a high-severity vulnerability in the Google Play Core Library.

1 Like