Facebook reveals the identity of APT32, Air France-KLM victim of cyber attack, impact unclear, and more

Originally published at: https://cloudsek.com/threatintel/facebook-reveals-the-identity-of-apt32-air-france-klm-victim-of-cyber-attack-impact-unclear-and-more/

Round Up of Major Breaches and Scams

Facebook doxes APT32, links Vietnam’s primary hacking group to local IT firm

In a surprising and unexpected announcement on Thursday, the Facebook security team has revealed the real identity of APT32, one of today’s most active state-sponsored hacking group, believed to be linked to the Vietnamese government. The company said it took this step after it detected APT32 using its platform to spread malware in attempts to infect users.

Air France-KLM victim of cyber attack

Hackers have tried to break into Air France-KLM. The NOS reported this on Thursday based on insiders. The attack would be over by now and the systems are stable again. The impact is still unclear and a forensic investigation is underway. According to NOS, the attack would initially target the Dutch side of the network. When extra security measures were taken there, the digital attackers targeted the French branch of the aviation group.

U.S. warns of increased cyberattacks against K-12 distance learning

K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft, and general disruption of normal activity. The trend will continue through the 2020/2021 academic year. The alert comes from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) based on reports from K-12 institutions incurring cyberattacks.

Tech unicorn UiPath discloses data breach

Tech unicorn UiPath, a startup that makes robotics automation software, is currently emailing users about a security incident that exposed their personal information online. “On December 1, 2020, UiPath became aware of an incident that resulted in unauthorized disclosure of a file containing limited personal information about users of UiPath Academy,” the company wrote in an email sent to users today, seen by ZDNet.

Malwarebytes detects leaked tools from FireEye breach

The security company FireEye was breached by a sophisticated attack that stole multiple red team assessment tools. Malwarebytes customers are safe. Hello folks! If you have not heard yet, the security firm FireEye has had a breach of many red team assessment tools used for identification of vulnerabilities to help protect customers. While it is not known exactly who was behind this attack, a big concern is the sharing and use of these stolen red team tools by both sophisticated and non-sophisticated actors.

Scammers use Chrome, Firefox extensions in widespread ad fraud campaign

Security experts at Microsoft on Thursday detailed how internet attackers are abusing some of the world’s most popular web browsers for a fraud campaign, which at its height has affected more than 30,000 devices per day. The scammers are using malicious browser extensions— a tried and tested fraud tactic — to inject bogus advertisements into the results displayed on a search engine page. The more users who visit the fraudulent ad pages, the more money the perpetrators earn via a traffic-driven advertising program.

Round Up of Major Malware and Ransomware Incidents

4 major browsers are getting hit in widespread malware attacks

An ongoing malware campaign is blasting the Internet with malware that neuters the security of Web browsers, adds malicious browser extensions, and makes other changes to users’ computers, Microsoft said on Thursday. Adrozek, as the software maker has dubbed the malware family, relies on a sprawling distribution network comprising 159 unique domains with each one hosting an average of 17,300 unique URLs. The URLs, in turn, host an average of 15,300 unique malware samples. The campaign began no later than May and hit a peak in August, when the malware was observed on 30,000 devices per day.

MoleRats APT Returns with Espionage Play Using Facebook, Dropbox

The threat group is increasing its espionage activity in light of the current political climate and recent events in the Middle East, with two new backdoors. The MoleRats advanced persistent threat (APT) has developed two new backdoors, both of which allow the attackers to execute arbitrary code and exfiltrate sensitive data, researchers said. They were discovered as part of a recent campaign that uses Dropbox, Facebook, Google Docs and Simplenote for command-and-control (C2) communications.

Hackers can use WinZip insecure server connection to drop malware

The server-client communication in certain versions of the WinZip file compression tool is insecure and could be modified to serve malware or fraudulent content to users. WinZip has been a long-standing utility for Windows users with file archiving needs beyond the support built in the operating system. Initially released almost 30 years ago, the tool now has versions for macOS, Android, and iOS, as well as an enterprise edition that adds collaboration features. According to its website, the application has more than one billion downloads.

Round Up of Major Vulnerabilities and Patches

Sophos fixes SQL injection vulnerability in their Cyberoam OS

Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. Sophos purchased firewall and router maker Cyberoam Technologies in 2014 and has been offering free upgrades to their XG Firewall OS since 2019. Today, Sophos disclosed that a SQL injection vulnerability was fixed in the Cyberoam (CROS) operating system that could remotely add accounts to a CROS device.

1 Like