New breaches are getting discovered as employees get back to the offices post the holidays. While the attacks aren’t unprecedented, they speak volumes of the need to better utilize cybersecurity tools, particularly in the festive season.
Charming Kitten Uses Holiday Break To Launch Spear-Phishing Campaign
Known for its malicious activities targeting the winter holiday breaks, the Iranian cyber-espionage group Charming Kitten has launched a sophisticated spear-phishing campaign that used both emails and SMS to trap victims. Cybersecurity firm CERTA says that Charming Kitten used the festive break when offices were functioning with reduced IT experts who could identify and block security threats. The group targeted political research centers, think tanks, university professors, environmental activists, and journalists in the US, Europe, and the Persian Gulf.
The text messages sent impersonated Google security alerts, and the phishing emails used previously hacked accounts to target a larger group with cunningly woven content. What’s surprising to note is that the adversaries could hide their spear-phishing campaign behind a legitimate Google URL (https://www.google[.]com/url?q=https://script.google.com/xxxx). Such a scam often goes undetected by senior security experts, let alone employees working half-heartedly in the festive season! Gmail users must adopt email protection measures as this wasn’t the first time that Charming Kitten could successfully use Google URLs for its attacks!
New RAT – Rogue Targets Android Devices
A new malware strain has surfaced, which is the combined work of Android malware authors Triangulum and HeXaGoN Dev. Going by the name of Rogue, this new Mobile Remote Access Trojan (MRAT) attacks Android devices and works secretly to steal all user data. Triangulum’s social marketing skills, combined with HeXaGon Dev’s programming skills, have created malware capable of causing irrevocable data loss to Android users.
Rogue acts as a legitimate Google service and uses Google’s Firebase platform to hide its propaganda. It uses Cloud Messaging to infect a device and gain administrative permissions. Removing the RAT after this becomes difficult as it threatens to erase all data if the user tries to restrict the granted permissions. The only word of advice after this is: cyberattacks can come in any form. The best way to stay secure is to resort to cybersecurity solutions such as email security as a service.
Vaccine Release Is No Time For Complacence
The latest update on the data breach at the European Medicines Agency (EMA) is that the adversaries have published all stolen data related to the vaccine. The COVID-19 vaccine candidates Pfizer and BioNTech had their details breached in a security incident at EMA last month. EMA is taking necessary measures for email authentication and security while also notifying all involved individuals and entities whose data may have been leaked.
The BNT162b2 vaccine is being circulated in the UK, and now is certainly not the time to lose data to cybercriminals. While Pfizer and BioNTech have little role in the breach, this serves as a message to all companies working on the COVID-19 vaccines to take cybersecurity measures and implement privileged access to data for enhanced security.
Time To Set International Cyber Rules, Says Microsoft President
Addressing the alarming security incidents capable of taking over systems across nations, Microsoft President Brad Smith says at the Consumer Electronics Show (CES) 2021 that it’s time to view cybersecurity as a world peace parameter. He comments on our increasing dependence on technology and the corresponding rise of data breaches and security incidents.
Smith feels that it’s about time we took some proactive measures to understand the present security threats to protect the future. He also highlighted the importance of monitoring our usage of artificial intelligence (AI) technology until new guardrails are created to keep humanity over technology. We are talking of a world where machine learning tools and facial recognition technology have taken over people’s lives. Privacy becomes a myth as we let our fundamental rights take a backseat in the pursuit of one-click access and convenience. However, Smith is optimistic that we can still change the picture and address the ever-increasing cybersecurity issues with global collaboration and brainstorming.
Cyberattack Hits A Mimecast-Issued Certificate
In a recent cyberattack, a Mimecast-issued certificate used to authenticate connections made to Mimecast Internal Email Protect, Sync and Recover, and Continuity Monitor, was compromised. Consequently, attackers gained access to customers’ Microsoft 365 exchange servers and are probably intercepting the traffic and exfiltrating communications.
Vice president (Solutions Architecture at Cerberus Sentinel) – Chris Clements points out two possible outcomes of this certificate compromise:
- Attackers can decipher the encrypted data by launching a man-in-the-middle attack (that is if the stolen certificate is used to verify Mimecast users’ server validity).
- In a much worse scenario where security controls are limited, and the stolen certificate can authenticate to Microsoft 365 from Mimecast servers, the adversaries can access all customer data by connecting directly to Microsoft.
There are other much worse possible outcomes of this compromise, but Mimecast is maintaining discretion on the cybersecurity incident’s specifics. Customers are advised to consider email security services whether or not Mimecast informs them of a compromise. The users must re-establish their connections with the new Mimecast certificate for enhanced security.
Adobe Releases Security Updates As Flash Goes Down
After Flash reached its end-of-service on 31st December 2020, Adobe took on the task of fixing vulnerabilities. It released the first round of security updates for the year by patching eight vulnerabilities in its products like Bridge, Photoshop, Animate, Illustrator, Captivate, Campaign Classic, and InCopy.
Two critical out-of-bounds write bugs in Bridge, a privilege escalation bug in Captivate, a critical SSRF issue in Campaign Classic, and one critical arbitrary code execution flaw each in Animate, Photoshop, InCopy, and Illustrator were patched. The good thing over and above these cybersecurity tools’ upgrade is that none of the vulnerabilities were exploited before the patch release!