Table of Contents

  1. Vulnerabilities
    1. AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability
  2. Leaks
    1. Mitsubishi Electric Blames Anti-Virus Bug for Data Breach
    2. US-based children’s clothing maker Hanna Andersson discloses a data breach
  3. Politics
    1. Jeff Bezos phone was hacked by Saudi crown prince
    2. How US military claims to have disrupted ISIS 's propaganda
    3. Journalist Glenn Greenwald accused of hacking crimes in Brazil
  4. Apple
    1. Apple dropped plan for encrypting backups after FBI complained
    2. New York City has a $10 million cybercrime lab to crack the iPhone
  5. Ransomware
    1. Windows EFS Feature May Help Ransomware Attackers
    2. BitPyLock Ransomware Now Threatens to Publish Stolen Data
  6. Malware
    1. Internet routers running Tomato are under attack by notorious crime gang
  7. Phishing
    1. This Citibank Phishing Scam Could Trick Many People
    2. 16Shop Phishing Gang Goes After PayPal Users
    3. Phishing Incident at UPS Store Chain Exposes Customer Info
  8. Scams
    1. FBI Warns Job Applicants of Scams Using Spoofed Company Sites
  9. OSINT
    1. Geolocating Venezuelan Lawmakers In Europe

Vulnerabilities

AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Leaks

Mitsubishi Electric Blames Anti-Virus Bug for Data Breach

The Japanese multinational firm's Monday announcement arrives more than six months after the company says it first detected the breach on June 28, 2019. "We have confirmed that trade secrets may have been leaked to the outside," Mitsubishi Electric says in a statement. "To date, no damage or impact related to this case has been confirmed." There's irony, of course, in a company falling victim to a data breach because attackers exploited its security software (Trend Micro products in this case). But security researchers have continually warned that security software is like any other software, in that it can contain unknown vulnerabilities that hackers can sometimes exploit to their own advantage

US-based children’s clothing maker Hanna Andersson discloses a data breach

The US-based children's clothing maker and online retailer Hanna Andersson discloses a data breach, attackers planted an e-skimmer on its e-commerce platform. Like other Magecart attacks, crooks compromised the online store and injected a JavaScript code into checkout pages to steal payment data while users were making purchases. Hacker groups under the Magecart umbrella continue to steal payment card data with so-called software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010.

Politics

Jeff Bezos phone was hacked by Saudi crown prince

The phone of the Amazon billionaire Jeff Bezos was hacked in 2018 after receiving a WhatsApp message from the personal account of the crown prince of Saudi Arabia. Jeff Bezos blamed the Enquirer publisher American Media Inc of "blackmail" for threatening to publish the private photos if he did not stop the investigation. US President always ignored the warning of the US intelligence and publicly expressed dislike of Jeff Bezos. Gavin de Becker explained that the hack was linked to the coverage by The Washington Post newspaper, that is owned by Bezos, of the murder of Saudi journalist Jamal Khashoggi. Saudi press officials did not return a request for comment, but the Saudi embassy in Washington said in a tweet in response to the Guardian's story: "Recent media reports that suggest the kingdom is behind a hacking of Mr Jeff Bezos's phone are absurd. We call for an investigation on these claims so that we can have all the facts out."

How US military claims to have disrupted ISIS 's propaganda

US military claims to have disrupted the online propaganda activity of the Islamic State (ISIS) in a hacking operation dating back at least to 2016. The documents reveal the result of a 120-day assessment US Cyber Command conducted after the completion of Operation Glowing Symphony. The Operation Glowing Symphony was approved in 2016 by president Barack Obama. Operation GLOWING SYMPHONY is considered an important milestone in the counter-terrorism efforts and demonstrates the efficiency of the US offensive cyber capability against online propaganda of the Islamic State (ISIS). "Operation GLOWING SYMPHONY was originally approved for a 30-day window, but the July 2017 General Administrative Message reported the operation's extension to an unknown date.

Journalist Glenn Greenwald accused of hacking crimes in Brazil

Glenn Greenwald has been charged with cybercrimes in Brazil, stemming from publishing information and documents that were embarrassing to the government. For instance, prosecutors contend that Mr. Greenwald encouraged the hackers to delete archives that had already been shared with The Intercept Brasil, in order to cover their tracks. Prosecutors also say that Mr. Greenwald was communicating with the hackers while they were actively monitoring private chats on Telegram, a messaging app. During the conspiracy, Manning and Assange engaged in real-time discussions regarding Manning's transmission of classified records to Assange. During an exchange, Manning told Assange that "after this upload, that's all I really have got left."

Apple

Apple dropped plan for encrypting backups after FBI complained

When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources. Reuters could not determine why exactly Apple dropped the plan. Apple's decision not to proceed with end-to-end encryption of iCloud backups made the FBI's job easier. Had it proceeded with its plan, Apple would not have been able to turn over any readable data belonging to users who opted for end-to-end encryption. The iCloud Keychain password manager, Wi-Fi passwords, and Siri usage information are among the data sets stored in iCloud with end-to-end encryption. Notably, Apple has not implemented end-to-end encryption for iCloud Backup, the service that lets customers back up their iPhones and iPads to Apple servers, or for iCloud Drive. The iCloud Backup and iCloud Drive data sets are encrypted at rest and in transit, but Apple has the key to unlock them and can thus give decrypted versions to law enforcement.

New York City has a $10 million cybercrime lab to crack the iPhone

In a lab in New York City, two computers generate random numbers in an effort to guess the passcodes that keep smartphones seized by crime suspects locked down. The challenge is daunting but not impossible if you can circumvent Apple's limits on attempts. A four-digit key has 10,000 possible combinations, whereas a six-digit key has one million. To prevent the devices from contacting remote servers or responding to wipe requests, New York City is storing iPhones within a vault-like Faraday cage, designed to block electromagnetic waves. Fast Company has taken an insider's look into at what it's like to try to break into an iPhone.

Ransomware

Windows EFS Feature May Help Ransomware Attackers

Security researchers have created concept ransomware that takes advantage of a feature in Windows that encrypts files and folders to protect them from unauthorized physical access to the computer. The lab-developed ransomware strain relies on the Encrypting File System (EFS) component in Microsoft's operating system and can run undetected by some antivirus software. Researchers at Safebreach Labs developed concept ransomware that relies on EFS to lock files on a Windows computer.

BitPyLock Ransomware Now Threatens to Publish Stolen Data

A new ransomware called BitPyLock has quickly gone from targeting individual workstations to trying to compromise networks and stealing files before encrypting devices. BitPyLock was first discovered by MalwareHunterTeam on January 9th, 2020 and has since seen a trickle of new victims daily. What is interesting is that we can compare the ransom notes of earlier versions with the latest versions to see a clear progression in the types of victims that are targeted. To make matters worse, as ransomware operators begin stealing data before encrypting victims for use as leverage, BitPyLock actors claim to be adopting this tactic as well.

Malware

Internet routers running Tomato are under attack by notorious crime gang

Internet routers running the Tomato alternative firmware are under active attack by a self-propagating exploit that searches for devices using default credentials. When credentials are found and remote administration has been turned on, the exploit then makes the routers part of a botnet that's used in a host of online attacks, researchers said on Tuesday. On Tuesday, researchers from Palo Alto Networks said they recently detected Muhstik targeting Internet routers running Tomato, an open-source package that serves as an alternative to firmware that ships by default with routers running Broadcom chips. The ability to work with virtual private networks and provide advanced quality of service control make Tomato popular with end users and in some cases router sellers.

Phishing

This Citibank Phishing Scam Could Trick Many People

A new Citibank phishing scam is underway that utilizes a convincing domain name, TLS certs, and even requests OTP codes that could easily cause people to believe they are submitting their personal information on a legitimate page. This fake Citibank site also utilizes a TLS certificate for the domain so that a lock appears next to the address. When a user enters their login information into the phishing site, they will be presented with various forms that request personal information from the victim. It is believed, but not confirmed, that during this period the phishing page will attempt to login to Citibank using the credentials provided by the victim. As this code will be sent from Citibank's servers, it further lends authenticity to the phishing site.

16Shop Phishing Gang Goes After PayPal Users

A sophisticated malware-as-a-service phishing kit includes full customer service and anti-detection technologies. A prolific phishing gang known as 16Shop has added PayPal customers to its target set. According to researchers at the ZeroFOX Alpha Team, the latest version of the group's phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information (PII) as possible from users of the popular money-transfer service, including login credentials, geolocation, email address, credit-card information, phone number and more. In investigating the kit's infrastructure, researchers uncovered that to establish contact, the kit sends a POST request to a command-and-control (C2) server, with a password, domain and path as a form of operational security. Stolen information is subsequently exfiltrated via SMTP to an attacker-controlled email inbox. It can be used to create phishing pages in English, Japanese, Spanish, German and Thai.

Phishing Incident at UPS Store Chain Exposes Customer Info

Sensitive personal and financial information of UPS Store customers was exposed in a phishing incident affecting roughly 100 local store locations between September 29, 2019, and January 13, 2020. "Email accounts at less than two percent of The UPS Store locations in the U.S. were victim of a phishing incident, which may have impacted some Personally Identifiable Information (PII) for a very small fraction of customers of The UPS Store," Public Relations & Social Media Manager Jenny Robinson told BleepingComputer.

Scams

FBI Warns Job Applicants of Scams Using Spoofed Company Sites

FBI's Internet Crime Complaint Center (IC3) today issued a public service announcement to warn about scammers using spoofed company websites and fake job listings to target applicants. "Since early 2019, victims have reported numerous examples of this scam to the FBI. The average reported loss was nearly $3,000 per victim, in addition to damage to the victims' credit scores," the FBI says. "While hiring scams have been around for many years, cybercriminals' emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity."

OSINT

Geolocating Venezuelan Lawmakers In Europe

Bellingcat has again a new awesome guide on geolocating images with open source intelligence.