5 February 2021 Weekly Newsletter

BOCRA website

 

     

NEWSLETTER

Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android


                                                     LATEST CYBER HACKS 

 
 

icon

 

Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball

A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services had been “compromised by a sophisticated threat actor,” the email-protection company announced in mid-January. That caused speculation that the breach was related to SolarWinds, which the firm confirmed in an update this week

 

Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months

Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. The service has forced password resets for impacted users.

Cybercriminals carrying out credential-stuffing take advantage of people who reuse the same passwords across multiple online accounts. Attackers simply build automated scripts that systematically try stolen IDs and passwords (either gleaned from a breach of another company or website, or purchased online) against various types of accounts.


                                                      VULNERABILITIES

 
 

icon

 

Google patches an actively exploited Chrome zero-day

The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a "heap overflow" memory corruption bug in the V8 JavaScript engine.

icon

 

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications.

icon

 

Two new zero-day vulnerabilities discovered in WordPress Plugin Limit Login Attempts Reloaded

Cybersecurity researcher Veno Eivazian identified two security issues as part of a series of laboratory tests. One is a rate limiting bypass under a non-default configuration, which effectively defeats the plugin purpose. The other one is an unauthenticated reflected XSS.


                                     MALWARES

 
 

icon

 

This old form of ransomware has returned with new tricks and new targets

Back in 2017, the Cerber ransomware was the most dominant family of ransomware, at one point accounting for 90% of all ransomware attacks targeting Windows-based systems.

icon

 

New Trickbot Malware Component Performs Local Network Reconnaissance

The latest component named masrv was first compiled on December 4, 2020, and it is still under testing. So far researchers have been only able to encounter one variant of this module.

icon

 

Android Gets Its New Malware for the Year

Dubbed Oscorp, the malware abuses accessibility services in Android devices to steal user credentials and media content. The malware gets its name from the title of the login page of its C2 server.


                               GENERAL NEWS

 
 
 

icon

 

Identity Theft Spikes Due to COVID-19 Relief

Cases of identity theft in the United States doubled in 2020, mainly due to cybercriminals taking advantage of people affected economically by COVID-19 who filed to receive government benefits

icon

 

Fraudsters Ramped Up Account Takeover Attacks in 2020

Account takeover incidents as a share of fraudulent activity in the financial services industry rose by 19 percentage points in 2020 compared with 2019, according to new figures from Kaspersky.

COMM-CIRT

Botswana Communications Regulatory Authority

Private Bag 00495, Gaborone, Botswana

+2673929961

Disclaimer: This information was gathered from multi-trusted feeds and it is not created by COMM-CIRT