New Bitcoin scam impersonates the Queen’s private office in Buckingham Palace to trick users
A new bitcoin fraud scam has been found tricking users to make donations to help the UK fund its Brexit process. The scam is carried out using phishing emails that appear to come from the Queen’s private office in Buckingham Palace. The email asks the recipients to make a donation in Bitcoins with a promise of 30% interest for a three-month loan. To make it look less suspicious, the email also promises to offer membership of the Royal Warrant Holders Association that supports businesses and individuals that supply goods or services to the palace for at least five years. The email includes a deadline in order to create a sense of urgency among the recipients. In addition, the recipients are also asked to keep its contents secret to avoid it going viral, Forbes reported. Scammers are increasingly using social engineering techniques and real-time -based sensitive situations to garner sympathy as well as sensitive details from users. In most cases, such scams result in individuals parting away with a huge amount of money.
New attack dubbed ‘PDFex’ can exfiltrate data from encrypted PDF files
Researchers have detailed a new attack that can exfiltrate data from encrypted Portable Document Format (PDF) files. Dubbed ‘PDFex’, the attack comes in two technique variants. The researchers tested the PDFex attack techniques against 27 widely used PDF viewers including Adobe Acrobat, Foxit Reader, Evince, Nitro, and Chrome and Firefox's built-in PDF viewers, and found all of them to be vulnerable. An attacker can manipulate an encrypted PDF file, even without knowing the corresponding password. PDF encryption uses the Cipher Block Chaining (CBC) encryption mode with no integrity checks, this allows anyone to create self-exfiltrating ciphertext parts using CBC malleability gadgets. Most of the data formats allow us to encrypt only parts of the content. This encryption flexibility allows an attacker to include their own content, which can lead to exfiltration channels. “More precisely, the PDF specification allows the mixing of ciphertexts with plaintexts. In combination with further PDF features which allow the loading of external resources via HTTP, the attacker can run direct exfiltration attacks once a victim opens the file,” researchers described in a blog. The two variants of PDFex attack include Direct Exfiltration and CBC Gadgets.
Threat actors abuse Google domains appspot.com and web.app in latest phishing attacks
New malware dubbed Nodersok discovered by researchers
Researchers disclose new SIM card attack dubbed ‘WIBattack’
Researchers from Ginno Security Labs have detailed a new SIM card attack which is similar to the Simjacker attack. Dubbed WIBattack, this attack vector allows attackers to track users' devices by exploiting the Wireless Internet Browser (WIB) apps that are running on SIM cards. In order to exploit WIB apps, attackers need to send a specially formatted binary SMS (called an OTA SMS) that will execute STK (SIM Toolkit) instructions on SIM cards. Attackers send malicious OTA SMS that contains WIB commands to the victim's phone number. Once the victim receives the OTA SMS it forwards the command to the WIB app in the victim’s Simcard. WIB responds to the command and sends PROACTIVE COMMAND to victim mobile phones, such as initiating a call, send SMS, and other info. Following this, an attacker can track the victim's location, send SMS to any number, or call to any number and eavesdrop conversations. Ginno Security Lab researchers noted that an estimated number of hundreds of millions of devices are running SIM cards with a WIB app. In order to uncover the vulnerabilities in the WIB app, researchers recommend testing SIM cards with the SIMtester app. Furthermore, the researchers are in the process of developing a SIM scanning device that runs on android devices.
Edited and compiled by cyber security specialist James Aguilan.