Mobile Sensor Becomes the New Evasion Technique for Phishing Attack

Security experts have detected that attackers are leveraging a new and unique evasion technique to launch phishing attacks. This new technique abuses the sensors that have been built into smartphones for more than a decade. The attack starts with a text message that appears to come from a high-profile target from a financial organization. The message uses a typical social engineering technique to gets the victims to click on a URL that claims to have important notice. A visitor visiting the URL is presented with a blank page. However, on a subsequent attempt to view the page results in receiving 404 responses from the server. This indicates that attackers are leveraging multiple layers of countermeasures to remain undetected. Researchers note that “With the code partially deobfuscated, we began investigating each element. This led to the discovery that the threat actor was attempting to guarantee the victim is using a mobile device by using calls to the gyroscope and accelerometer.”​

 

ICO Imposes Fine on Dixons Carphone for Data Breach That Affected 14 Million People

Britain’s Information Commissioner’s Office (ICO) said in a statement that its investigation had found that an attacker had installed malware on 5,390 cash registers at Dixons Travel stores and DSG’s Currys PC World between July 2017 and April 2018. This had enabled the attacker to steal personal data of nearly 14 million customers and gain unauthorized access to 5.6 million payment card details. The compromised information included names, postcodes, email addresses, and failed credit checks. DSG Limited has been found to have breached the 1998 Data Protection Act. It has failed to take adequate steps to protect personal data due to poor security arrangements.

 

Widely Known Flaws in Pulse Secure VPN and Android Phones Exploited in the Wild to Launch Attacks

UK-based security researcher Kevin Beaumont, who claims REvil to be ‘big game ransomware’ has described that at least two organizations have been compromised by exploiting the Pulse Secure VPN flaw. The flaw has been adopted by cybercriminals to push ransomware. Among those believed to be affected in the ongoing campaign is the travel insurance and currency exchange provider Travelex. The attack involved the use of REvil ransomware. This forced the company to take all of its systems offline and resort to manual operations at branches nationwide. The flaw tracked as CVE-2019-1150, has been rated ‘Highly’ critical. This arbitrary read file vulnerability affects multiple versions of Pulse Connect Secure and Pulse Policy Secure. It gives remote attackers a way to connect via HTTPS to an enterprise network without the requirement of any valid username or password. Attackers can use the flaw to view logs and files, turn-off multifactor authentication, download arbitrary files and execute malicious code on enterprise networks. Pulse Secure has released a security update to address the issue in April 2019 and users are urged to apply the patches immediately to mitigate such attacks.

 

Hackers from North Korea have developed a way to steal bitcoin through the messaging app Telegram

Cyber security specialists from Moscow-based Kaspersky Labs said the notorious Lazarus Group, a hacking collective with links to North Korea, has come up with "enhanced capabilities" in order to target individuals and organisations around the world. The cyber-theft campaign, referred to as Operation AppleJeus, has been ongoing since at least 2018 and has so far claimed victims in the UK, China, Poland and Russia. The hackers lure in victims by setting up fake cryptocurrency websites, as well as fake trading groups on the Telegram app. Telegram did not respond to a request for comment. Malicious links on the sites and groups then infect the target’s device and give attackers access to user data. The United Nation report from 2019 estimated that North Korea has earned up to $2 billion in cryptocurrency by hacking online exchanges and organisations.​

 

JackHammer, the new version of Rowhammer, uses FPGA-CPU combo to attack PC memory

Researchers have detailed a new version of Rowhammer which uses a combo of a hybrid FPGA and CPU setup to launch more efficient attacks on various forms of PC memory. Rowhammer attacks were first detailed in 2014. The attack exploits a design flaw in DRAM in order to allow attackers to obtain higher kernel privileges on targeted systems. The attack affects the DRAM modules that were manufactured in 2010 and later. The impact of such attacks can allow attackers to steal data from attacked systems, instead of just altering it. JackHammer is a new addition to the list of Rowhammer attack variants. The attack allows a malicious party to abuse FPGA cards to launch better and faster Rowhammer attacks.

 

Edited and compiled by cyber security specialist James Aguilan.