Security News > 2020 > December

The DeathStalker advanced persistent threat group has a hot new weapon: A highly stealthy backdoor that researchers have dubbed PowerPepper, used to spy on targeted systems. PowerPepper was cultivated to execute remote shell commands sent by DeathStalker operators, which are aimed at stealing sensitive business information.

Myriad factors beyond price enter into the equation when it comes to selecting decompiling tools. Shifting malware trends are now demanding more from cybersecurity professionals and the tools they rely on.

The attack targeted organizations associated with a public-private global health partnership, called Gavi, the Vaccine Alliance, which is aiming to leverage such cold-chain companies in order to safely transport the COVID-19 vaccine to underdeveloped regions. "However, the established role that Haier Biomedical currently plays in vaccine transport, and their likely role in COVID-19 vaccine distribution, increases the probability the intended targets may engage with the inbound emails without questioning the sender's authenticity."

Smartphones, tablets, collaboration apps and other modern framework tools are critical to maintaining productivity remotely, but they also demand an integrated security strategy purpose-built for mobile devices. At the same time, mobile phishing attacks against consumer and enterprise users spiked across all geographies and industries.

Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain. The targets? Select executives in sales, procurement, information technology and finance positions at organizations around the world associated with Gavi, The Vaccine Alliance's Cold Chain Equipment Optimization Platform program.

Infosec bods from Check Point have discovered that popular apps are still running outdated versions of Google's Play Core library for Android - versions that contained a remote file inclusion vulnerability. They found that the Play Core Library, an in-app update and streamlining feature offered to Android devs, could be abused to "Add executable modules to any apps using the library".

Newly discovered web skimming malware is capable of hiding in plain sight to inject payment card skimmer scripts into compromised online stores. The malware's creators use malicious payloads concealed as social media buttons that mimic high profile platforms such as Facebook, Twitter, and Instagram.

TrickBot has been updated with functionality that allows it to scan the UEFI/BIOS firmware of the targeted system for vulnerabilities, security researchers have discovered. As Eclypsium points out, firmware-level malware has a strategic importance: attackers can make sure their code runs first and is difficult to detect, and can remain hidden for very long periods of time, until the system's firmware or hard drive are replaced.

In the modern twist on old-fashioned war games, the U.S. military dispatched cyber fighters to Estonia this fall to help the small Baltic nation search out and block potential cyber threats from Russia. The U.S. Cyber Command operation occurred in Estonia from late September to early November, officials from both countries disclosed this week, just as the U.S. was working to safeguard its election systems from foreign interference and to keep coronavirus research from the prying reach of hackers in countries including Russia and China.

On Thursday, the gang claimed that it stole 2 million credit cards from South Korean retailer E-Land over a one-year period, in a campaign that culminated with a ransomware attack on the company's headquarters in November. Operators of Clop ransomware reportedly said that they were responsible for the November attack that forced E-Land - a subsidiary of E-Land Global - to shut down 23 of its New Core and NC Department Store locations.