Security News > 2020

Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies. Once executed, the malware kills the auto-suggest data entry fields in browsers, forcing victims to write out their passwords - which it then tracks via a keylogger.

The financial services sector in the U.S. found itself under a barrage of cyberattacks last month, all bent on delivering a powerful backdoor called Minebridge. The term refers to "The manipulation of Office documents where the source code of a macro is made to mismatch the pseudo-code of the document," according to FireEye.

Apparently the app was deployed through mobile testing platforms, not the App Store or the Play Store. SEE: Iowa caucus app fiasco: How it happened and lessons learned.

The study does not say whether the phishing emails that targeted Kasraie and others were successful in compromising their passwords and other credentials, and a spokesperson for Certfa says that the campaign has not been successful, although not all victims may have come forward yet. One of the tipoffs that these emails were phishing lures is that Fassihi recently moved to the New York Times and wouldn't be seeking interviews with subjects for the Journal, according to the report.

Cybereason's Nocturnus researchers have discovered an ongoing campaign that takes this approach to the next level - multiple malwares stored on BitBucket and downloaded as a form of layered malware able to maximize each successful compromise. Part of the success is down to the lengths the attackers go to ensure the malware isn't discovered and removed from BitBucket.

A vulnerability in the Realtek HD Audio Driver package could be abused to execute arbitrary payloads with elevated privileges on a vulnerable machine, SafeBreach Labs has discovered. Tracked as CVE-2019-19705, the vulnerability could be leveraged to evade defenses and achieve persistence by loading an arbitrary, unsigned DLL into a signed process.

Joker was the hottest film among cybercriminals with 304 malicious files named after Batman's arch-nemesis, says security firm Kaspersky. Looking at malware inspired by the Oscars, researchers at Kaspersky discovered more than 20 phishing websites and 925 malicious files that were presented as free movies.

New episode available now.

Cloud security company Netskope on Thursday announced that it has raised $340 million in a Series G funding round, valuing the firm at nearly $3 billion. "We'll use this investment to continue to execute on our plan to dominate the largest market in security and accelerate global security transformation by innovating our platform and network and product set, and advancing our efforts to make our sales, marketing and post-sale efforts industry best," Sanjay Beri, CEO and founder of Netskope, told SecurityWeek.

The immediate problem was caused by a gap in WhatsApp's Content Security Policy, a security layer used to protect against common types of attack, including XSS. Using modified JavaScript in a specially crafted message, an attacker could exploit this to feed victims phishing and malware links in weblink previews in ways that would be invisible to the victim. An underlying problem is that WhatsApp desktop uses older versions of Google's Chromium framework, written using the cross-platform Electron platform.