Security News > 2021 > February

Newfield said that it's easy to zoom in on items in the background of a Zoom window, such as bills or phone numbers hanging on a refrigerator or bulletin board. TechRepublic submitted three screenshots of a reporter's working environment at home and Newfield said he didn't see any security risks when he blew up the images.

Researchers have identified new versions of the Agent Tesla remote access trojan that target the Windows anti-malware interface used by security vendors to protect PCs from attacks. The newly discovered variants have also adopted new obfuscation capabilities, raising the stakes for businesses to fend off the ever-evolving Agent Tesla malware.

Cases of identity theft in the United States doubled in 2020, mainly due to cybercriminals taking advantage of people affected economically by COVID-19 who filed to receive government benefits. This is according to the Federal Trade Commission, which received about 1.4 million reports of identity theft last year, according to a blog post published Monday, when the commission kicked off its annual "Identity Theft Awareness Week.".

ESET has named this piece of malware Kobalos due to its small size and its many tricks - Kobalos is a mischievous creature from Greek mythology. The first known victim of Kobalos was spotted in late 2019 and ESET said the group operating the malware had remained active throughout 2020.

The Office of the Washington State Auditor has disclosed a cybersecurity incident in which the personal information of more than 1 million individuals might have been stolen. In its breach notification this week, SAO revealed that some of the files that were compromised in the incident contained "Personal information of Washington state residents who filed unemployment insurance claims in 2020.".

ESET researchers discovered Kobalos, a malware that has been attacking supercomputers - high performance computer clusters - as well as other targets such as a large Asian ISP, a North American endpoint security vendor, and several privately held servers. "Perhaps unrelated to the events involving Kobalos, there were multiple security incidents involving HPC clusters in the past year. Some of them hit the press and details were made public in an advisory from the European Grid Infrastructure CSIRT about cases where cryptocurrency miners were deployed. The EGI CSIRT advisory shows compromised servers in Poland, Canada and China were used in these attacks. Press articles also mention Archer, a breached UK-based supercomputer where SSH credentials were stolen, but does not contain details about which malware was used, if any," ESET researchers noted.

SonicWall has confirmed that the actively exploited zero-day vulnerability spotted by the NCC Group on Sunday affects its Secure Mobile Access 100 series appliances. On Friday, they shared that they received and analyzed several reports from their customers of potentially compromised SMA 100 series devices, but that they have only observed the use of previously stolen credentials to log into the SMA devices.

Security researchers at cybersecurity company ESET discovered the malware and named it Kobalos, after the misbehaving creature in Greek mythology. "On compromised machines whose system administrators were able to investigate further, we discovered that an SSH credential stealer was present in the form of a trojanized OpenSSH client. The /usr/bin/sshfile was replaced with a modified executable that recorded username, password and target hostname, and wrote them to an encrypted file" - ESET. The researchers believe that credential theft could explain how the malware spreads to other systems on the same network or other networks in the academic sector since students and researchers from multiple universities may have SSH access to supercomputer clusters.

SonicWall on Monday confirmed that its Secure Mobile Access 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks. SonicWall told SecurityWeek that a few thousand devices are exposed to attacks due to the zero-day vulnerability.

Apple this week released security updates to address multiple vulnerabilities in macOS and Safari, including a flaw that can be exploited for the recently disclosed NAT Slipstreaming 2.0 attack. Devised by Ben Seri and Gregory Vishnipolsky of IoT security company Armis, together with researcher Samy Kamkar, the attack is a variant of the NAT Slipstreaming attack that was detailed in October 2020, and which could be leveraged to target local network services.