National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

North Korean hackers tracked as BeagleBoyz have been using malicious remote access tools as part of ongoing attacks to steal millions from international banks according to a joint advisory issued today by several U.S. Government agencies.

North Korean hackers tracked as the Lazarus Group have been observed while using LinkedIn lures in an ongoing spear-phishing campaign targeting the cryptocurrency vertical in the United States, the United Kingdom, Germany, Singapore, the Netherlands, Japan, and other countries.

Google addressed a use-after-free bug in the WebGL (Web Graphics Library) component of the Google Chrome web browser that could lead to arbitrary code execution in the context of the browser’s process following successful exploitation.

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.

Low-skilled hackers likely from Iran have joined the ransomware business targeting companies in Russia, India, China, and Japan. They are going after easy hits, using publicly available tools in their activity.

Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company’s Flaticon website.

The group has added a management console and a USB worming function to its main malware, Crimson RAT.

A hybrid DDoS botnet known for turning vulnerable Windows devices into Monero cryptomining bots is now also scanning for and infecting Linux systems.

Microsoft has issued an emergency out of band Windows security update designed to address privilege escalation bugs found to impact the Windows Remote Access service.

Emotet is a malware spread via email in the name of Finnish organisations. The objective of the malware attack is to steal information from organisations, infiltrate a targeted network and in some cases to launch a ransomware attack. The attack campaign has been active since August 17th 2020.

A sophisticated botnet campaign named FritzFrog has been discovered breaching SSH servers around the world, since at least January 2020. Written in Golang, FritzFrog is both a worm and a botnet that targets government, education, and finance sectors.

A vulnerability affecting components used in millions of critical connected devices in the automotive, energy, telecom, and medical sector could let hackers hijack the device or access the internal network.

The IcedID banking Trojan has recently been updated with additional evasion techniques, including a password-protected attachment, keyword obfuscation and Dynamic Link Library file that acts as a second-stage downloader, according to Juniper Threat Labs.

Citrix released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management (CEM), also known as XenMobile, a product made for enterprises to help companies manage and secure their employees’ mobile devices remotely.

Several security vulnerabilities found in Qualcomm’s Snapdragon chip Digital Signal Processor (DSP) chip could allow attackers to take control of almost 40% of all smartphones, spy on their users, and create un-removable malware capable of evading detection.

A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation.

The plugin also comes with support for chat transcripts and makes it easy to set up auto-replies and FAQs outside working hours to provide visitors with helpful information while the site owner can’t reply.

Twitter today said that the attackers behind this month’s hack were able to take control of high-profile accounts after stealing Twitter employees’ credentials as part of a phone spear phishing attack on July 15, 2020.