TOP-3 cybersecurity events of the week according to Jet CSIRT
Today in the TOP 3 news from Jet CSIRT - hacking of the Apple contractor, the ToxicEye Trojan and new 1-Click vulnerabilities in Telegram, OpenOffice and other software. The top three news were collected by Andrey Maslov, Jet CSIRT analyst at Jet Infosystems. Read more under the cut.
Operators of REvil claimed that they had managed to hack into Apple's contractor, the Taiwanese company Quanta Computer. Quanta Computer is one of the few companies that assembles Apple products based on schematics and designs provided to them. These schemes and designs were hacked into the possession of cybercriminals.
Operators REvil published a message on their website demanding that they pay $ 50 million for the stolen data by April 27. Otherwise, the criminals threaten to release dozens of stolen schemes and blueprints into the public domain. At the moment, the cybercriminals' website has published 21 screenshots with MacBook drawings. The criminals promise to publish new data every day until the ransom is paid.
Check Point researchers said that cybercriminals are increasingly using Telegram as a ready-made C&C system in their attacks. In particular, the messenger is used in conjunction with a new type of Trojan RAT ToxicEye.
First, cybercriminals create an account and a special bot in the messenger, associate it with a Trojan, which, in turn, is distributed via spam mailing. When a victim opens a malicious email attachment, the Trojan unfolds on the host, launching a series of exploits.
Once installed on the victim's computer, ToxicEye connects it to the attacker's C&C. As a result, criminals have the ability to control the infected computer using commands transmitted via Telegram.
Positive Security cybersecurity researchers have found vulnerabilities in Telegram, Nextcloud, VLC, Libre- / OpenOffice, Bitcoin / Dogecoin Wallets, and Wireshark. These vulnerabilities are related to the behavior of operating systems when processing URLs.
Experts have identified two main vectors for exploiting vulnerabilities. The first is when applications open a URL that points to a malicious executable file (.desktop, .jar, .exe, etc.) located on a file resource accessible via the Internet (nfs, webdav, smb, etc.). The second is for a vulnerability in the URL handler of an open application.