Hacken Token
$ -- --.--

Weekly Digest #14

The NSA Warns That Russia Is Attacking Remote Work Platforms

VMWare vulnerability has prompted a warning that companies and government agencies need to patch as soon as possible.

2020 was not an easy year, an unprecedented portion of the world’s office workers was forced to work from home as a result of the COVID-19 pandemic. This situation has created countless opportunities for hackers who are taking full advantage.

The National Security Agency said that Russian state-sponsored hacker groups had been actively attacking a vulnerability in enterprise remote-work platforms developed by VMware.

Organizations are struggling to adapt to remote work by offering employees secure remote access to corporate systems. But the change comes with different risks and has created new exposures versus traditional office networks.

Read more

Three million users installed 28 malicious Chrome or Edge extensions

More than three million internet users are believed to have installed 15 Chrome, and 13 Edge extensions that contain malicious code.

The 28 extensions contained code that could perform several malicious operations. What they do:

  • redirect user traffic to phishing sites
  • redirect user traffic to ads
  • collect browsing history
  • download further malware onto a user’s device
  • collect personal data

But despite the presence of code to power all the above malicious features, Avast researchers said they believe the primary objective of this campaign was to hijack user traffic for monetary gains.

Check if you have any of these extensions.

Read more

Most businesses are tracking customers yet don’t tell them

While most businesses claim to have well-defined consumer privacy policies that are strictly enforced, more than three out of five US and Canadian companies do not inform customers that they allow third-party service codes to be tracked on their websites.

Apple is cracking down on apps that track users without their permission. Still, new survey data shows this type of consumer data privacy abuse is also happening within the enterprise tech space.

The findings show how frequently unethical data collection tactics are used without consumer knowledge to capture information – especially in the B2B space.

It discovered that three in five (62%) of businesses do not inform customers about third-party ad trackers collecting their data. 

Read more

Partial Gmail outage resolved: Users reported a variety of problems Tuesday

I think many have noticed this week’s problems in the work of services from Google. They fixed multiple problems with its services, but less than a day later, IT administrators and users started seeing another rash of Gmail problems.

Google confessed, “We’re aware of a problem with Gmail affecting a significant subset of users. The affected users are able to access Gmail but are seeing error messages, high latency, and/or other unexpected behavior. We will provide an update by 12/15/20, 5:30 PM [Eastern US]detailing when we expect to resolve the problem. Please note that this resolution time is an estimate and may change.”

At 6:51 PM Eastern, Google reported the Gmail problem had been resolved.

Read more

The SolarWinds and US government breach is not a marketing opportunity

The size and scope of SolarWinds as an IT software provider and the nature of the breach announced on December 13 rocked the IT and security world — rightfully so. While security leaders guide their companies to respond, there’s some generalized advice for the vendor world about this. 

Throughout 2020, product security failures have happened month after month, but most focused on consumer-facing products and services. Enterprise B2B vendors didn’t get quite as much attention, but the scale balanced out with the SolarWinds breach. 

Companies competing with SolarWinds on providing critical infrastructure, monitoring, and security products and security vendors should focus on the following: 

  • Low product security efforts risk market share for B2B firms.
  • Vendors should NOT use the SolarWinds breach as a marketing opportunity.
  • Even a security-mature software supplier could have missed this
  • SolarWinds’ degree of transparency with its customer list might need to change

Read more

Sextortionist Campaign Targets iOS, Android Users with New Spyware

This week researchers discovered new spyware is targeting iOS and Android frequenters of adult mobile sites by posing as a secure messaging application in yet another twist on sextortionist scams.

The spyware, dubbed Goontact, targets users of escort-service sites and other sex-oriented services – particularly in Chinese-speaking countries, Korea and Japan.

The ploy and malware can ultimately be used to exfiltrate data from targets. Data siphoned from devices include phone numbers, contact lists, SMS messages, photos, and location information.

Read more

Microsoft Office 365 Credentials Under Attack By Fax ‘Alert’ Emails

Microsoft product last week was under attack. Legitimate emails from compromised accounts are being sent to numerous enterprise employees to steal their Office365 credentials.

The hackers behind the attack leveraged hundreds of compromised, legitimate email accounts to target organizations with emails, which pretended to document delivery notifications. 

The attack starts with a simple convincing email recipient that they received a document. The email impersonates businesses like eFax, which is an internet fax service making it easy to receive faxes via email or online.

Read more

Zero-day XML mutation flaws in Go programming language can lead to authentication bypass

A trio of unpatched XML round-trip mutation vulnerabilities in Go’s standard library could lead to SAML authentication bypass in downstream projects, security researchers have revealed.

The open-source programming language’s security team have found the critical vulnerabilities, which were traced to Go’s encoding/XML package, fiendishly difficult to resolve.

With Go’s blessing, researchers from messaging platform Mattermost coordinated public disclosure because the vulnerabilities’ root causes “cannot be reliably addressed”, and mitigations planned for an upcoming Go release risked making the flaws public anyway.

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.