Hacken Token
$ -- --.--

Weekly News Digest #29

WhatsApp sessions hijacked: new wormable Android malware in the Google Play Store 

The application available in the Google Play Store compromises users’ data by offering free Netflix Subscriptions. The malicious application dubbed “Flix Online” was discovered by Check Point Research (CPR) on Wednesday. The app positioned itself as a legitimate Netflix application and actively targeted one of the most popular messaging applications WhatsApp. 

The popularity of streaming services has skyrocketed since the outbreak of the coronavirus pandemic as shops, trade centres, cinemas, restaurants, and other entertainment facilities are closed and people are forced to spend most of their free time at home. The number of Netflix subscribers has crossed the 200 million mark and is likely to demonstrate further increase. That is why malware operators have dramatically intensified their activities. 

The malicious “Flix Online” offered two months premium Netflix subscription for free and, generally, promised “unlimited entertainment”. When users download the app, it gets access to their conversations in WhatsApp and provides auto-responds with malicious content to incoming messages.

Read more

Facebook data breach: check whether you are affected 

Data of 553 million users of Facebook has appeared online due to the incident that, according to the company, was caused by scraping rather than a cyberattack. 

The information including names, dates of birth, Facebook IDs, relationship status, gender, location, and other data were leaked and made available online upon being broken up by county. 

On Tuesday, Facebook published a blog post stating that scraping was to blame. The publicly available data from internet resources were lifted by automated software. The mass data collection took place 2 years ago.  

Prior to September 2019, the functionality issue related to giant’s contact importer enabled individuals to “upload many phone numbers to see which ones matched the users of Facebook, query the profiles of users as well as obtain limited data about those users that could be found in their public profiles,” according to the statement made by Facebook.

Read more

Fortinet FortiOS vulnerabilities are actively exploited

The US agencies FBI and CISA have warned that Fortinet FortiOS vulnerabilities are being exploited by advanced persistent threat (APT) groups for compromising government systems as well as systems owned by commercial entities.  

The joint alert was issued by the agencies last week stating that cybercriminals were actively scanning for non-patched systems to exploit three critical vulnerabilities including CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

Fortinet FortiOS is a solution developed to strengthen the security of an enterprise covering cloud deployments and endpoints as well as centralized networks. 

Although the patches for the vulnerabilities in question have been already issued, not all IT administrators have applied them, thereby, leaving their Fortinet FortiOS open to compromise. 

Read more

Singapore job-matching service affected by the third-party breach 

The security breach targeting the job-matching organization’s third-party vendor resulted in the compromise of personal information belonging to 30,000 individuals in Singapore. 

The Employment and Employability Institute notified of the incident the Personal Data Protection Commission (PDPC), police, and Cyber Security Agency’s Singapore Computer Emergency Response Team on March 12.

The job-matching platform brings together workers and employers and provides such services as skills training, job-matching, and career guidance. The Institute was established under the governance of the National Trades Union Congress (NTUC) that is the only Singaporean trade union confederation encompassing 5 associations and 59 unions. The core committee of the Congress includes Hoh Poh Koon and Heng Chee How, the members of the national Parliament.

Read more

CISCO SOHO Routers Affected by Zero-Day bug 

Three of Cisco Systems’ SOHO router models are claimed to have critical vulnerability rated 9.8 out of 10 according to the bug severity scale. The bug in question could enable targeted equipment hijacking by unauthenticated remote users and give them elevated privileges in the affected systems. Cisco Systems said that it would not fix the bug.   

According to the information provided by Cisco, RV130W VPN firewall device and RV110W, RV130, and RV215W router models have already reached “end of life” and, thus, patches are not required. Cisco has neither released any software updates nor added a workaround to address the bug in question.  

To exploit this vulnerability a hacker needs to send crafted HTTP requests to targeted devices. The exploitation of this vulnerability could result in arbitrary code execution.  

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.