Silver Sparrow malware found on 30,000 Macs has security pros stumped
SolarWinds hackers stole source code for Microsoft Azure, Exchange, Intune
Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there’s no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. It said cases involved downloading component source code related to small subsets of Azure, Intune and Exchange components, and that the entire attack is a “moment of reckoning,” furthering the need to proactively embrace a zero-trust mentality.
New hack lets attackers bypass MasterCard PIN by using it as Visa card
Research published by academics from ETH Zurich, building on an earlier PIN bypass attack study, shows how to leverage a victim’s stolen or lost Visa EMV-enabled credit card without knowledge of the PIN, and even fool the terminal into accepting inauthentic offline card transactions. The attack, dubbed “card brand mixup,” takes advantage of the fact a contactless point of sale terminal’s does not properly authenticate a card’s application ID to the payment terminal, making it possible to deceive the terminal and simultaneously performs a Visa and Mastercard transaction with the one card.” In response, Mastercard has already rolled out countermeasures.
Sequoia Capital, one of Silicon Valley’s most notable VC firms, told investors it was hacked
Sequoia Capital told its investors on Friday that some personal and financial information may have been accessed by a third party after one of its employees fell victim to a successful phishing attack, although it has not yet seen any evidence of compromised information being traded or exploited on the dark web. The company did not provide a date for the attack, describing it only as “recent.” Sequoia Capital has more than $38 billion in assets under management, and in the past has invested in Airbnb, DoorDash, 23andMe, FireEye, and Carbon Black. It does not appear that the hack was connected to Solarwinds.
Thanks to our episode sponsor, PlexTrac
White hat hacker earned $5,000 reporting a stored XSS flaw in iCloud.com
The vulnerability resides in the Pages and Keynote applications hosted on iCloud. To exploit the issue, the hacker, Vishal Bharad, created a new document and presentation and entered an XSS payload into its name field, then shared a link to it to a targeted user. The attack was completed by tricking the targeted user into accessing the “Browse All Versions” feature from the “Settings” menu.
Google Alerts being used to push fake Adobe Flash updater
Threat actors are creating fake stories with titles containing popular keywords that Google Search then indexes. Once indexed, Google Alerts notifies people who are following those keywords through its Alert service. When visiting the fake stories using a Google redirect link, the visitor will be redirected to the threat actor’s malicious site. This past weekend, Bleeping Computer observed these fake news stories redirecting to a new campaign that states that a user’s Flash Player is outdated and provides a link to install an updater, which in fact downloads malware called “One Updater.”
Malformed URL prefix phishing attacks spike 6,000%
Researchers from GreatHorn report the attacks incorporate a reversed slash line, changing a URL prefix from https:// to https:/\ which is a feature that often goes ignored by humans and email scanning programs alike. The researchers reported they first noticed this new tactic last October, and said that it has been quickly gaining momentum ever since — with attacks between January and early February spiking by 5,933 percent.
Tracker pixels in emails are now an ‘endemic’ privacy concern
An analysis performed by the email service Hey discovered that two-thirds of emails sent to its users’ private email accounts contained a “spy pixel.” Also known as tracking pixels or web beacons, these are invisible image files as small as a single pixel that are inserted in the content body of an email. When an email is opened, the tracking pixel contacts a marketer’s server, and may also record the number of times an email is opened, the IP address linked to a user’s location, and device usage. Although this is not a new tactic, it is quickly growing. It is possible to prevent tracking pixels from triggering by disallowing automatic image uploads in your web browser, or by downloading email and browser add-ons to block trackers.