Latest News

2020/09/15

New Linux Malware Steals Call Details from VoIP Softswitch Systems

Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata.
"The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records (CDR)," ESET researchers said in a Thursday analysis.
"To steal this metadata, the malware queries internal MySQL databases used by the softswitch. Thus, attackers demonstrate a good understanding of the internal architecture of the targeted platform."
Softswitches (short for software switches) are generally VoIP servers that allow for telecommunication networks to provide management of voice, fax, data and video traffic, and call routing.
ESET's research uncovered that CDRThief targeted a specific Linux VoIP platform, namely the VOS2009 and 3000 softswitches from Chinese company Linknat, and had its malicious functionality encrypted to evade static analysis.
2020/09/15

E-Commerce Sites Hit With New Attack on Magento

Thousands of e-commerce sites running software past end-of-life were hit by an automated attack that began on Friday, peaking on Saturday. According to researchers at Sansec, more than 2,000 websites running Magento Version 1 software were subject to a classic Magecart attack that injected malicious code to steal payment details during transactions.

According to the attack analysis, most of the victims previously had not been successfully attacked. This suggested to the analysts that a novel infection mechanism was used, one possibly related to a zero-day attack recently offered for sale on Dark Web markets
2020/09/11

Cyber-Risks Explode With Move to Telehealth Services

The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.
The mass adoption of telehealth applications and services in the months since the COVID-19 outbreak began has introduced new cyber-risks within the healthcare industry.

New research by SecurityScorecard and Dark Owl found that the rapid onboarding of technologies for enabling the delivery of health services online has significantly broadened the attack surface at many healthcare organizations, putting both patient and provider data at risk.
2020/09/11

United Airlines’ website bug exposed traveler ticket data

A bug in United Airlines’ website let anyone access the ticket information for travelers who requested a refund.

The airline’s website lets users check their refund status by entering their ticket number and last name. But the website wasn’t validating the last name, making it possible to access other travelers’ refund information by changing the ticket number.

IT security expert Oliver Linow, who found the bug, told TechCrunch that he could see traveler surnames, the payment type and currency used to buy the ticket, and the refund amount.

United, like most other airlines, lets passengers access and modify their upcoming flights using only a passenger’s ticket number and last name.
2020/09/02

Pioneer Kitten APT Sells Corporate Network Access

An APT group known as Pioneer Kitten, linked to Iran, has been spotted selling corporate-network credentials on hacker forums. The credentials would let other cybercriminal groups and APTs perform cyberespionage and other nefarious cyber-activity.

Pioneer Kitten is a hacker group that specializes in infiltrating corporate networks using open-source tools to compromise remote external services. Researchers observed an actor associated with the group advertising access to compromised networks on an underground forum in July, according to a blog post Monday from Alex Orleans, a senior intelligence analyst at CrowdStrike Intelligence.