China’s covert group of online espionage professionals APT41 are not shy about their “achievements“. The group has conducted state-backed activities, at least 2012. Like many hackers and scammers, they saw an opportunity in the recent COVID-19 outbreak. In a recent “crusade” started in January, the group targeted more than 75 customers of security firm FireEye alone, by manipulating the flaws disclosed in Cisco and Citrix. Then, they used the flaws to target companies in the US, Canada, Britain, and over a dozen more countries.
Also read: A guide to avoid online scams in worst times
A Windows Bug
Every version of Windows has a security flaw that hackers discover and exploit before the company could get the air of it. In this case, the company acknowledged that it’s been targeted exclusively. The fix is on its way but will not be available before the mid of next month. The vulnerability relates to how the Windows Adobe Type Manager Library handles a specially crafted font. And a successful hacker can use it to achieve remote code execution.
Security researchers disclosed this week that they had found cases when hackers get a target to pop a BadUSB, laced with malware, that gives them a backdoor to enter and exit systems without getting caught. The FIN7 hacking group has confirmed the notion. It’s not confirmed how many people have done it yet.
Malware targets News-Hungry iOS users
According to researchers at Trend Micro, a hacking campaign called “Operation Poisoned News”, which specifically targets iOS users in Hong Kong. Links were posted to a news discussion forum that would take users to a hidden iframe that would send code to compromise the victim’s iPhones. Although, a recent Safari update patches the flaw that was exploited by the hackers.