News Digest: All Important Cybersecurity Events in August
The world does not stand still. This applies both to the offline and online world. Every month, our team treats you to a selection of the most important news for the past month.
In this article, you will learn the most important news from the world of cybersecurity that occurred in August.
You can read the previous digest here.
August news digest
#1 Hackers use photos of space to spread viruses
Researchers from Securonix, a company specializing in information security issues, spoke about a new strategy used to distribute malicious software.
Computer infection begins with a phishing email containing an attachment in Microsoft Office format. The document metadata contains an external link. When the document is opened, the malicious template file is downloaded and saved in the system, initiating the first stage of executing the attack code.
After execution, the script loads an image of the SMACS 0723 cluster — the first full-color image taken by the James Webb Telescope and presented by NASA in July this year. Hackers embedded malicious Base64 code disguised as an included certificate into the image code.
The generated file is a 64-bit Windows executable file about 1.7 megabytes in size, which uses several obfuscation methods to hide from antivirus software and complicate analysis. According to the company, at the time of publication of the message, none of the known antiviruses could find this file.
The virus attack is probably based on the popularity of the new space telescope and the desire of users to share a new image.
Learn more about viruses here.
#2 LastPass password manager hacked
The popular password manager LastPass has been subjected to a hacker attack. This was announced on the official website of the company by its CEO Karim Tumba.
The head of LastPass said that two weeks ago the company noticed unusual activity in the password manager. According to him, during the investigation it turned out that the program was hacked by attackers who stole confidential technical information and source code.
At the same time, Tumba clarified that hackers did not gain access to passwords and other user information. “Our investigation has not revealed any evidence of any unauthorized access to customer data,” he said and added that the investigation into all the circumstances of the hacking is ongoing.
Earlier it was reported that hackers have learned to steal usernames and passwords of users through cookies. To protect against intruders, experts advised regularly deleting these files.
Read how to choose the most secure password here.
#3 The free Airplane Accelerates VPN turned out to be fraudulent
The free VPN service Airplane Accelerates has caused the leakage of personal information of users from China. The 626 GB database was discovered by Cybernews researcher Aras Nazarovas in June of this year — it contained more than 5.7 billion records. The database turned out to contain user IDs, IP addresses, domain names, and timestamps.
As Aras Nazarova stressed, such a leak raises serious concerns, since it can be used for deanonymization and tracking. If we analyze the operation of the VPN service on Android, it turns out that it is also capable of working as spyware and allows you to execute code remotely.
The researcher also reported that Airplane Accelerates requested numerous permissions to access the user’s device, ranging from the camera and audio recording to reading and changing contacts, connecting external storage and installing packages.
During the investigation, it became known that the office of the VPN service developer company is located in Australia, where it is registered as AP Network PTY Ltd.
The list of VPNs with free trial periods is here.
#4 Almost 7 million people have become victims of malicious browser extensions
This year, almost 7 million users have downloaded malicious browser extensions. During the installation of extensions, they had no idea that they were becoming victims of cybercriminals.
According to a report by an international company that works in the field of information security, the advertising software was designed to promote companies, not to improve user convenience.
They not only display information but also collected data to analyze user interests. This made it possible to produce banners of genuine interest to potential victims. They clicked on the advertisement. Thanks to this scheme, the software developers received more revenue than legitimate advertising.
The most popular advertising software was WebSearch, AddScript, and DealPly. Kaspersky Lab advises using extensions downloaded from official online stores. Before choosing a browser extension, you can read the comments of those who have already used it and managed to study the advantages and disadvantages of the system.
It is also important to find out what permissions the extension requests. This will minimize the risks of downloading malware.
#5 Viruses began to spread through memes
Experts of Cyble Research Labs have recorded an increase in the number of viruses known as stegomalware — viruses that are embedded in text messages or media content through steganography.
The attacker generates a JPG+EXE file that mimics a regular image. However, when it is opened, executable code is launched that attacks one of the vulnerabilities of the computer.
Over the past 90 days, more than 1,800 malware samples have been recorded. Viruses spread, among other things, through graphic memes, as well as other images.
#6 The Zoom installer compromises the security of macOS computers
A rather dangerous vulnerability has been discovered in the Zoom installer on macOS — the client runs update installers with superuser rights. Patrick Ward, a security specialist, spoke about the possible mechanism of the attack.
According to him, the Zoom installer can be used for a privilege escalation attack. First, the computer is infected with “simple” malware aimed specifically at working with the Zoom installer — for example, as a result of phishing. Then the Zoom installer runs this software with superuser rights. And the attacker gets full control of the computer.
On August 16, Zoom released update 5.11.5, which aims to eliminate this vulnerability.
#7 Facebook and Instagram monitor the actions of users on other sites
Felix Krause, a cybersecurity researcher and former Google engineer, analyzed Facebook and Instagram and found out that they are able to monitor the actions of users on other sites.
Facebook and Instagram servers use this JS code to transmit information about buttons being pressed and links being opened, highlighted text, screenshots being taken, as well as data transmitted through forms — including usernames, passwords, addresses, and so on.
Read more about Facebook insecurity here.