Table of Contents

  1. Vulnerabilities
    1. Firefox gets patch for critical zeroday that’s being actively exploited
  2. Malware
    1. Drake Lyrics Used as Calling Card in Malware Attack
    2. Attackers Are Scanning for Vulnerable Citrix Servers, Secure Now
    3. TrickBot Adds Custom, Stealthy Backdoor to its Arsenal
  3. Crime
    1. The city of Las Vegas announced it has suffered a cyber attack
    2. Cryptojacking Drops by 78% in Southeast Asia After INTERPOL Action
    3. Man Sentenced in ATM Skimming Conspiracy
    4. Fake Apple bill for App Store purchase in circulation
    5. DKB customers cannot access their accounts
    6. That (not so) awesome time the police raided my home
  4. Hardening
    1. API Security Best Practices

Vulnerabilities

Firefox gets patch for critical zeroday that’s being actively exploited

Mozilla has released a new version of Firefox that fixes an actively exploited zeroday that could allow attackers to take control of users' computers. In an advisory, Mozilla rated the vulnerability critical and said it was "aware of targeted attacks in the wild abusing this flaw." Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert saying that "an attacker could exploit this vulnerability to take control of an affected system," and advising users to review the Mozilla Security Advisory and apply the security update.

Malware

Drake Lyrics Used as Calling Card in Malware Attack

A hacker with the handle “Master X” leverages a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” and ultimately delivers a malicious payload to its victims. The campaign is email based; with missives containing a malicious PowerPoint attachment that ultimately downloads either the Lokibot info stealer or Azorult remote access trojan.

Attackers Are Scanning for Vulnerable Citrix Servers, Secure Now

Security researchers have observed ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers vulnerable to attacks exploiting CVE-2019-19781 during the last week. This vulnerability impacts multiple Citrix products and it could potentially expose the networks of over 80,000 firms to hacking attacks according to a Positive Technologies report from December.

TrickBot Adds Custom, Stealthy Backdoor to its Arsenal

The PowerTrick backdoor, which fetched yet other backdoors, is designed to help TrickBot evade detection. The Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets. According to research from SentinelLabs, released on Thursday, PowerTrick is designed to execute commands and return the results in Base64 format. It’s deployed as a module after the initial TrickBot infection has already taken hold on a victim computer.

Crime

The city of Las Vegas announced it has suffered a cyber attack

The city of Las Vegas announced it has suffered a cyber attack that breached its computer systems, it is unclear whether any sensitive data was exposed. Las Vegas officials say a cyber attack breached the city’s computer systems, the attack took place on Tuesday, but it wasn’t immediately clear if any sensitive data was exposed. City spokesman David Riggleman told the Las Vegas Review-Journal that City officials were informed of the breach around 4:30 a.m. and the IT department quickly launched the incident response procedures.

Cryptojacking Drops by 78% in Southeast Asia After INTERPOL Action

The number of routers infected with coin miners dropped by 78% in countries of the ASEAN (Association of Southeast Asian Nations) region following a five-month-long operation coordinated by the INTERPOL. Cryptojacking is the process through which a malicious actor infects victims' devices with coin miners designed to take advantage of computing resources to surreptitiously mine for cryptocurrency.

Man Sentenced in ATM Skimming Conspiracy

A Romanian national has been sentenced to 5 years in prison after racking up almost $400,000 in an ATM skimming scheme. A New York state man has been sentenced to five years for an elaborate ATM skimming conspiracy that allowed him to steal at least $390,141 from victims.

Fake Apple bill for App Store purchase in circulation

Polizei Niedersachsen issued an alert informing the users about an attack where the perpetrators claiming to be Apple are asking the users to upload a selfie with the credit card from both sides to confirm their identity.

DKB customers cannot access their accounts

Due to a malfunction at the DKB online bank, customers are sometimes unable to access their account. The reason for the disruption is a cyber attack on the server service provider of the bank, as the DKB reports on Twitter. DKB immediately took countermeasures and strengthened the security precautions. They work closely with the responsible authorities, and there are no signs of a data leaks.

That (not so) awesome time the police raided my home

A security researcher from Germany got in trouble and the police raided his home after he clicked on a link to a website of a political party during the time it was attacked by a script kiddie. His IP address was found in the logs at the same time during the attack and police assumed he was the attacker and had forget to use the VPN for some requests and leaked his real IP.

Hardening

API Security Best Practices

Expedited Security has release a megaguide with recommendations on how to build secure APIs.