Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

In Other News: WhatsApp Privacy Issue, Spying via Ambient Light Sensor, Bigpanzi Botnet

Noteworthy stories that might have slipped under the radar: WhatsApp privacy issue remains unpatched, spying via tablet ambient light sensors, and the Bigpanzi botnet. 

Cybersecurity News tidbits

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:   

Bigpanzi botnet infects tens of thousands of Android TVs and set-top boxes

Security researchers at Qianxin share a detailed analysis of Bigpanzi, a botnet that is believed to have infected tens of thousands of Android TVs and set-top boxes. The cybercrime ring behind the botnet has been active for at least eight years, engaging in all sorts of illegal activities, including DDoS attacks. 

Inferno Drainer multimillion-dollar scam-as-a-service detailed

Group-IB details Inferno Drainer, a defunct multichain crypto drainer that operated as a scam-as-a-service between November 2022 and November 2023. Impersonating over 100 brands, the threat actors used phishing to trick victims into connecting their crypto-wallets to attacker-controlled infrastructure, stealing at least $80 million in assets.

Advertisement. Scroll to continue reading.

NoName057(16) launched over 1,500 DDoS attacks against NATO-aligned nations

Since March 2022, pro-Russian threat actor NoName057(16) launched over 1,500 DDoS attacks against NATO-aligned nations, to counter anti-Russia hostility, Netscout reports. The group uses low-cost public cloud and web services, relies mainly on HTTP/HTTPS floods, and offers digital currency payments via the Project DDoSia service to individuals interested in conducting attacks.

New Pegasus spyware detection method revealed

Kaspersky has identified a new method of detecting infections with sophisticated iOS spyware families, including Pegasus, Reign, and Predator. Traces of Pegasus infections can be found in the Shutdown.log system log, in the sysdiagnose archive, which contains information on reboots. Analysis of the log revealed a common infection path in Pegasus infections, mirroring those seen in Reign and Predator infections.

Multiple macOS infostealers evading detection

SentinelOne details several macOS information stealer families capable of evading static signature detection, including KeySteal, Atomic Stealer, and CherryPie, which continue to evolve despite Apple’s efforts to update its XProtect signature database. 

Malicious campaign targets Docker hosts with miner, 9hits application

Vulnerable Docker services are under attack in a malicious campaign deploying a cryptocurrency miner and the 9hits viewer application. In the first documented case of the 9hits application being dropped as a payload, threat actors likely find their targets via Shodan and, following compromise, deploy the two containers on the host. The attackers abuse 9hits to visit specific sites and generate revenue. Because of the application’s design, it can be abused in illicit campaigns without the risk of the attacker’s account being compromised, Cado Security notes.

WhatsApp privacy issue

Researcher Tal Be’ery has identified a potential privacy issue in WhatsApp that involves the exposure of a user’s device setup information (including linked devices) to any other user, even if they are blocked or not in the contacts list. “Monitoring this information over time allows potential attackers to gather actionable intelligence about their victim’s devices setup and changes to it (device replaced/added/removed),” Be’ery said. However, in Meta’s view this is not an implementation bug but the way the protocol is designed to work.

Drupal and libX11 patches

Drupal developers have patched a moderately critical DoS vulnerability. In addition, two vulnerabilities have been found and patched in X.Org’s libX11 graphics library: one allows DoS attacks and the other can be exploited for remote code execution. 

Spying on tablet users via ambient light sensor 

Researchers showed that a malicious actor may be able to spy on tablet users by leveraging the built-in ambient light sensor. They showed that data from this sensor can be used to generate images of the user’s hands interacting with the screen, which could be leveraged to infer how the touchscreen is used. The research shows how a seemingly innocuous component could introduce a security risk, but users don’t have to worry about it as the attack is currently very slow and the information that can be captured is limited. 

Reports on exploits, supply chain security, and AI in the cloud

Cloud security firm Wiz has published a report titled State of AI in the Cloud 2024, which shows that 70% of organizations are using managed AI services, with Microsoft’s Azure AI Services leading in this category. The study found that while many organizations are experimenting with AI, only 10% are ‘power users’, with more than 50 instances in their cloud environments. 

ReversingLabs has released its 2024 State of Software Supply Chain Security Report. The company found 11,200 unique malicious packages across npm, PyPI, and RubyGems in 2023, a 28% increase compared to 2022. It also found a 400% annual increase in threats on the PyPI platform, and 40,000 instances of leaked or exposed development secrets across the three major package managers.

GreyNoise has released its 2023 Internet Exploitation Retrospective Report, which describes the most important exploits of 2023. 

Related: In Other News: WEF’s Unsurprising Cybersecurity Findings, KyberSlash Cryptography Flaw

Related: In Other News: US Ransomware Attacks, 23andMe Blames Victims, Nuclear Waste Hacking Attempt

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.