Cyber Threats
This Week in Security News - February 18, 2022
SMS PVA services' use of infected Android phones reveals flaws in SMS verification, and 'Russian state-sponsored cyber actors' cited in hacks of U.S. defense contractors
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how to criminals can misuse SMS PVA services to conduct fraud. Also, read about a recent alert from the Cybersecurity and Infrastructure Security Agency on ‘Russian state-sponsored’ cyber actors.
Read on:
SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification
There has been an increase in short message service (SMS) phone-verified account (PVA) services in the last two years. SMS PVA services provide alternative mobile numbers that customers can use to register for online services and platforms. Malicious actors can register disposable accounts in bulk or create phone-verified accounts for criminal activities. In the following blog, Trend Micro shares the results of their investigation into the operations of a SMS PVA provider that uses the site smspva[.]net.
'Russian State-Sponsored Cyber Actors' Cited in Hacks of U.S. Defense Contractors
For more than two years, “Russian state-sponsored cyber actors” have targeted the emails and other data of U.S. defense contractors that handle sensitive information about weapons development, computer systems, intelligence-gathering technology and more, the federal government warned. The alert from the Cybersecurity and Infrastructure Security Agency said cleared defense contractors (CDCs) are the primary victims of the breaches.
Security Automation with Vision One & Palo Alto
Trend Micro Vision One™ is at the core of Trend Micro’s unified cybersecurity platform, delivering powerful, industry-leading extended detection and response (XDR), centralized visibility and risk insights. Vision One integrates with Palo Alto Networks Cortex™ XSOAR to drive automated response to incidents uncovered by Vision One. This simplifies investigations and response for SOC analysts, enabling them to easily execute necessary steps all from within Cortex™ XSOAR via commands and playbooks.
The Cyber Fight in Ukraine Is Getting More Serious
Russia is inching closer to a serious cyberattack in Ukraine even as the United States sharpens its warnings against any cyber aggression. Hackers are poised at the edge of a significant cyber fight, but they haven’t crossed the border yet – much like the broader military conflict right now.
Detecting Pwnkit (CVE-2021-4034) Using Trend Micro™ Vision One™ And Cloud One™
Security researchers disclosed PwnKit as a memory corruption vulnerability in polkit’s pkexec. The gap allows a low-privileged user to escalate privileges to the root of the host. Various proofs of concept have been disclosed, written in different languages, and the vulnerability has been there for over 12 years, affecting all versions of the pkexec since its first distribution in 2009. This blog discusses how CVE-2021-4034 can be detected and blocked using Trend Micro™ Vision One™ and Trend Micro Cloud One™.
Red Cross Reveals Actors Exploited Unpatched Zoho Security Flaw in January Breach
The Red Cross released new insights into the cyberattack that led to the compromise of data tied to more than 515,000 people last month. The report shows the hackers gained access to its network through an unpatched vulnerability in the Zoho ManageEngine ADSelfService, CVE-2021-40539. The report shows the Red Cross was unable to apply the patch in time before the attack.
Can You Rely on Otps? A Study of SMS PVA Services and Their Possible Criminal Uses
SMS PVA services allow their customers to create disposable user profiles or register verified accounts on many popular platforms. Unfortunately, criminals can misuse these services to conduct fraud or other malicious activities. Here, Trend Micro provides an in depth look into their research on SMS PVA services.
San Francisco 49ers Hit with A Ransomware Attack
Super Bowl Sunday wasn't so super for the San Francisco 49ers as the team reportedly confirmed a "network security incident" that affected some of its corporate IT network systems. According to the AP, the incident came in the form of a ransomware attack by the infamous BlackByte cybercrime gang, which posted purportedly pilfered invoices from the team on its Dark Web "shaming" site.
Massive LinkedIn Phishing, Bot Attacks Feed on The Job-Hungry
Emotionally vulnerable and willing to offer up any information that lands the gig, job seekers are prime targets for social engineering campaigns. And with the “Great Resignation” in full swing, cybercriminals are having an easy time finding their next victim. Just since Feb. 1, analysts have watched phishing email attacks impersonating LinkedIn surge 232 percent, attempting to trick job seekers into giving up their credentials.
What do you think of the risk of criminals using SMS PVA services maliciously? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.