Demelza, Viktoria, Adam, and Stefano host this week’s ShadowTalk to bring you the latest threat intelligence stories from the week.
This week they cover:
- Honda cyber attack
- LookBack, FlowCloud similarities point to a single perpetrator of utility attacks
- Delivery of malware through cloud storage
Listen to this week’s episode now 👇
Gamaredon expands Outlook by claiming victims from contacts list
The likely Russia-associated “Gamaredon” threat group has been observed conducting new attack campaigns that use Visual Basic Application (VBA) macros to spread malware to a victims’ contacts found in Microsoft Outlook. Researchers believe this is the first documented case of such macros being used to spread malware, which has likely indirectly affected individuals who are listed as a target’s contacts. Gamaredon has been active since emerging in 2013 and has a variety of tools at its disposal.
WhatsApp details exposed on indexed Google pages
A security researcher has discovered and disclosed a privacy issue in the web portal of the popular messaging platform WhatsApp. Using advanced search techniques (Google dorking), the researcher identified users’ phone numbers in plaintext hosted on indexed Google pages. Google dork search queries could be used to identify the phone numbers, as well as the profile images, of WhatsApp account users. Approximately 400,000 numbers have since been removed from the indexed pages.
Threat actors exploit SMBGhost vulnerability
The United States Cybersecurity and Infrastructure Agency (CISA) has warned of attacks targeting unpatched systems that are vulnerable to CVE-2020-0796, a flaw in Server Message Block 3.0 (SMBv3) referred to as SMBGhost. This came after the public release of a new proof of concept (PoC) achieving remote code execution (RCE). Threat actors are likely to use the techniques detailed in the PoC to launch RCE attacks against unpatched systems. A patch for CVE-2020-0796 was released in March 2020.
For more details, read the full Weekly Intelligence Summary: