Daam Android virus and Barracuda zero-day flaw
CERT-In issues advisory on Daam Android malware, Barracuda discloses zero-day exploit affecting ESG appliances and the new Tesla leak. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Daam virus can hack into call records and steal history from Android phones, warns CERT-In
The Indian government has issued an advisory concerning the 'Daam' malware that poses a threat to Android phones. As stated by CERT-In, the national cyber security agency, this virus can hack into call records, contacts, history, and camera functionalities. Alarmingly, it can bypass antivirus programs and install ransomware on targeted devices. The malware is distributed through untrusted sources such as third-party websites or applications. To protect against this, users are strongly urged to avoid untrusted links and websites, regularly update antivirus software, and exercise caution when encountering suspicious numbers or shortened URLs.
2. Barracuda confirms zero-day exploit impacting some Email Security Gateway (ESG) appliances
Barracuda Networks, a security solutions provider, has alerted customers about a zero-day vulnerability in its Email Security Gateway (ESG) appliances. Tracked as CVE-2023-2868, the vulnerability allows remote command injection and affects versions 5.1.3.001 through 9.2.0.006 of the Barracuda ESG appliance. The flaw arose from inadequate input validation of user-supplied .tar files, enabling attackers to execute system commands. Barracuda swiftly released a patch to all impacted appliances and is actively investigating the incident. Impacted users have been notified and provided with instructions while the company continues to share updates on its status page.
3. New Tesla leak reveals thousands of Autopilot safety complaints
German publication Handelsblatt has reported a significant data breach at Tesla. An employee leaked over 23,000 internal files, revealing personal information on more than 100,000 current and former employees, as well as numerous complaints about Tesla's Autopilot and "Full Self-Driving" systems. Additionally, the leaked documents highlight over 2,400 reports of unintended acceleration and more than 1,500 complaints of braking issues, including cases of phantom braking and stops. Previously, the National Highway Traffic Safety Administration had launched an investigation into Tesla's phantom braking problem. Tesla is yet to respond to the report.
4. Microsoft 365 phishers found using encrypted RPMSG messages in campaigns
BleepingComputer reports that threat actors are exploiting compromised Microsoft 365 accounts and encrypted RPMSG files to steal Microsoft credentials. Additionally, TrustWave researchers discovered that phishing emails, originating from compromised accounts like Talus Pay, prompt recipients to click a "Read the Message" button. This leads to a request for Office 365 credentials, followed by a phishing email and a fake SharePoint document. A malicious script collects system data and sends it to the attackers' servers. To mitigate the risks, Trustwave suggests educating users and implementing Multi-Factor Authentication across all systems.
5. Zyxel warns of critical flaws in VPN and firewall devices, urges customers to patch
Zyxel has warned its customers about two critical vulnerabilities in its firewall and VPN products. These vulnerabilities, classified as buffer overflows, can be exploited by attackers without authentication, potentially leading to denial-of-service (DoS) attacks and remote code execution on vulnerable devices. The impacted devices include Zyxel VPN, Zyxel ATP, USG FLEX, USG FLEX50(W)/USG20(W)-VPN, and ZyWALL/USG models. Zyxel has released patches to address these issues and advises customers to install them for optimal protection. Users are urged to update their firmware to eliminate the risk of exploitation by hackers.
Phishing simulations & training