Security Newsletter

9 December 2019

Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users' banking and other login credentials and spy on their activities. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app.

In other words, when a user taps the icon of a legitimate app, the malware exploiting the Strandhogg vulnerability can intercept and hijack this task to display a fake interface to the user instead of launching the legitimate application. By tricking users into thinking they are using a legitimate app, the vulnerability makes it possible for malicious apps to conveniently steal users' credentials using fake login screens.

Promon reported the Strandhogg vulnerability to the Google security team this summer and disclosed details today when the tech giant failed to patch the issue even after a 90-day disclosure timeline.

 

Iranian hackers deploy new ZeroCleare data-wiping malware

Security researchers from IBM said today they identified a new strain of destructive data-wiping malware that was developed by Iranian state-sponsored hackers and deployed in cyber-attacks against energy companies active in the Middle East. IBM did not name the companies that have been targeted and had data wiped in recent attacks. Instead, IBM's X-Force security team focused on analyzing the malware itself, which they named ZeroCleare.

Unlike many cyber-security firms, IBM's X-Force team did not shy away from attributing the malware and the attacks to a specific country -- in this case, Iran. But unlike many previous cyber-attacks, which are usually carried out by one single group, IBM said this malware and the attacks behind appear to be the efforts of a collaboration between two of Iran's top-tier government-backed hacking units.

As for the malware itself, ZeroCleare is your classic "wiper," a strain of malware designed to delete as much data as possible from an infected host. Wiper malware is usually used in two scenarios. It's either used to mask intrusions by deleting crucial forensic evidence or it's used to damage a victim's ability to carry out its normal business activity -- as was the case of attacks like Shamoon, NotPetya, or Bad Rabbit. IBM said that none of the ZeroCleare attacks were opportunistic and appeared to be targeted against very specific organizations. Past Shamoon attacks targeted companies in the energy sector that were active in the Middle East region, companies that were either Saudi-based or known partners for Saudi-based oil & gas enterprises.

 

More #News

 

#Patch Time!

 

#Tech and #Tools

Kindred Group is growing, so does the Group Security team! We're looking for new talented professionals to come join us. You can find all our open vacancies on our career page.

This content was created by Kindred Group Security. Please share if you enjoyed!

Kindred Group in brief

Kindred is one of the largest online gambling companies in the world with a diverse team of 1,600 people serving over 26 million customers across Europe, Australia and the US. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and is an innovation driven company that builds on trust.