Threatpost

03 March 2021

• Post-Cyberattack, Universal Health Services Faces $67M in Losses
  The Fortune-500 hospital network owner is facing steep costs in damages after a cyberattack impacted patient care and billing in September and October.
• Jailbreak Tool Works on iPhones Up to iOS 14.3
  The UnC0ver team took advantage of an iOS flaw patched in January in its latest tool allowing developers and other enthusiasts to hack into their own devices.
• Compromised Website Images Camouflage ObliqueRAT Malware
  Emails spreading the ObliqueRAT malware now make use of steganography, disguising their payloads on compromised websites.
• Ryuk Ransomware: Now with Worming Self-Propagation
  The Ryuk scourge has a new trick in its arsenal: Self-replication via SMB shares and port scanning.
• Mobile Adware Booms, Online Banks Become Prime Target for Attacks
  A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks.
• Malware Loader Abuses Google SEO to Expand Payload Delivery
  Gootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction.
• Passwords, Private Posts Exposed in Hack of Gab Social Network
  The Distributed Denial of Secrets group claim they have received more than 70 gigabytes of data exfiltrated from social media platform Gab.
• Firewall Vendor Patches Critical Auth Bypass Flaw
  Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users.
• Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process
  Researchers found a number of privacy and security issues in Amazon's Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.
• Stalkerware Volumes Remain Concerningly High, Despite Bans
  COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware.