Skip to content

The Weekly Cybersecurity Roundup – October 24, 2020

October 19th, 2020

Vizom malware

Researchers have encounter a replacement malware variant, dubbed Vizom, that’s being actively utilized in a lively campaign across Brazil. The malware is currently being used to compromise bank accounts via online financial services. It impersonate itself as a video-conferencing application and evades security checks.

October 20th, 2020

Basecamp Being Used

Hackers have started using project management solution Basecamp to spread malware or acquire login credentials. In one instance, the service was used to distribute BazarLoader executables. By abusing trusted services such as Basecamp to stored and host malicious files and phishing pages, users can be tricked into a false sense of trust and open files that they normally would not.

October 21th, 2020

New Warning From Cisco

Cisco has issued a new warning about the active exploitation of a new high-severity vulnerability, CVE-2020-3118. It affects carrier-grade routers that run the Cisco IOS XR. The National Security Agency (NSA) has included the flaw among the top 25 security vulnerabilities actively being targeted by Chinese state-sponsored threat actors.

October 22th, 2020

New Variant of the PowGoop Downloader

Security Researchers have found variants of a new downloader, named PowGoop, in a cyber espionage attack launched by the threat actor group MuddyWater. The attack is being carried out against government agencies in the Middle East . The new malware downloader is a part of MuddyWater’s suite of tools for compromising targets and extending their infiltration into networks.

October 23th, 2020

Voter Registration on Sale of over 200 Million Users on Sale

It has been discovered that a black hat hacker is selling personally identifiable information (PII) of over 200 million Americans on the dark web. This also includes the voter registration information of 186 million Americans. Researchers are concerned that the data will be used by threat actors for disinformation campaigns (and other malicious activities).