Hacks

SAP(Systems Applications and Products) announced on Monday that they are to patch security issues with some of their cloud-based products. The bugs are identified as a part of the internal cybersecurity audit and the company already started working on it. SAP Security Issues SAP said that some of it is “cloud products do not meet one or several contractually agreed or statutory IT security standards” and they started to fix them. Following are the products affected; SAP Success Factors, SAP Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ; as well as SAP C4C/Sales Cloud, SAP Cloud Platform, and SAP Analytics Cloud. SAAP confirms that the  vulnerabilities  are not identified as a part of a security incident and no customer data has been compromised. “To ensure that the affected products meet relevant terms and conditions and in addition to technical remediation, SAP has decided to update its security-related terms and conditions. These remain in line with

Due to coronavirus pandemic, many companies around the world asked employees to work from home, which increases the usage of video conferencing apps. Researchers from Trend Micro observed a  new campaign  that leverages several popular messaging apps including Zoom. WebMonitor RAT Campaign In the new campaign, attackers repackaged the legitimate zoom installer with WebMonitor RAT. The infection starts with downloading the malicious file ZoomIntsaller.exe from malicious sources. While running the malicious file it drops a copy of itself named Zoom.exe and to execute the Zoom.exe it opens the process notepad.exe. Once executed it connects with the remote C2 server and executes following commands. Add, delete, and change files and registry information Close connections Get software and hardware information Get webcam drivers/snapshot Record audio and log keystrokes Start, suspend, and terminate processes and services Start/stop screen stream Start/stop Wireless Acce

The Cyberthreat uses COVID-19 themed malspam to distribute the  Trickbot  malware, says IBM Security Researchers. This time attacker utilizes FMLA ( Family and Medical Leave Act)  to lure the user over COVID-19 medical leaves with the attachment named “Family and Medical Leave of Act 22.04.doc” to distribute the malware. Spam mail disguised to come from the U.S. Department of Labor (DoL). Trickbot Campaigns TrickBot is a sophisticated banking Trojan operated by an organized cybercrime gang. Users infected with the TrickBot Trojan becomes part of a botnet that can allow attackers to gain complete control of the device. Typical consequences of TrickBot infections are bank account takeover, high-value wire fraud, and possibly ransomware attacks targeting organizational networks. Mainly financially motivated cyber-attacks. DocuSign themes used by Trickbot Sample email US-DoL.eml, contains three attachments: uslogo.png, faq.png, and Family and Medical Leave of Act 22.04.doc.