Fri. May 29th, 2020

Layer 7 Weekly Round Up: 8/26 Edition


1. Malicious websites secretly hacking iPhones for years

On Thursday, security researchers at Google’s Project Zero revealed that earlier this year they “discovered a small collection of hacked websites” that exploited vulnerabilities in Apple’s smartphone software.



2. ‘Heatstroke’ campaign uses multistage phishing attack to steal PayPal and credit card information

Phishing is getting more sophisticated, according to this new research about the Heatstroke campaign. Attackers have combined using private emails with steganography techniques to make their lures appear more genuine. This campaign has been seen more frequently according to researchers at Trend Micro.



3. Hostinger resets customer passwords after data breach

In a blog post, web hosting company Hostinger revealed that an “unauthorized party” gained access to one of its servers. The breach is believed to affect up to 14 million of its customers. As a result, Hostinger reset user passwords as a “precautionary measure.”


4. Ransomware attackers set their sights on hundreds of US dentists offices

On Monday, Wisconsin-based software providers, PerCSoft and Digital Dental Records, suffered a ransomware attack that impacted hundreds of their customers.



5. Newly Registered Domains: Malicious abuse by bad actors

This post takes a deep dive into how these domains are used to compromise your networks and found that the vast majority of them are used as command sites for malicious purposes. Many of these domains are only alive for a few hours or days and disappear before researchers have found them. — Unit 42 (Palo Alto Networks)