March 17, IDG News Service – (International) Stagefright exploit puts millions of Android devices at risk. NorthBit released a report addressing a vulnerability dubbed Metaphor, which affects Android versions 2.2. – 4.0, as well as 5.0 and 5.1, after security researchers discovered a new way to exploit a previously patched remote code execution vulnerability found in Stagefright, Android’s mediaserver and multimedia library. Researchers reported attackers tricked victims into clicking a malicious link sent via email that would execute the exploit. Source
March 17, Softpedia – (International) iCloud account hijacking scam is as bad as ransomware. Security researchers discovered that attackers could hack a victim’s Apple iCloud account and use the device’s security features to create malicious actions against the victim by using the Find my Mac feature and Find my iPhone feature. The two features enabled attackers to lock the device and display a ransomware message on a target’s device. Source
March 17, IDG News Service – (National) Vehicles are ‘increasingly vulnerable’ to hacking, FBI warns. Officials from the FBI and the National Highway Traffic Safety Administration warned the public March 17 against the increasing risk of cyber-attacks on vehicle computers via the linkages between different-on-board systems which provides portals that adversaries can exploit to remotely attack the vehicle controls and systems, and via third-party devices plugged into a vehicle’s diagnostic port that can introduce vulnerabilities. The FBI advised consumers to be cautious when connecting third-party devices and be aware of software updates for their vehicles. Source
March 17, SecurityWeek – (International) Nigerian cybercriminals target firms worldwide in BEC campaign. Researchers at Trend Micro reported a business email compromise campaign (BEC) dubbed Olympic Vision, allegedly run by two Nigerian cybercriminals, was targeting international organizations in the Manufacturing and Real Estate sector to obtain information and manipulate employees into transferring large monetary funds to bank accounts controlled by the hackers. Attackers sent urgent-sounding emails to compel victims into installing a piece of malware which allowed attackers to steal saved credentials from browsers, Windows product keys, keystrokes, and network information, among other data. Source