In today’s DailyCyber 133, I want to thank you and the new subscribers for following me. I really appreciate it. I am excited about my DefCon Toronto talk this coming Thursday. I also provide some great information on two Cybersecurity news articles that I think you will find important.
Make sure you comment and share this video with everyone you know.
What is in the news:
1) Scam Alert: Your Trusted Friends Can Hack Your Facebook Account
If you receive a message from any of your Facebook Friends asking for urgent help to recover their Facebook account, since they've added you as one of their 'Trusted Contacts'—just don’t blindly believe it.
Researchers have detected a new Facebook phishing scam that can even trick an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook account.
This latest social media scam is abusing "Trusted Contact"—a Facebook account recovery feature that sends secret access codes to a few of your close friends in order to help you regain access to your Facebook account in case you forget your password or lost access to your account.
According to a public security alert published by AccessNow, the attack initiates by an already compromised account of one of your friends, asking for urgent help to get back into his/her Facebook account.
The attacker explains that you are listed as one of his/her Trusted Contacts on Facebook and asks you to check your email for a recovery code and share with the attacker (who's hiding behind the identity of your friend).
However, in actual, the code you received is not the key to unlock your friend's account, but instead, the attacker initiated "Forgot my password" request for your account in an attempt to hijack your Facebook account.
Knowing that a friend is in trouble, apparently one would share the code without giving a second thought.
2) Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware
FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents.
Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis.
So far BlackOasis has targeted victims in various countries including Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.
The newly reported Flash zero-day exploit is at least the 5th zero-day that BlackOasis group exploited since June 2015.
The zero-day exploit is delivered through Microsoft Office documents, particularly Word, attached to a spam email, and embedded within the Word file includes an ActiveX object which contains the Flash exploit.
The exploit deploys the FinSpy commercial malware as the attack's final payload.
FinSpy, also known as FinFisher, has extensive spying capabilities on an infected system, including secretly conducting live surveillance by turning ON its webcams and microphones, recording everything the victim types on the keyboard, intercepting Skype calls, and exfiltration of files.
To get into a target's system, FinSpy usually makes use of various attack vectors, including spear phishing, manual installation with physical access to the affected device, zero-day exploits, and watering hole attacks.