Zyxel’s Gigantic Exploit, More Chinese Apps Banned, and the Dark Web’s COVID-19 Growth Spurt

Your Weekly Cybersecurity News Roundup

2021 may have just begun, but there’s already plenty to discuss in the world of cybersecurity.

For starters, the Zyxel backdoor vulnerability is the first of (most likely) many exploits in 2021. Additionally, Trump and his administration delivered two more large cybersecurity headlines ahead of the transition on January 20th. We’ll discuss these headlines and more in this week’s installment of Byte Sized News by PlexTrac.

As always, this series isn’t intended to provide readers with details on every story and topic but rather to fill busy professionals in on only the most compelling developments in the field.

More assessments. More insights. More security. Do more with PlexTrac. Learn more here.

Backdoor Account Discovered in More than 100,000 Zyxel Firewalls and VPN Gateways

ZDNet brings us our first headline of the year with this week’s massive Zyxel vulnerability.

More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices. This access is granted the SSH interface or through the web admin panel.

This backdoor account, which was uncovered by a Dutch security team from Eye Control, has been deemed “critical” by the team. Device owners susceptible to the vulnerability have been advised to update their systems as soon as possible.

Security experts warn that anyone ranging from DDoS botnet operators to state-sponsored hacking groups and ransomware gangs could abuse this backdoor to access vulnerable devices. This statement is made even worse when considering that affected models include many of Zyxel’s top products — products that are used heavily across many private enterprise and government networks.

This breach only goes to show just how frequent vulnerabilities can cross firewalls and VPN gateways.

To read the full breakdown of the Zyxel breach by ZDNet, click here.  

More Chinese Apps Attract a Ban from Trump’s Presidential Administration

President Donald Trump’s newest executive order against Chinese technology companies may not ever see the light of day, but as Cyberscoop reports, it will force some decisions by the incoming Biden administration.

This executive order bans U.S. transactions with several mobile apps, including Alipay and WeChat Pay. This ban was enacted to protect the security of U.S. users. This executive order is similar to the one made against TikTok last year, which is currently still being debated in court.

Trump’s executive order states, “The United States has assessed that a number of Chinese connected software applications automatically capture vast swaths of information from millions of users in the United States, including sensitive personally identifiable information and private information.”

The big catch to this executive order is that it will take effect in 45 days — well after the inauguration of Joe Biden. Biden could choose to simply undo the order Trump filed or approve it. Biden’s transition staff apparently has not been consulted about the order.

To read more about Trump’s newest executive order from Cyberscoop, click here.

It’s Not the Trump Sex Tape, It’s a RAT

President Donald Trump’s name stays in the headlines in our next story from Threatpost, but not because of anything he actually did.

The article reports that cyber criminals are using the end of the Trump presidency to deliver a brand-new remote-access trojan (RAT) variant. The catch? The RAT is “disguised as a sex video of the outgoing POTUS,” researchers report. This file is being spread via malicious links in emails.

The RAT, which was first discovered in 2015, is called the Quaverse Remote Access Trojan (QRAT). This RAT is Java-based and supercharged by plug-ins from Quaverse. Back in August of 2020 it was reported that researchers saw an uptick in phishing scams trying to push QRAT, a trend that has apparently continued into 2021.

What’s worse is that the QRAT has significantly improved in the months since its initial discovery, becoming more and more of a threat to victims. And while there isn’t a single shred of me that would want to see the fake video being dangled in front of people, it seems to have enough interest to garner some clicks.

To read the full article about the latest QRAT phishing scheme from Threatpost, click here.   

Dark Web Forum Activity Surged 44% in Early COVID Months

It wouldn’t be an episode of Byte Sized News without a story relating to COVID-19, and we’ve got another one coming to us from Dark Reading.

Researchers have analyzed the activity of five of the most popular English and Russian-speaking Dark Web forums and discovered “exponential membership growth.” Dark Web forum activity grew 44 percenr during the spring of 2020 when compared to baseline numbers.

A team of researchers at cybersecurity company Sixgill analyzed these five forums to test the effect of the COVID-19 pandemic on traffic to underground forums. At their peak, these forums had a combined total of 268,610 unique monthly users, which was up from 82,421 in January.

While a decent amount of the traffic can be attributed to people sitting inside without anything else to do, Sixgill was surprised by the jump in activity. “I did not expect it to rise 44 percent. That number really stood out as something very, very striking,” Sixgill security researcher Dov Lerner stated.

To read more about COVID-19’s effect on Dark Web Forums, click here.

WhatsApp Will Disable Your Account if You Don’t Agree to Share Data with Facebook

Facebook isn’t a company that generally gets glowing reviews for the privacy of its users’ data, and this story from The Hacker News just throws more gas on that fire.

“Respect for your privacy is coded into our DNA,” opens WhatsApp’s privacy policy. However, starting on February 8, 2021, this statement becomes significantly harder to believe. This date is when the Facebook-owned messaging service will alert users in India of an update to its terms of service and privacy policy.

The update is masquerading as “how businesses can use Facebook hosted services to store and manage their WhatsApp chats,” and how WhatsApp partners with Facebook “to offer integrations across Facebook Company Products.” However, this update allows WhatsUp to share more user data with Facebook companies, including account registration info, phone numbers, transaction data, and much more.

Unsurprisingly, this data sharing update with Facebook doesn’t apply to EU countries that are a part of the European Economic Area (EEA), which are strictly governed by GDPR data protection regulations.

The worst part about this story is that this app has adopted a “fall in line or else” policy, as users who fail to agree to the revised terms will have their accounts disabled until agreeing to the updated policy. These accounts will be deleted after 120 days of inactivity.

To learn more about WhatsApp’s nefarious policy updates from The Hacker News, click here.

Check up on Byte Sized News