CISA default password alert and SOHO KV-botnet campaign
CISA urges tech vendors to stop using default passwords, new KV-botnet targets critical infrastructure via SOHO routers and BazaCall Google Forms phishing. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. CISA urges tech manufacturers to eliminate default password use
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned tech manufacturers against using default passwords. This alert follows incidents where Iranian hackers exploited such passwords to breach U.S. water suppliers. CISA recommends that tech companies require unique passwords or time-limited setup passwords. This is part of their Secure by Design initiative aiming to integrate cybersecurity into products from the beginning.
2. Sophisticated KV-botnet targets end-of-life SOHO devices to launch attacks
A sophisticated botnet linked to the Chinese cybercrime group Volt Typhoon has been targeting SOHO routers for espionage. A Black Lotus Labs at Lumen Technologies reveals the “KV-botnet” targets devices like routers and IP cameras, exploiting vulnerabilities in network edges. KV-botnet's sophisticated tactics allow it to blend with legitimate traffic. Microsoft and the U.S. government warn this botnet could disrupt US-Asia communications.
3. New BazaCall variant abuses Google Forms to conduct phishing attacks
Abnormal has detected a new BazaCall malware variant exploiting Google Forms to send convincing fake payment confirmations. Originating in 2021, this phishing technique mimics emails from known brands, falsely alerting recipients of expensive subscription renewals. Since they originate from Google servers, the emails seem legitimate and easily bypass standard security. This increases their effectiveness as an attack vector in phishing campaigns.
4. 3CX warns customers about SQL database integration risks, recommends disabling
3CX recently warned customers about a potential vulnerability in its SQL database integrations. The advisory, lacking specific details, urges customers to turn off integrations with MongoDB, MsSQL, MySQL and PostgreSQL databases as a precaution. The issue affects versions 18 and 20 of 3CX's VOIP software, but not all web-based CRM integrations. Amidst limited information, the company's CISO Pierre Jourdan advises disabling SQL/CRM integrations to prevent potential SQL injection attacks while 3CX works on a fix.
5. Emerging cybercrime marketplace OLVX gains traction with more users
ZeroFox reports a new cybercrime marketplace on the clearnet is rapidly gaining popularity. Called, OLVX, the platform draws users seeking tools for online fraud and cyberattacks. OLVX stands out for its range of offerings, from compromised website access to phishing kits. Its growth is fueled by strategic SEO, advertisements on hacker forums, and active promotion through its Telegram channel.
Phishing simulations & training