CISA default password alert and SOHO KV-botnet campaign
CISA urges tech vendors to stop using default passwords, new KV-botnet targets critical infrastructure via SOHO routers and BazaCall Google Forms phishing. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. CISA urges tech manufacturers to eliminate default password use
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned tech manufacturers against using default passwords. This alert follows incidents where Iranian hackers exploited such passwords to breach U.S. water suppliers. CISA recommends that tech companies require unique passwords or time-limited setup passwords. This is part of their Secure by Design initiative aiming to integrate cybersecurity into products from the beginning.
2. Sophisticated KV-botnet targets end-of-life SOHO devices to launch attacks
A sophisticated botnet linked to the Chinese cybercrime group Volt Typhoon has been targeting SOHO routers for espionage. A Black Lotus Labs at Lumen Technologies reveals the “KV-botnet” targets devices like routers and IP cameras, exploiting vulnerabilities in network edges. KV-botnet's sophisticated tactics allow it to blend with legitimate traffic. Microsoft and the U.S. government warn this botnet could disrupt US-Asia communications.
3. New BazaCall variant abuses Google Forms to conduct phishing attacks
Abnormal has detected a new BazaCall malware variant exploiting Google Forms to send convincing fake payment confirmations. Originating in 2021, this phishing technique mimics emails from known brands, falsely alerting recipients of expensive subscription renewals. Since they originate from Google servers, the emails seem legitimate and easily bypass standard security. This increases their effectiveness as an attack vector in phishing campaigns.
4. 3CX warns customers about SQL database integration risks, recommends disabling
3CX recently warned customers about a potential vulnerability in its SQL database integrations. The advisory, lacking specific details, urges customers to turn off integrations with MongoDB, MsSQL, MySQL and PostgreSQL databases as a precaution. The issue affects versions 18 and 20 of 3CX's VOIP software, but not all web-based CRM integrations. Amidst limited information, the company's CISO Pierre Jourdan advises disabling SQL/CRM integrations to prevent potential SQL injection attacks while 3CX works on a fix.
5. Emerging cybercrime marketplace OLVX gains traction with more users
ZeroFox reports a new cybercrime marketplace on the clearnet is rapidly gaining popularity. Called, OLVX, the platform draws users seeking tools for online fraud and cyberattacks. OLVX stands out for its range of offerings, from compromised website access to phishing kits. Its growth is fueled by strategic SEO, advertisements on hacker forums, and active promotion through its Telegram channel.
Phishing simulations & training
In this Series
- CISA default password alert and SOHO KV-botnet campaign
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
