News

CISA default password alert and SOHO KV-botnet campaign

Dan Virgillito
December 18, 2023 by
Dan Virgillito

CISA urges tech vendors to stop using default passwords, new KV-botnet targets critical infrastructure via SOHO routers and BazaCall Google Forms phishing. Catch all this and more in this week’s edition of Cybersecurity Weekly.  

Top Security Awareness Posters

Top Security Awareness Posters

Download our collection of free posters and use them to keep security at the forefront of your employees' minds.

1. CISA urges tech manufacturers to eliminate default password use                

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned tech manufacturers against using default passwords. This alert follows incidents where Iranian hackers exploited such passwords to breach U.S. water suppliers. CISA recommends that tech companies require unique passwords or time-limited setup passwords. This is part of their Secure by Design initiative aiming to integrate cybersecurity into products from the beginning.

Read more »

2. Sophisticated KV-botnet targets end-of-life SOHO devices to launch attacks

A sophisticated botnet linked to the Chinese cybercrime group Volt Typhoon has been targeting SOHO routers for espionage. A Black Lotus Labs at Lumen Technologies reveals the “KV-botnet” targets devices like routers and IP cameras, exploiting vulnerabilities in network edges. KV-botnet's sophisticated tactics allow it to blend with legitimate traffic. Microsoft and the U.S. government warn this botnet could disrupt US-Asia communications.

Read more »

3. New BazaCall variant abuses Google Forms to conduct phishing attacks

 Abnormal has detected a new BazaCall malware variant exploiting Google Forms to send convincing fake payment confirmations. Originating in 2021, this phishing technique mimics emails from known brands, falsely alerting recipients of expensive subscription renewals. Since they originate from Google servers, the emails seem legitimate and easily bypass standard security. This increases their effectiveness as an attack vector in phishing campaigns.

Read more »

4. 3CX warns customers about SQL database integration risks, recommends disabling

3CX recently warned customers about a potential vulnerability in its SQL database integrations. The advisory, lacking specific details, urges customers to turn off integrations with MongoDB, MsSQL, MySQL and PostgreSQL databases as a precaution. The issue affects versions 18 and 20 of 3CX's VOIP software, but not all web-based CRM integrations. Amidst limited information, the company's CISO Pierre Jourdan advises disabling SQL/CRM integrations to prevent potential SQL injection attacks while 3CX works on a fix.

Read more »

5. Emerging cybercrime marketplace OLVX gains traction with more users

ZeroFox reports a new cybercrime marketplace on the clearnet is rapidly gaining popularity. Called, OLVX, the platform draws users seeking tools for online fraud and cyberattacks. OLVX stands out for its range of offerings, from compromised website access to phishing kits. Its growth is fueled by strategic SEO, advertisements on hacker forums, and active promotion through its Telegram channel.

Read more »

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.