Cybersecurity Weekly: Apple patches, job offer phishing, Cisco zero-day
Apple patched three actively exploited iOS zero-days. Hackers used Torisma spyware in job offer phishing attacks. A Cisco zero-day in AnyConnect Secure Mobility Client remains unpatched. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Apple patched three actively exploited iOS zero-days
Apple patched three iOS zero-day vulnerabilities actively exploited in the wild and affecting iPhone, iPad and iPod devices. The list of affected devices includes iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later and iPad mini 4 and later. The zero-days were addressed by Apple last week with the release of iOS 14.2.
2. Hackers used Torisma spyware in job offer phishing attacks
A cyberespionage campaign aimed at aerospace and defense sectors may have been more sophisticated than previously thought. This campaign aimed to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration.
3. Cisco zero-day in AnyConnect Secure Mobility Client remains unpatched
Cisco disclosed a zero-day vulnerability in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said proof-of-concept exploit code has been released, opening up risks of cybercriminals potentially leveraging the flaw.
4. Campari hit by Ragnar Locker Ransomware, $15 million ransom
Italian liquor company Campari Group was hit by a Ragnar Locker ransomware attack, where 2 TB of unencrypted files were allegedly stolen. To recover their files, Ragnar Locker is demanding $15 million. The group's IT department, with the support of IT security experts, immediately took action to limit the spread of malware in data and systems.
5. Reverse shell botnet Gitpaste-12 spreads via GitHub and Pastebin
A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code. The advanced malware comes equipped with reverse shell and crypto-mining capabilities and exploits over 12 known vulnerabilities. Gitpaste-12 was first detected on GitHub around October 15.
6. Brazil's court system under massive RansomExx ransomware attack
Brazil's Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over a video conference. The websites of multiple other Brazilian agencies are also currently offline. However, it is not yet known if they were attacked by the same threat actors or if they are hosted on the same site as the courts.
7. Premium-rate phone fraudsters hack VoIP servers of 1200 companies
Last week, cybersecurity researchers took the wraps off of an ongoing cyber fraud operation led by hackers in Gaza, West Bank and Egypt to compromise VoIP servers of more than 1,200 organizations across 60 countries. The threat actors targeted Sangoma PBX, an open-sourced user interface that's used to manage and control Asterisk VoIP phone systems.
8. New KilllSomeOne APT group leverages DLL sideloading
A new Chinese APT group, tracked as KilllSomeOne, appeared in the threat landscape targeting corporate organizations in Myanmar with DLL side-loading attacks. The technique was already employed by other Chinese APT groups since 2013, later it was also adopted by other cybercrime gangs in attacks in the wild.
9. HMRC smishing tax scam targets UK banking customers
An advanced HM Revenue and Customs tax rebate scam is targeting UK residents this week via text message. The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters.
10. Capcom hit by Ragnar Locker ransomware
Video game giant Capcom has reportedly been hit by a ransomware attack that affected access to certain systems — including email and file servers — and encrypted 1 terabyte of sensitive data. There is no indication that any customer information was breached.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: Apple patches, job offer phishing, Cisco zero-day
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
