Cybersecurity Weekly: Babuk decryptor, QR codes in phishing attacks, cloud supply chain threat
Avast released a free decryptor for Babuk ransomware. QR codes help attackers sneak emails past security controls. The SolarWinds attacker targets cloud service providers in a new supply chain threat. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Avast released a free decryptor for Babuk ransomware
Cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys. Researchers determined it will likely work only for victims whose keys were leaked as part of the Babuk source code dump.
2. QR codes help attackers sneak emails past security controls
Researchers have observed an attacker using a new technique to sneak phishing emails past enterprise security filters. The emails contained a message that described the QR code as offering access to a missed voicemail and appeared designed to bypass enterprise email gateway scans that are typically only geared to detect malicious attachments and links.
3. SolarWinds attacker targets cloud service providers in new supply chain threat
Nobelium, the threat actor behind the supply chain attack on SolarWinds, is now targeting cloud service providers and IT services organizations in a large-scale and ongoing campaign designed to infiltrate systems belonging to downstream customers of these companies. Since May, Nobelium has attacked at least 140 cloud service providers and compromised 14 of them.
4. New Shrootless bug could let attackers install rootkit on macOS systems
Last week, Microsoft disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. The vulnerability lies in how Apple-signed packages with post-install scripts are installed.
5. Infosec earns 2021 Tech Cares award from TrustRadius
Infosec announced that it was recognized by TrustRadius with the 2021 Tech Cares Award. This second annual award celebrates companies that have gone above and beyond to provide strong Corporate Social Responsibility. Key areas of CSR evaluated by TrustRadius included volunteerism, DEI, fundraising, workplace culture and environmental sustainability.
6. Zales.com leaked customer data, just like sister firms Jared, Kay Jewelers in 2018
In December 2018, jewelry vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.
7. All sectors are now prey as cyber threats expand targeting
While healthcare and education have long been considered the most heavily attacked, that’s shifting. In the latest FortiGuard Labs Global Threat Report, researchers found that the prevalence of ransomware in those two sectors was lower than managed security service providers, the automotive and manufacturing sectors, telecommunications and government.
8. WordPress plugin bug lets subscribers wipe sites
Researchers have discovered a homicidal WordPress plugin that allows subscribers to wipe sites clean of content. The high-severity security flaw is found in Hashthemes Demo Importer, a plugin that’s used in more than 8,000 active installations. The vulnerability allows any authenticated user to completely wipe a vulnerable site.
9. Crooks steal $130 million worth of cryptocurrency assets from Cream Finance
According to the experts, the attackers have likely exploited a vulnerability in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their control before splitting them through other wallets. Cream Finance has quickly addressed the flaw. Unfortunately, this is the third time Cream Finance has been hacked this year.
10. Over 1 million WordPress sites affected by OptinMonster plugin flaws
A high-severity vulnerability in The OptinMonster plugin can allow unauthorized API access and sensitive information disclosure on roughly a million WordPress sites. The flaw was discovered by Wordfence researcher Chloe Chamberland in September 2021, and the development team behind the plugin addressed it on October 7, 2021.
In this Series
- Cybersecurity Weekly: Babuk decryptor, QR codes in phishing attacks, cloud supply chain threat
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
