Cybersecurity Weekly: Carding gang busted, Tupperware suffers cyberattack, Linksys under fire
Government officials shut down a huge credit card fraud ring. A cyberattack harvests card details from Tupperware customers. Linksys routers see more frequent cyberattacks as more employees work from home. All this, and more, in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Russians shut down huge card fraud ring
Federal investigators in Russia charged over 25 people accused of operating a sprawling international credit card theft ring. The raid included the charging of a major carding kingpin. He is thought to be tied to dozens of carding shops and some of the bigger data breaches targeting western retailers over the past decade.
Read more »
2. Tupperware cyberattack stores away customer payment cards
Cybercriminals hacked the official website of Tupperware and injected a payment card skimmer into its checkout page to steal the credit card details of online customers. Security researchers first identified the skimmer on March 20, but there’s no indication of how long the site was compromised before that.
Read more »
3. Brute-force attack aims at Linksys routers as more people work remotely
A cybercrime group is scanning the internet for vulnerable Linksys routers. This is the first stage of an attack that ultimately aims to fool users into downloading and installing malware. After compromising the router, the attacker directs the victim to a page that uses the fear of the coronavirus pandemic to install the malicious program.
Read more »
4. Emerging APT mounts mass iPhone surveillance campaign
A new mass-targeted watering-hole campaign is aiming at iPhone users in Hong Kong, infecting website visitors with custom surveillance malware. That malicious software contains exploits for known and patched Apple iOS vulnerabilities, and has an endgame of installing proprietary backdoor spyware.
Read more »
5. Hackers exploit Zoom's overnight success to spread malware
Cybercriminals are taking advantage of the spike in Zoom video conferencing usage by registering new fake Zoom domains and malicious executable files in an attempt to trick people into downloading malware on their devices. Researchers found over 1,700 newly registered Zoom domains since the onset of the pandemic.
Read more »
6. Maze ransomware group claims Chubb as victim
This week, insurance firm Chubb reportedly found itself a victim of the Maze ransomware, which encrypted the company’s files. The hacker group put a notice on its news site claiming that it encrypted the insurance company’s network. Chubb has not yet announced whether or not it plans to pay the ransom.
Read more »
7. TrickBot mobile app bypasses 2FA for banking services
The malware group behind TrickBot banking trojan developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS to complete fraudulent transactions. The app is currently targeting German users whose desktops have been previously infected with the TrickBot malware.
Read more »
8. Hackers attack pharma, manufacturing companies in Europe
Russian malware was used in attacks in late January against at least two European companies in the pharmaceutical and manufacturing industries. Based on the tools employed in the attacks, the suspects are likely the Silence and TA505 financially-motivated groups. Both groups used new IP addresses in their attacks to mask their identities.
Read more »
9. Ryuk ransomware keeps targeting hospitals during the pandemic
Unlike some other ransomware operators, such as Maze and DoppelPaymer, Ryuk ransomware operators continue to target hospitals even as these organizations are overwhelmed during the COVID-19 pandemic. Last week, a U.S. health care provider was attacked and encrypted overnight by Ryuk.
Read more »
Phishing simulations & training
10. BadUSB attack detected in the wild against U.S. hospitality provider
A U.S. hospitality provider has recently been the target of an incredibly rare BadUSB attack. The attack happened after the company received an envelope containing a fake Best Buy gift card, along with a USB thumb drive. The victim was told to plug the USB thumb drive into a computer to access a list of items the gift card could be used for.
Read more »
In this Series
- Cybersecurity Weekly: Carding gang busted, Tupperware suffers cyberattack, Linksys under fire
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
