Cybersecurity Weekly: Gift card scams, IKEA breached, cyber knowledge gaps
New twists on gift card scams flourish on Black Friday. IKEA was hit by a cyber attack that uses stolen internal reply-chain emails. Cybersecurity knowledge gaps at any level of the organization pose security risks. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. New twists on gift card scams flourish on Black Friday
Black Friday cybercriminals have revamped gift card scams to better target modern online shoppers. New tactics include bogus gift card generators that install malware designed to sniff out a victim’s cryptocurrency wallet address. The attack offers gift cards for significantly less than face value as a ploy to entice users to buy stolen gift-cards or download malware.
2. IKEA hit by cyber attack that uses stolen internal reply-chain emails
Once the mail servers are compromised, threat actors use the access to reply to the company’s internal emails in reply-chain attacks. Sending the messages from the organizations allows the attackers to bypass detection. Threat actors also exploit the access to internal emails to target business partners.
3. Cybersecurity knowledge gaps at any level of the organization pose security risks
Human error remains the most pressing challenge in cybersecurity, with as many as 88% of the breaches attributed to mistakes made by employees. Jack Koziol, CEO and founder of Infosec, discussed with CyberNews why education remains the most important cybersecurity practice to follow and how Infosec will help in training your workforce.
4. Hackers using compromised Google Cloud accounts to mine cryptocurrency
Threat actors are exploiting improperly-secured Google Cloud Platform instances to download cryptocurrency mining software to the compromised systems. They can then abuse its infrastructure to install ransomware, stage phishing campaigns and even generate traffic to YouTube videos for view count manipulation.
5. Study reveals an urgent need to quantify cybersecurity culture
Studies have shown that organizations with strong cybersecurity cultures experience increased visibility into potential threats and reduced cyber incidents. However, cybersecurity culture has historically been difficult to quantify. To help overcome this challenge, Infosec came up with a survey to classify cybersecurity culture and systematically measure results.
6. Recently patched Apache HTTP server vulnerability exploited
The vulnerability, tracked as CVE-2021-40438, is a server-side request forgery that can be exploited against httpd web servers that have the mod_proxy module enabled. An attacker can leverage this critical flaw using a specially crafted request to cause the module to forward the request to an arbitrary origin server.
7. VMware patches file read, SSRF vulnerabilities in vCenter Server
The arbitrary file read issue, rated high severity, affects the vSphere Web Client and it could be exploited to obtain sensitive information by an attacker who has network access to port 443 on vCenter Server. The second flaw, rated medium severity, affects the vSphere Web Client, specifically the vSAN Web Client plug-in.
8. Tardigrade malware hits biomanufacturing facilities
WHEN RANSOMWARE HIT a biomanufacturing facility this spring, something didn't sit right with the response team. The attackers left only a halfhearted ransom note, and didn't seem all that interested in actually collecting a payment. It was later discovered that they had used a shockingly sophisticated malware strain dubbed Tardigrade.
9. Arrest in Ransom Your Employer email scheme
In August, it was discovered that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme.
10. Attackers Actively Target Windows Installer Zero-Day
Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. The researcher posted a proof of concept exploit on GitHub for the newly discovered bug that he said works on all currently-supported versions of Windows.
In this Series
- Cybersecurity Weekly: Gift card scams, IKEA breached, cyber knowledge gaps
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
