Cybersecurity Weekly: Paypal phishing texts, Facebook ad phishing, T-Mobile data breach
PayPal phishing texts state users accounts are limited. Facebook ads are being used to steal 615,000+ credentials in a phishing campaign. T-Mobile disclosed a recent data breach. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. PayPal phishing texts state accounts are limited
A PayPal text message phishing campaign is underway that attempts to steal account credentials and other sensitive information that can be used for identity theft. When PayPal detects suspicious or fraudulent activity on an account, the account will have its status set to limited, which will put temporary restrictions on withdrawing, sending or receiving money.
2. Facebook ads used to steal 615,000+ credentials in a phishing campaign
Security researchers spotted a new large-scale campaign abusing Facebook ads. Threat actors are using these ads to redirect users to GitHub accounts that host phishing pages used to steal victims’ login credentials. The campaign targeted more than 615,000 users in multiple countries including Egypt, the Philippines, Pakistan and Nepal.
3. T-Mobile disclosed data breach
Last week, T-Mobile disclosed a data breach exposing customers’ account information. The T-Mobile security staff discovered malicious, unauthorized access to their systems. The company reported the incident to the authorities and is investigating the incident with the help of a cybersecurity firm.
4. Alleged docs relating to Covid-19 vaccine leaked on dark web
Experts found documents relating to Covid-19 vaccine of European Medicines Agency on the dark web. In early December, the European Medicines Agency announced a cyberattack. The EMA did not provide technical details about the attack, nor whether it will have an impact on its operations while it is evaluating and approving COVID-19 vaccines.
5. Ticketmaster to pay $10 million fine for hacking rival
Ticketmaster agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to cut the company off at the knees. The California-based ticket sales and distribution company used the stolen information to gain an advantage over CrowdSurge.
6. Secret backdoor account found in several Zyxel firewall, VPN products
Zyxel released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. A researcher reported the vulnerability to Zyxel on November 29 and the company released a firmware patch on December 18.
7. Google Docs bug could have let hackers see private documents
Google patched a bug in its feedback tool that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents by embedding them in a malicious website. The flaw was discovered on July 9 by security researchers who were awarded as part of Google's Vulnerability Reward Program.
8. AutoHotkey-based password stealer targeting U.S., Canadian banking users
Threat actors have been discovered distributing a new credential stealer written in AutoHotkey scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the U.S. and Canada are among the primary targets for credential exfiltration.
9. FBI warns swatting attacks on owners of smart devices
The FBI recently issued an alert to warn owners of smart home devices with voice and video capabilities of so-called swatting attacks. Swatting attacks consist of fraudulent calls made to emergency services to trigger an immediate response from law enforcement and the S.W.A.T. team to a specific location.
10. APT hackers move to ransomware attacks
Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27.