Cybersecurity Weekly: Phishing attacks spike, SHAREit patch, NSA exploit
Malformed URL prefix phishing attacks spike 6,000%. SHAREit fixes security bugs in their app with one billion downloads. Hackers used an NSA exploit years before the Shadow Brokers leak. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Malformed URL prefix phishing attacks spike 6,000%
Cybersecurity researchers have observed a nearly 6,000% jump in attacks using malformed URL prefixes to evade protections and deliver phishing emails that look legit. Typosquatting is a common phishing email tactic where everyday business names are misspelled, like amozon.com — to trick unobservant users into clicking.
2. SHAREit fixes security bugs in app with 1 billion downloads
Singapore-based Smart Media4U Technology fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users' devices. The security flaws also expose users of unpatched SHAREit versions to man-in-the-disk attacks, allowing attackers to manipulate application resources stored on external storage via code injection.
3. Hackers used NSA exploit years before Shadow Brokers leak
Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. The vulnerability was used for escalating Windows user privileges after gaining access to targeted devices through the use of a local privilege escalation bug affecting devices on Windows XP up to Windows 8.
4. Global Accellion data breaches linked to Clop ransomware gang
Threat actors associated with financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion's legacy File Transfer Appliance and steal sensitive files. The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group.
5. NurseryCam daycare cam service shut down after security breach
Late last week, nursery camera company NurseryCam announced a compromise of their network. In response to the incident, the company shut down its IoT camera service on Saturday and reported the security breach to the parents. NurseryCam has also reported a possible data breach to the UK’s data watchdog.
6. Shadow attacks let attackers replace content in digitally signed PDFs
Researchers demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. The technique uses the enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant.
7. VMware addresses a critical RCE issue in vCenter Server
VMware has addressed a critical remote code execution vulnerability in the vCenter Server virtual infrastructure management platform that could be exploited by attackers to potentially take control of affected systems. The issue affects vCenter Server plugin for vROPs which is available in all default installations.
8. New Silver Sparrow malware infected nearly 30,000 Apple Macs
Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers disclosed another piece of malicious software that was found in about 30,000 Macs running Intel x86_64 and the iPhone maker's M1 processors. Upon execution, the x86_64 binary simply displays the message "Hello, World!" whereas the M1 binary reads "You did it!"
9. Texas electric company warns of scammers threatening to cut power
Last week, Austin Energy warned of unknown individuals impersonating the company and threatening customers over the phone that their power will be cut off unless they pay fictitious overdue bills. During these ongoing scam attempts, the scammers warn the customers that their utilities will be disconnected if they don't make immediate payments.
10. TDoS attacks take aim at emergency first-responder services
The FBI warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services. The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: Phishing attacks spike, SHAREit patch, NSA exploit
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
