Cybersecurity Weekly: PoC Kerberos exploit, Subway phishing scam, distance learning attacks
An expert published PoC exploit code for a Kerberos Bronze Bit attack. A massive Subway U.K. phishing attack is pushing TrickBot malware. The U.S. warns of increased cyberattacks against K-12 distance learning. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Expert published PoC exploit code for Kerberos Bronze Bit attack
The proof-of-concept exploit code for the Kerberos Bronze Bit attack was published online last week. It allows intruders to bypass authentication and access sensitive network services. Microsoft initially addressed the flaw for Bronze Bit attacks in the November 2020 patch, but some Windows 10 users started reporting Kerberos authentication issues.
2. Massive Subway U.K. phishing attack is pushing TrickBot malware
A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware. This attack may indicate a data breach at Subway U.K. that allowed the threat actors to gain access to customer's names and email addresses.
3. U.S. warns of increased cyberattacks against K-12 distance learning
K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft and general disruption of normal activity. The trend will continue through the 2020-21 academic year. The alert comes from the FBI and the CISA based on reports from K-12 institutions incurring cyberattacks.
4. Fingerprint-jacking attack technique manipulates Android UI
In a Black Hat Europe talk, researchers explained how they were hunting for bugs in a mobile wallet app when they found a tactic to enable fingerprint-jacking, which is a user interface-based attack that targets fingerprints in Android apps. The term stems from clickjacking, as this type of attack conceals a malicious application interface beneath a fake covering.
5. Adrozek malware hijacking Chrome, Firefox, Edge, Yandex browsers
Microsoft revealed an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising. Adrozek employs an attacker infrastructure consisting of 159 unique domains, each of which hosts an average of 17,300 unique URLs, which in turn host more than 15,300 unique malware samples.
6. Cisco reissues patches for critical bugs in Jabber video conferencing software
Cisco has once again fixed four previously disclosed critical bugs in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks. The vulnerabilities could allow an authenticated, remote attacker to execute arbitrary code on target systems.
7. Valve's Steam server bugs could've let hackers hijack online games
Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and take control of affected third-party game servers. An attacker could remotely crash an opponent's game client to force a win or crash the Valve game server to end the game completely.
8. Mount Locker ransomware offering double extortion scheme to other hackers
A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software with the ability for its affiliates to launch double extortion attacks. The MountLocker ransomware has already gained notoriety for stealing files before encryption and extortion.
9. Attack on Vermont Medical Center is costing the hospital $1.5 million per day
In October, ransomware operators hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The ransomware attack disrupted services at the UVM Medical Center and affiliated facilities. A month later, the University of Vermont Medical Center continues to recover from the cyberattack that affected the systems at the Burlington hospital.
10. Researchers simulate privacy leaks in functional genomics studies
The functional genomics field generally relies on aggregating information from many samples for its statistical power. This means that broadly sharing raw data is vital; however, sharing these data currently is challenging because of the privacy concerns of individuals within those datasets, leading to the data being largely inaccessible behind firewalls.
In this Series
- Cybersecurity Weekly: PoC Kerberos exploit, Subway phishing scam, distance learning attacks
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
