Cybersecurity Weekly: UScellular data breach, Emotet takedown, Washington State breach
UScellular suffers a data breach. Europol announces a takedown of the Emotet botnet. A data breach exposes 1.6 million jobless claims filed in Washington State. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. UScellular data breach: Attackers ported customer phone numbers
U.S. wireless carrier UScellular discloses a data breach that exposed personal information of its customers. Then threat actors tricked UScellular employees working in retail stores into downloading and installing malicious software. The malware allowed the attackers to access the CRM using the employee’s accounts and then access personal information.
2. Europol announces takedown of the Emotet botnet
Europol has announced that following a global operation by law enforcement and judicial authorities, the Emotet botnet has been disrupted and law enforcement agencies have seized control of its infrastructure. The takedown was planned for two years and involved Europol, Eurojust, the FBI, the Royal Canadian Mounted Police and the U.K. National Crime Agency.
3. Data breach exposes 1.6 million jobless claims filed in Washington State
The Office of the Washington State Auditor said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerability in Accellion's File Transfer Appliance service.
4. SonicWall SMA 100 zero-day exploit actively used in the wild
A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity researchers. SonicWall has not provided many details as the investigation is ongoing, but they stated it likely affects their SMA 100 series line of remote access appliances.
5. A new software supply‑chain attack targeted millions with spyware
Cybersecurity researchers disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. The highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in Taiwan, Hong Kong and Sri Lanka.
6. New cryptojacking malware targeting Apache and Oracle servers
A financially-motivated threat actor leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. The Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as new evasion tactics to sidestep detection methods.
7. Google discloses severe bug in Libgcrypt encryption library
A severe vulnerability in GNU Privacy Guard's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero.
8. Google uncovers new iOS security feature after zero-day attacks
Last week, Google disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. The new, tightly sandboxed BlastDoor service is now responsible for almost all parsing of untrusted data in iMessages.
9. SpamCop anti-spam service suffers an outage after its domain expired
Last week, mail administrators, organizations and ISPs worldwide suddenly found that their outgoing mail was being rejected by mail servers using the SpamCop service. It turns out that this was a false positive caused by the spamcop.net domain expiring and being parked at the Sedo domain parking service with a wildcard DNS resolution.
10. Scammers posing as FBI agents threaten targets with jail time
The U.S. Federal Bureau of Investigation is warning of scammers actively posing as FBI representatives and threatening targets with fines and jail time unless they don't hand out personal and/or financial information. Multiple versions of the government impersonation scam have been reported in recent days, all of which exploit intimidation tactics.