Daam Android virus and Barracuda zero-day flaw
CERT-In issues advisory on Daam Android malware, Barracuda discloses zero-day exploit affecting ESG appliances and the new Tesla leak. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Daam virus can hack into call records and steal history from Android phones, warns CERT-In
The Indian government has issued an advisory concerning the 'Daam' malware that poses a threat to Android phones. As stated by CERT-In, the national cyber security agency, this virus can hack into call records, contacts, history, and camera functionalities. Alarmingly, it can bypass antivirus programs and install ransomware on targeted devices. The malware is distributed through untrusted sources such as third-party websites or applications. To protect against this, users are strongly urged to avoid untrusted links and websites, regularly update antivirus software, and exercise caution when encountering suspicious numbers or shortened URLs.
2. Barracuda confirms zero-day exploit impacting some Email Security Gateway (ESG) appliances
Barracuda Networks, a security solutions provider, has alerted customers about a zero-day vulnerability in its Email Security Gateway (ESG) appliances. Tracked as CVE-2023-2868, the vulnerability allows remote command injection and affects versions 5.1.3.001 through 9.2.0.006 of the Barracuda ESG appliance. The flaw arose from inadequate input validation of user-supplied .tar files, enabling attackers to execute system commands. Barracuda swiftly released a patch to all impacted appliances and is actively investigating the incident. Impacted users have been notified and provided with instructions while the company continues to share updates on its status page.
3. New Tesla leak reveals thousands of Autopilot safety complaints
German publication Handelsblatt has reported a significant data breach at Tesla. An employee leaked over 23,000 internal files, revealing personal information on more than 100,000 current and former employees, as well as numerous complaints about Tesla's Autopilot and "Full Self-Driving" systems. Additionally, the leaked documents highlight over 2,400 reports of unintended acceleration and more than 1,500 complaints of braking issues, including cases of phantom braking and stops. Previously, the National Highway Traffic Safety Administration had launched an investigation into Tesla's phantom braking problem. Tesla is yet to respond to the report.
4. Microsoft 365 phishers found using encrypted RPMSG messages in campaigns
BleepingComputer reports that threat actors are exploiting compromised Microsoft 365 accounts and encrypted RPMSG files to steal Microsoft credentials. Additionally, TrustWave researchers discovered that phishing emails, originating from compromised accounts like Talus Pay, prompt recipients to click a "Read the Message" button. This leads to a request for Office 365 credentials, followed by a phishing email and a fake SharePoint document. A malicious script collects system data and sends it to the attackers' servers. To mitigate the risks, Trustwave suggests educating users and implementing Multi-Factor Authentication across all systems.
5. Zyxel warns of critical flaws in VPN and firewall devices, urges customers to patch
Zyxel has warned its customers about two critical vulnerabilities in its firewall and VPN products. These vulnerabilities, classified as buffer overflows, can be exploited by attackers without authentication, potentially leading to denial-of-service (DoS) attacks and remote code execution on vulnerable devices. The impacted devices include Zyxel VPN, Zyxel ATP, USG FLEX, USG FLEX50(W)/USG20(W)-VPN, and ZyWALL/USG models. Zyxel has released patches to address these issues and advises customers to install them for optimal protection. Users are urged to update their firmware to eliminate the risk of exploitation by hackers.
See Infosec IQ in action
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Daam Android virus and Barracuda zero-day flaw
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
