Discord support hack and Toyota location data leak
Discord announces data breach after support agent hack, Toyota exposes car location data of 2 million customers and the new Linux BPFDoor malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Discord discloses data breach after support staff hack
Discord, a VoIP and instant messaging social platform with 150 million monthly active users, has announced a data breach resulting from the compromise of a third-party support agent’s account. The hack exposed the agent’s support ticket queue containing user email addresses, attachments and communications with Discord support. Although the company has disabled the compromised account and conducted malware scans on the affected device, users are advised to remain vigilant for suspicious activity.
2. Toyota breach exposes location data of 2 million customers for a decade
In a recent announcement, Toyota disclosed that the car location data of over two million Japanese customers was exposed online for a decade. The breach resulted from a cloud misconfiguration, leading to the leakage of sensitive information such as vehicle location and identification numbers. Toyota reassures that the data alone cannot identify individual car owners, and there is no evidence of unauthorized access. The incident follows previous data breaches at Toyota, including the accidental upload of source code and data exposure through its Italian distributor.
3. Researchers spot a new stealthier variant of BPFDoor Linux malware
Cybersecurity firm Deep Instinct has discovered a new and exceptionally stealthy variant of a Linux backdoor named BPFDoor. This previously undocumented malware, associated with the Chinese threat actor Red Menshen, is notorious for being difficult to detect. BPFDoor allows attackers to establish persistent remote access to compromised systems for extended periods. The latest version of BPFDoor incorporates advanced techniques such as encryption using a reverse shell and a static library for command-and-control communication.
4. Swiss multinational firm ABB falls victim to Black Basta ransomware
Swiss multinational company ABB has fallen victim to a ransomware attack, impacting its business operations. The attack by the Black Basta ransomware gang targeted ABB's Windows Active Directory and affected numerous devices. ABB took swift action by terminating VPN connections with customers to prevent the ransomware from spreading further. The attack has caused disruptions, delaying projects and impacting factories.
5. New Cactus ransomware exploits VPN flaws to attack commercial firms
Security researchers have identified a new ransomware strain that exploits flaws in VPN applications to conduct big-scale attacks. Called Cactus, the ransomware has been active since March and employs unique tactics to avoid detection, including encrypting its own binary files. Cactus also engages in reconnaissance using various tools, steals data and threatens to publish it unless a ransom is paid. Protection measures include data exfiltration monitoring and applying timely software updates.
Phishing simulations & training
In this Series
- Discord support hack and Toyota location data leak
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
