Discord.io data breach and Ivanti Avalanche vulnerabilities
Discord.io suffers a massive hack exposing the data of 760,000 users, critical flaws in Ivanti Avalanche put 30,000 organizations at risk and the Apple iOS 16 fake Airplane mode exploit. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Discord.io suffers massive data breach, exposes data of 760,000 users
Discord.io, a third-party service offering custom Discord channel invites, ceased operations following a data breach that exposed 760,000 users' data. The breach came to light when a person known as 'Akhirah' attempted to sell the Discord.io database on the resurrected Breached hacking forum. Akhirah cited issues with Discord.io's alleged links to harmful content as a motivator beyond financial gain. Exposed data includes usernames, email addresses and encrypted passwords. Despite the encrypted nature of passwords, Discord advises users to exercise caution against potential phishing attempts.
2. Security flaws in Ivanti Avalanche threaten 30,000 organizations
Ivanti Avalanche, utilized by 30,000 organizations for mobile device management, has reported critical security vulnerabilities. Labeled as CVE-2023-32560, with a high CVSS score of 9.8, these flaws stem from stack-based buffer overflows. Cybersecurity firm Tenable highlights that processing specific data types can trigger these overflows. This vulnerability allows unauthenticated attackers to trigger buffer overflows, potentially causing system crashes or enabling code execution. Ivanti has since launched Avalanche version 6.4.1 to address these issues and six additional vulnerabilities. With rising scrutiny on Ivanti's security, users are urged to update swiftly.
3. Cybersecurity experts share new Apple iOS 16 exploit using fake Airplane Mode
Researchers from Jamf Threat Labs have uncovered a potential exploit in iOS 16 that tricks users into thinking their device is in Airplane Mode. In reality, it only simulates the appearance of Airplane Mode while allowing connectivity for a rogue app. This means attackers can retain access even when users believe their device is offline. The experts achieved this by manipulating two daemons responsible for Airplane Mode’s UI and cellular data connectivity. This simulated mode replicates expected behaviors, like the inability to access the internet in certain apps. So far, this technique hasn’t been used in real-world cyberattacks.
4. Chinese cybercriminals use DDL hijacking to target Southeast Asian gambling sector
SentinelLabs has unveiled a fresh cyberespionage attack on Asian gambling firms believed to originate from the Chinese hacking group Bronze Starlight. It manipulates vulnerabilities in software such as Adobe Creative Cloud and Microsoft Edge to plant Cobalt Strike beacons on target computers. A stolen code signature from Singapore's VPN provider, PMG PTE, is also used, a tactic seen in other Chinese cyberattacks. While evidence suggests Bronze Starlight's involvement, attributing the attacks is complex due to shared tactics and tools among Chinese cyber groups. Interestingly, the malware avoids devices in countries like the UK, the U.S. and Canada.
5. Attackers target top U.S. energy company with QR code phishing
Phishing threat management company Cofense recently identified a campaign employing QR codes to target a leading US energy firm. The attackers used these codes to navigate around traditional email security defenses, sending malicious emails under the guise of updating Microsoft 365 account settings. Nearly 29% of over 1,000 malicious emails focused on this energy company, with others targeting various sectors. The scale and sophistication of this campaign indicate a potentially growing trend in QR code phishing tactics.
Phishing simulations & training