Forever 21 data breach and Android BadBazaar espionage
Forever 21 data breach impacts half a million individuals, Chinese APT group distributes BadBaazar spyware via trojanized Android messaging apps and the Classiscam scam-as-a-service operation. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Forever 21 suffers data breach; over 500,000 individuals affected
The retailer has informed over 500,000 individuals that a Forever 21 cyberattack compromised their personal information between January and March 2023. The retailer identified the breach on March 20 and disclosed it to the Maine Attorney General. Impacted data includes names, bank accounts, Social Security numbers, birth dates and health plan information. Forever 21 later reported that it had secured the data and found no evidence of misuse, suggesting that the company communicated with the attackers.
2. Chinese APT group using fake Signal and Telegram apps to distribute BadBaazar spyware
Cybersecurity firm ESET recently found that Chinese hacking group GREF uploaded trojanized versions of Signal and Telegram to Google Play and Samsung Galaxy Store. These compromised apps, named 'Signal Plus Messenger' and 'FlyGram,' contain BadBazaar spyware and targeted users in countries like the U.S., Poland and Ukraine. The spyware can steal sensitive information, including call logs and location data. Google has removed the malicious apps, but they remain available on Samsung's Galaxy Store. ESET recommends that Android users only download the official versions of messaging apps.
3. Classiscam scam-as-a-service expands, now targeting 251 brands across 79 countries
Group-IB has reported that the Telegram-based Classiscam operation is causing greater financial damage and broadening its worldwide reach. The criminal platform, which enables fake ads and phishing sites to steal money and payment credentials, has grown to include 393 criminal gangs targeting users in 79 countries. Damages are estimated at $64.5 million, with targeted brands rising from 169 to 251. Classiscam has become more automated, using Telegram bots for rapid phishing site creation. Its main targets are European countries, with UK users losing the highest average amount per scam.
4. Sourcegraph suffers data breach following accidental leakage of admin access token
Sourcegraph, a code search platform, reported a data breach due to an accidentally leaked admin access token. Discovered on August 30, the breach led to unauthorized admin dashboard access and a spike in API usage. Although the malicious user could have accessed some user emails and license keys, customer code and data were not compromised. Sourcegraph has since revoked the user's access and implemented additional security measures. The platform also clarified that that breach did not extend to customer code or data, which are stored in separate, isolated environments.
5. Infamous Chisel mobile malware targeting Ukrainian military Android handsets
Five Eyes intelligence alliance disclosed details of "Infamous Chisel," a mobile malware targeting the Ukrainian military's Android devices. Attributed to Russian state-sponsored actor Sandworm, the malware enables unauthorized access and data theft. The Ukrainian Security Service (SBU) had previously detected unsuccessful attempts to compromise their networks. The malware is part of a larger cyber campaign by Russian forces against Ukraine, including another Kremlin-backed hacking group called Gamaredon, which is escalating attacks to harvest sensitive military data.
See Infosec IQ in action
In this Series
- Forever 21 data breach and Android BadBazaar espionage
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
