News

Moscow ISP revenge hack and Microsoft Sharepoint bug warning

Dan Virgillito
January 15, 2024 by
Dan Virgillito

Ukrainian cyber group takes down Moscow ISP in revenge hack, CISA warns about exploitation of critical SharePoint vulnerability and fake 401K statements decoy. Catch all this and more in this week’s edition of Cybersecurity Weekly.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

1. Ukraine claims responsibility for Moscow internet service provider hack

Ukrainian hackers linked to the country's spy agency breached Moscow-based M9 Telecom in retaliation for a Russian cyber attack on Kyivstar, Ukraine's largest telecom operator. The group, known as "Blackjack" and connected to Ukraine's Security Service, deleted 20 terabytes of data, causing internet outages in Moscow. The CEO of M9 Telecom declined to comment on the attack, and its full extent remains unverified.

Read more »

2. CISA warns of critical SharePoint privilege escalation vulnerability

CISA warns that hackers are exploiting a critical SharePoint vulnerability that allows admin privilege escalation. Identified as CVE-2023-29357, attackers can combine it with another vulnerability to execute arbitrary code. STAR Labs' Jang demonstrated this exploit chain at Pwn2Own 2023, following which a proof-of-concept was released on GitHub.

Read more »

3. Threat actors use fake 401k year-end statements to spoof corporate credentials

Cofense reports that hackers are using fake 401(k) updates, salary changes, and performance reports to steal employee credentials. They send phishing emails posing as HR, with QR codes leading to fraudulent sites. This tactic fools even employees at companies with strong email security. Cofense advises HR departments to clearly schedule real communications to help employees spot these scams.

Read more »

4. Medusa ransomware gang ramp up activities with new attacks identified

Palo Alto Networks' Unit 42 reports that the Medusa ransomware group is intensifying its activities. Using a blog and a Telegram channel, Medusa posts stolen data and pressures victims with ransom demands, including double extortion for decryption and preventing data leaks. Their transparent extortion methods have affected 74 organizations, underscoring the growing threat of ransomware and the need for robust cybersecurity measures.

Read more »

5. Hackers exploit Ivanti VPN zero-days to deploy custom malware

Mandiant reports that hackers have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure for espionage since December 2023. Tracked as CVE-2023-46805 and CVE-2024-21887, these flaws allow attackers to bypass authentication and inject arbitrary commands. UNC5221, the threat group behind these exploits, used the opportunity to deploy multiple families of custom malware.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.