Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
DarkGate hackers use Skype to distribute malware, PC gaming service Shadow PC hit by data breach and FBI warns of AvosLocker ransomware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. DarkGate hackers use compromised Skype accounts to infect targets with malware
Trend Micro recently revealed that, from July to September, DarkGate threat actors used compromised Skype accounts to send malicious payloads. They utilized existing chat histories to craft deceptive file names, making their malicious intent harder to detect. The group's overarching goal was to secure full system access and introduce threats such as ransomware and cryptomining. This surge in activity "underscores the growing influence of this malware-as-a-service (MaaS) operation within the cybercriminal sphere," Bleeping Computer reported.
2. PC gaming giant Shadow suffers data breach exposing customer info
French tech firm Shadow recently suffered a data breach that compromised customer details. As confirmed by its CEO Eric Sèle, the hack stemmed from a sophisticated social engineering attack initiated on Discord and involved malware disguised as a game on Steam. Despite quick action, hackers tapped into a SaaS provider's interface, accessing names, emails, birthdates, billing details and card expiry dates of over 530,000 users. While Shadow has bolstered security measures, they urge customers to use multi-factor authentication and scrutinize emails closely.
3. Hackers still using LinkedIn smart links to conduct phishing attacks
Email security firm Cofense recently uncovered a phishing campaign that uses LinkedIn's smart links to target Microsoft users. Hackers sent over 800 phishing emails containing 80 unique smart links to professionals across multiple industries. The primary targets include employees from the financial and manufacturing sectors, although other industries have also been affected. Cofense suggests that the campaign's broad reach implies a general intent to gather as many credentials as possible rather than targeting a specific organization or sector.
4. Feds warn of growing AvosLocker ransomware campaign targeting critical infrastructure
The U.S. Cybersecurity Infrastructure and Security Agency (CISA) and FBI recently cautioned against AvosLocker, a ransomware-as-a-service operation that has been increasingly targeting the country's vital industries. AvosLocker's broad targeting includes various operating systems and relies heavily on genuine and open-source tools for hacking. Following system compromise, the group both encrypts and offloads data for further extortion. With ransomware attacks escalating, CISA advises critical service providers to employ cybersecurity best practices like network division and multifactor authentication.
5. Researchers discover backdoor disguised as WordPress Caching plugin
Defiant analysts recently spotted deceptive malware posing as a WordPress caching plugin. Equipped with features like rogue user creation and content alteration, it jeopardizes website SEO and user safety. Unsuspecting users may be redirected to rouge websites, where hackers have bots for spoofing their personal information. Defiant has swiftly responded by introducing tools to detect and combat this threat.
Phishing simulations & training
In this Series
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
