News

Staples cyberattack, Agent Racoon backdoor and other news

Dan Virgillito
December 4, 2023 by
Dan Virgillito

Staples confirms cyberattack behind online order disruption, hacker uses new Agent Racoon malware to backdoor U.S. and other entities, and the BLUFFS Bluetooth attack. Catch all and more in this week’s edition of Cybersecurity Weekly.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

1. Staple discloses cyberattack caused system outages and order disruptions

American retailer Staples recently encountered a cyberattack that caused it to shut down key systems in order to protect customer data. Reports on Reddit surfaced about internal operation issues affecting email access, VPNs, phone lines and more. In response, the company acknowledged a cybersecurity risk that disrupted business functions and online orders. This latest security incident follows a 2020 data breach and a major outage at Staples-owned Essendant earlier this year.

Read more »

2. Threat actor uses new Agent Racoon backdoor to infiltrate U.S. and African entities

An unknown threat actor is targeting organizations across the U.S., Africa and Middle East with a new backdoor malware named Agent Racoon. Palo Alto Networks' Chema Garcia reports that this malware leverages the .NET framework and DNS protocol to sneak in and provide backdoor access. The victims range from education to nonprofit to government sectors and more. While the cybersecurity firm hasn’t profiled the attacker, it thinks a nation-state might be behind this infiltration due to the attack patterns and sophisticated evasion techniques.

Read more »

3. New BLUFFS attack enables cybercriminals to hijack Bluetooth sessions

Eurecom researchers have discovered a series of attacks that enable hackers to compromise Bluetooth security. Dubbed BLUFFS, these attacks affect Bluetooth versions 4.2 to 5.4 and can lead to device impersonation and man-in-the-middle attacks. The firm suggests users reject connections with weak security and use ‘Security Mode 4 Level 4' to ensure better encryption.

Read more »

4. New FjordPhantom Android malware uses virtualization to remain undetected

Security experts have found a new Android malware called FjordPhantom that uses virtualization to evade detection. FjordPhantom is designed to run apps in virtual containers, which enables it to access files and other memory across different apps without the usual need for root access. Hackers are spreading it via fake apps and social engineering, with one infiltration in Thailand resulting in a loss of about $280,000. To avoid this threat, researchers advise users to be careful about downloading apps from non-official sources.

Read more »

5. Cactus ransomware targets Qlik Sense vulnerabilities to exploit networks

Arctic Wolf Labs reports that hackers recently hit large organizations with Cactus ransomware by exploiting Qlik Sense vulnerabilities. They gained system control using PowerShell and BITS, downloading tools like AnyDesk and a modified Plink binary. The attackers also removed Sophos' security, changed passwords and set up RDP tunnels for data theft and disk space analysis. Eventually, they deployed Cactus ransomware. Arctic Wolf Labs links these attacks to a single group, while security expert Kevin Beaumont urges prompt patching due to the rising threat.

Read more »

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.