Twitter private tweets bug and Cisco phone router vulnerabilities
Twitter admits security bug disclosed private Circle tweets, Cisco warns of a critical flaw in phone adapters and the Android FluHorse malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Twitter says a bug caused private Circle tweets to become public
In a recent disclosure, Twitter revealed a security incident that caused private tweets sent to Twitter Circles to be displayed publicly to non-Circle users. Twitter Circles is a privacy feature that allows users to send tweets to a select group of people while keeping them private from the public. The incident occurred in April 2023 and affected several users. Twitter has notified impacted users and has stated that their security team immediately fixed the issue. The social media company did not provide further details about the incident.
2. Cisco confirms the presence of a severe vulnerability in specific phone adapters
Cisco has warned of a severe security flaw in its SPA112 2-Port phone adapters that could allow remote hackers to execute arbitrary code on vulnerable devices. The flaw is rated 9.8 out of 10 on the CVSS scoring system and is caused by a missing authentication process within the firmware upgrade function. Cisco has no plans to issue a fix due to end-of-life status but recommends migration to a Cisco ATA 190 Series Analog Telephone Adapter. The company has reported no evidence of the flaw being exploited maliciously.
3. New Android FluHorse malware steals 2FA codes, passwords and more
Check Point Research has discovered a new malware called FluHorse, which targets Android devices in Eastern Asia. The malware is spread via email and steals sensitive data like credit card information, passwords, and 2FA codes. Victims receive links to fake versions of legitimate apps, including a Taiwanese toll-collection app and a Vietnamese banking app. As soon as they install any of these apps, the malware requests SMS access to steal 2FA codes. The malware then copies the user's information, including credit card data. Check Point warns that this is an ongoing threat and users should be cautious about sharing personal information online.
4. Ransomware gang hijacks university’s emergency alert system, issues threats
Bluefield University, a private university in Virginia, was recently targeted by the Avos ransomware gang. The group hijacked the university's emergency broadcast system, RamAlert, to inform students and staff that their data had been stolen and would be released if the university did not pay a ransom demand. The gang also threatened to leak thousands of students' personal data on a dark web blog. Bluefield University claimed there was no evidence of financial fraud or identity theft but admitted their emergency alert system had been hacked. The use of the alert system is a novel extortion method by ransomware groups.
5. Cybercriminals using double DLL sideloading to prevent detection
Sophos’ researchers have spotted APT hacking group Dragon Breath using complex variations of the classic DLL sideloading technique to bypass detection. The new attack vector utilizes applications like WhatsApp and Telegram to sideload second-stage payload and then sideload a malicious malware loader DDL. The campaign targets Chinese Windows users in Japan, China, Taiwan and other Asian countries. Using “double DLL sideloading” techniques, the APT group can evade detection and obfuscate their attacks, making it challenging for defenders to adapt to their attack patterns and secure their networks effectively.
Phishing simulations & training
In this Series
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
