WhatsApp data leak, DraftKings accounts takeover and the evolution of Ducktail malware
WhatsApp data leak puts almost 500 million users at risk; cybercriminals drain DraftKings accounts of $300,000 and the new capabilities of Ducktail malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. WhatsApp data leak: nearly 500 million user records for sale
According to an ad posted on a popular hacking community forum, a threat actor claimed they were selling a 2022 database of 487 million WhatsApp mobile numbers. It allegedly contains over 32 million U.S. user records, nearly 10 million Russian phone numbers, and over 11 million UK citizens’ mobile numbers. Overall, the dataset includes WhatsApp user data from 84 countries. Cybernews, the source of this story, requested the threat actor to share a sample of data and, upon investigation, found that all numbers belonged to WhatsApp users.
2. DraftKings account takeovers frame sports-betting cybersecurity
The renowned online betting platform DraftKings recently suffered credential-stuffing attacks—cybercrooks have drained its user accounts of $300,000. The company investigated irregular activity when its users complained of being locked out of their accounts and having their money drained. Soon after, it released a statement confirming the breach. DraftKings believes the login information of the affected users was compromised on other sites and then used to breach their DraftKings accounts where they used the same login credentials.
3. Vietnam-based Ducktail cybercrime operation evolving, expanding
Ducktail, the malware specifically targeting Facebook business users, has been updated with new capabilities to evade detection. Threat actors behind the malware have been using EV (extended validation) certificates lately to sign the payload and have been observed changing these certificates mid-campaign. In another instance, Ducktail targeted victims with archive files through WhatsApp. When the target lacked sufficient permissions to add the adversaries’ email addresses to the relevant Facebook business account, the attackers collected enough details to impersonate the victim and spoof the account via hands-on techniques.
4. Android file manager apps infect thousands with Sharkbot malware
Bitdefender analysts recently discovered fresh trojan apps disguised as file managers on the Google Play Store. The apps have infected devices with the Sharkbot malware, a dangerous trojan that attempts to steal online banking information. The Sharkbot trojan displays fake login prompts over legitimate login forms in banking apps. When a user attempts to log in via the fake form, the credentials are stolen and transmitted to the adversary. One of the malicious apps carrying the malware has been downloaded 10,000 times.
5. Google alerts Gmail users about 5 key holiday season scams
Google has warned Gmail users about five major scams during the holiday season. The email provider advised users to be vigilant about giveaways and gift cards, charities, subscription renewals and crypto payment demands. Additionally, it tells users to watch for identity-based malicious emails, which may include elements specific to their identity or life. An example includes communications from local PTA (parent-teacher association) board members. Even though digital safeguards in Gmail offer good protection, you should always take steps like checking the sender’s email to stay safe.
Phishing simulations & training
In this Series
- WhatsApp data leak, DraftKings accounts takeover and the evolution of Ducktail malware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
