X verified accounts hack and SpectralBlur macOS malware
Hackers hijack high-profile verified accounts on X for crypto scams, new SpectralBlur macOS malware allows for remote takeover and 23andMe’s victim-blaming stance. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Hackers hijack official business and govt accounts on X for crypto scams
Cybersecurity researchers recently discovered an alarming trend where hackers target business and govt X accounts to run cryptocurrency scams. Google subsidiary Mandiant is a recent example, with hackers taking over its account to distribute a fake airdrop that emptied cryptocurrency wallets. Accounts with gold and grey checkmarks are the prime targets for cybercriminals due to their perceived reputation and trustworthiness.
2. New SpectralBlur macOS malware allows for remote takeover by hackers
SecurityWeek reports that hackers are targeting high-end MacBooks with a new macOS backdoor labeled SpectralBlur. Identified by Proofpoint's Greg Lesnewich, this malware allows remote execution of commands like file management and system hibernation. Alarmingly, it has been undetected since its upload last year and bears similarities to North Korean hacking group Lazarus’ backdoor. This led researchers to conclude that North Korea is ramping up its attacks against high-value targets, with macOS devices serving as a gateway to sensitive corporate and government data.
3. 23andMe blames victims for recent data breach
TechCrunch reports that 23andMe is blaming its users for a massive data breach impacting 6.9 million users. The breach began with hackers accessing 14,000 accounts through reused passwords. Despite this, 23andMe insists on user negligence. Facing over 30 lawsuits, the company has updated its terms to deter collective legal actions and implemented mandatory multi-factor authentication for enhanced security.
4. Hacker sells Zeppelin ransomware source for $500 on hacking forum
A cybercriminal known as RET announced on a forum the sale of Zeppelin ransomware source code and a cracked builder for $500. While not the author, RET claims to have cracked a builder version of this malware. The sale could lead to new ransomware-as-a-service operations or the development of new Zeppelin family variants. Despite previously found flaws in Zeppelin's encryption, this development raises concerns about new cyber threats.
5. Hackers spoof Orange Spain RIPE account to misconfigure BGP routing
A hacker disrupted Orange Spain's internet service on January 3 by hijacking its BGP traffic through RIPE, the agency that manages IP address allocation. Orange Spain reported on X that the breach affected browsing but not personal data. In response, RIPE has urged users to update passwords and enable two-factor authentication to prevent future incidents.
See Infosec IQ in action
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- X verified accounts hack and SpectralBlur macOS malware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
