News

X verified accounts hack and SpectralBlur macOS malware

Dan Virgillito
January 9, 2024 by
Dan Virgillito

Hackers hijack high-profile verified accounts on X for crypto scams, new SpectralBlur macOS malware allows for remote takeover and 23andMe’s victim-blaming stance. Catch all this and more in this week’s edition of Cybersecurity Weekly.

Should you pay the ransom?

Should you pay the ransom?

Download The Ransomware Paper for real-world ransomware examples, mistakes and lessons learned.

1. Hackers hijack official business and govt accounts on X for crypto scams

Cybersecurity researchers recently discovered an alarming trend where hackers target business and govt X accounts to run cryptocurrency scams. Google subsidiary Mandiant is a recent example, with hackers taking over its account to distribute a fake airdrop that emptied cryptocurrency wallets. Accounts with gold and grey checkmarks are the prime targets for cybercriminals due to their perceived reputation and trustworthiness.

Read more »

2. New SpectralBlur macOS malware allows for remote takeover by hackers

SecurityWeek reports that hackers are targeting high-end MacBooks with a new macOS backdoor labeled SpectralBlur. Identified by Proofpoint's Greg Lesnewich, this malware allows remote execution of commands like file management and system hibernation. Alarmingly, it has been undetected since its upload last year and bears similarities to North Korean hacking group Lazarus’ backdoor. This led researchers to conclude that North Korea is ramping up its attacks against high-value targets, with macOS devices serving as a gateway to sensitive corporate and government data.

Read more »

3. 23andMe blames victims for recent data breach

TechCrunch reports that 23andMe is blaming its users for a massive data breach impacting 6.9 million users. The breach began with hackers accessing 14,000 accounts through reused passwords. Despite this, 23andMe insists on user negligence. Facing over 30 lawsuits, the company has updated its terms to deter collective legal actions and implemented mandatory multi-factor authentication for enhanced security.

Read more » 

4. Hacker sells Zeppelin ransomware source for $500 on hacking forum

A cybercriminal known as RET announced on a forum the sale of Zeppelin ransomware source code and a cracked builder for $500. While not the author, RET claims to have cracked a builder version of this malware. The sale could lead to new ransomware-as-a-service operations or the development of new Zeppelin family variants. Despite previously found flaws in Zeppelin's encryption, this development raises concerns about new cyber threats.

Read more » 

5. Hackers spoof Orange Spain RIPE account to misconfigure BGP routing

A hacker disrupted Orange Spain's internet service on January 3 by hijacking its BGP traffic through RIPE, the agency that manages IP address allocation. Orange Spain reported on X that the breach affected browsing but not personal data. In response, RIPE has urged users to update passwords and enable two-factor authentication to prevent future incidents.

Read more »

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.