Airlines disclose pilot data breach and the Microsoft Teams bug
Major global airlines disclose data breach exposing pilot credentials, Microsoft Teams bug enables malware delivery from external users and the Github RepoJacking threat. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Southwest Airlines and American Airlines disclose vendor breach affecting pilots
Global airline carriers American Airlines and Southwest Airlines recently disclosed data breaches caused by a hack on third-party vendor Pilot Credentials. On April 30, an unauthorized individual accessed the vendor's systems, stealing documents containing the personal information of cadet applicants and official pilots. Southwest Airlines reported 3,900 affected individuals, whereas American Airlines reported 5,745 affected individuals. Both airlines have terminated their relationship with the vendor and are cooperating with law enforcement.
2. Microsoft Teams vulnerability allows external users to inject malware
Security researchers at UK-based company Jumpsec have discovered a method to deliver malware via Microsoft Teams, even with restrictions on files from external sources. The default configuration of Teams allows communication with external tenant accounts, which the researchers exploited to send a malicious payload directly to a target inbox. By manipulating the internal and external recipient IDs in a message's POST request, they were able to bypass client-side protections. Microsoft has been notified but deemed the issue not urgent for immediate servicing.
3. RepoJacking is a threat to millions of GitHub repositories
Aqua Security's Nautilus research group has discovered a vulnerability known as RepoJacking, which puts millions of GitHub repositories at risk. RepoJacking occurs when a malicious actor registers a username previously used by an organization, creating a repository that appears legitimate but is controlled by the attacker. The vulnerability can lead to remote code execution on internal systems or customer environments. Researchers found that 2.95% of a sample of 1.25 million repositories were vulnerable, suggesting potentially over 300 million vulnerable repositories on GitHub.
4. New MULTI#STORM RAT campaign aims for India and the U.S.
A sophisticated phishing campaign known as MULTI#STORM is targeting the U.S. and India by utilizing JavaScript files to deliver remote access trojans (RATs) on compromised systems. The attack involves a multi-stage process where victims click on an embedded link in an email, leading them to a password-protected ZIP file hosted on Microsoft OneDrive. After extraction, a JavaScript file executes PowerShell commands to retrieve and execute payloads, including a Python-based executable acting as a dropper. The attack concludes with the deployment of Warzone RAT, which can harvest sensitive data and download additional malware. People are advised to be vigilant when opening emails, especially those emphasizing urgency.
5. UPS confirms data breach after hackers use customer data for SMS phishing
UPS has issued a data breach notification to customers, revealing that their personal information may have been exposed through phishing attacks. The company discovered that attackers used its package look-up tools to access recipient details, including addresses, names and potentially order numbers and phone numbers. The breach occurred between February 2022 and April 2023. Threat actors posing as legitimate companies sent fraudulent SMS demanding payment for delivery. UPS is working with law enforcement and partners to address the situation.
Phishing simulations & training
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Airlines disclose pilot data breach and the Microsoft Teams bug
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
