Cybersecurity Weekly: Babuk decryptor, QR codes in phishing attacks, cloud supply chain threat

November 1, 2021 by Sam Fay

Avast released a free decryptor for Babuk ransomware. QR codes help attackers sneak emails past security controls. The SolarWinds attacker targets cloud service providers in a new supply chain threat. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Avast released a free decryptor for Babuk ransomware

Cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys. Researchers determined it will likely work only for victims whose keys were leaked as part of the Babuk source code dump.
Read more »


2. QR codes help attackers sneak emails past security controls

Researchers have observed an attacker using a new technique to sneak phishing emails past enterprise security filters. The emails contained a message that described the QR code as offering access to a missed voicemail and appeared designed to bypass enterprise email gateway scans that are typically only geared to detect malicious attachments and links.
Read more »


3. SolarWinds attacker targets cloud service providers in new supply chain threat

Nobelium, the threat actor behind the supply chain attack on SolarWinds, is now targeting cloud service providers and IT services organizations in a large-scale and ongoing campaign designed to infiltrate systems belonging to downstream customers of these companies. Since May, Nobelium has attacked at least 140 cloud service providers and compromised 14 of them.
Read more »


4. New Shrootless bug could let attackers install rootkit on macOS systems

Last week, Microsoft disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. The vulnerability lies in how Apple-signed packages with post-install scripts are installed.
Read more »


5. Infosec earns 2021 Tech Cares award from TrustRadius

 Infosec announced that it was recognized by TrustRadius with the 2021 Tech Cares Award. This second annual award celebrates companies that have gone above and beyond to provide strong Corporate Social Responsibility. Key areas of CSR evaluated by TrustRadius included volunteerism, DEI, fundraising, workplace culture and environmental sustainability.
Read more »


6. leaked customer data, just like sister firms Jared, Kay Jewelers in 2018

In December 2018, jewelry vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary updated its website to remediate a nearly identical customer data exposure.
Read more »


7. All sectors are now prey as cyber threats expand targeting

While healthcare and education have long been considered the most heavily attacked, that’s shifting.  In the latest FortiGuard Labs Global Threat Report, researchers found that the prevalence of ransomware in those two sectors was lower than managed security service providers, the automotive and manufacturing sectors, telecommunications and government.
Read more »


8. WordPress plugin bug lets subscribers wipe sites

Researchers have discovered a homicidal WordPress plugin that allows subscribers to wipe sites clean of content. The high-severity security flaw is found in Hashthemes Demo Importer, a plugin that’s used in more than 8,000 active installations. The vulnerability allows any authenticated user to completely wipe a vulnerable site.
Read more »


9. Crooks steal $130 million worth of cryptocurrency assets from Cream Finance

According to the experts, the attackers have likely exploited a vulnerability in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their control before splitting them through other wallets. Cream Finance has quickly addressed the flaw. Unfortunately, this is the third time Cream Finance has been hacked this year.
Read more »


10. Over 1 million WordPress sites affected by OptinMonster plugin flaws

A high-severity vulnerability in The OptinMonster plugin can allow unauthorized API access and sensitive information disclosure on roughly a million WordPress sites. The flaw was discovered by Wordfence researcher Chloe Chamberland in September 2021, and the development team behind the plugin addressed it on October 7, 2021.
Read more »


Posted: November 1, 2021
Sam Fay
View Profile