Cybersecurity Weekly: California phished, ransomware tied to Hafnium, MobiKwik breach

March 31, 2021 by Sam Fay

A phishing attack leads to a breach at California State Controller. The Hades ransomware gang exhibits connections to Hafnium. MobiKwik suffers a major data breach. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Phish leads to breach at California State Controller

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office, an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers.
Read more »


2. Hades ransomware gang exhibits connections to Hafnium

The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, including potentially having more than extortion on the to-do list. In one Hades ransomware attack, the Awake team identified a Hafnium domain as an indicator of compromise within the timeline of the Hades attack.
Read more »


3. MobiKwik suffers major breach

Popular Indian mobile payments service MobiKwik came under fire after 8.2 terabytes of data began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leak also shows that MobiKwik does not delete the card information from its servers even after a user has removed them.
Read more »


4. New bugs could let hackers bypass Spectre attack mitigations

Cybersecurity researchers disclosed two new vulnerabilities in Linux-based operating systems that could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. The flaws impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20.
Read more »


5. PHP’s Git server hacked to insert secret backdoor to its source code

In another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted php-src repository hosted on the server.
Read more »


6. Flaws in Ovarro TBox RTUs could open industrial systems to remote attacks

As many as five vulnerabilities have been uncovered in Ovarro’s TBox remote terminal units that could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. Researchers found that of all the internet-accessible TBox RTUs that were found online, nearly 62.5% of the devices required no authentication.
Read more »


7. SolarWinds hackers accessed DHS chief’s email

The attackers behind the SolarWinds hack managed to access email accounts belonging to several top officials in government. According to the Associated Press, an email account that belonged to Chad Wolf, the former acting head of the Department of Homeland Security, was allegedly breached.
Read more »


8. 30 Docker images downloaded 20M times in cryptojacking attacks

Cybersecurity researchers discovered 30 malicious Docker images, downloaded 20 million times, that were involved in cryptojacking operations. Half of the discovered images were using a shared mining pool, by which they estimated that threat actors mined $200,000 worth of cryptocurrencies in a two-year period.
Read more »


9. Harris Federation hit by ransomware attack

A ransomware attack hit the IT systems of London-based nonprofit multi-academy trust Harris Federation on Saturday, March 27. Once discovered the ransomware infection, the IT staff at the nonprofit organization has taken its systems offline along with the email, landline phone systems and students’ devices.
Read more »


10. Scammers target universities in ongoing IRS phishing attacks

The IRS is warning of ongoing phishing attacks impersonating the IRS and targeting educational institutions. The attacks use tax refund payment baits and mainly focus on universities’ staff and students with .edu email addresses. These phishing messages use subject lines such as Tax Refund Payment or Recalculation of your tax refund payment.
Read more »

Posted: March 31, 2021
Sam Fay
View Profile