Cybersecurity Weekly: California phished, ransomware tied to Hafnium, MobiKwik breach
A phishing attack leads to a breach at California State Controller. The Hades ransomware gang exhibits connections to Hafnium. MobiKwik suffers a major data breach. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Phish leads to breach at California State Controller
A phishing attack last week gave attackers access to email and files at the California State Controller’s Office, an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers.
2. Hades ransomware gang exhibits connections to Hafnium
The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, including potentially having more than extortion on the to-do list. In one Hades ransomware attack, the Awake team identified a Hafnium domain as an indicator of compromise within the timeline of the Hades attack.
3. MobiKwik suffers major breach
Popular Indian mobile payments service MobiKwik came under fire after 8.2 terabytes of data began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leak also shows that MobiKwik does not delete the card information from its servers even after a user has removed them.
4. New bugs could let hackers bypass Spectre attack mitigations
Cybersecurity researchers disclosed two new vulnerabilities in Linux-based operating systems that could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. The flaws impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20.
5. PHP's Git server hacked to insert secret backdoor to its source code
In another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted php-src repository hosted on the git.php.net server.
6. Flaws in Ovarro TBox RTUs could open industrial systems to remote attacks
As many as five vulnerabilities have been uncovered in Ovarro's TBox remote terminal units that could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. Researchers found that of all the internet-accessible TBox RTUs that were found online, nearly 62.5% of the devices required no authentication.
7. SolarWinds hackers accessed DHS chief's email
The attackers behind the SolarWinds hack managed to access email accounts belonging to several top officials in government. According to the Associated Press, an email account that belonged to Chad Wolf, the former acting head of the Department of Homeland Security, was allegedly breached.
8. 30 Docker images downloaded 20M times in cryptojacking attacks
Cybersecurity researchers discovered 30 malicious Docker images, downloaded 20 million times, that were involved in cryptojacking operations. Half of the discovered images were using a shared mining pool, by which they estimated that threat actors mined $200,000 worth of cryptocurrencies in a two-year period.
9. Harris Federation hit by ransomware attack
A ransomware attack hit the IT systems of London-based nonprofit multi-academy trust Harris Federation on Saturday, March 27. Once discovered the ransomware infection, the IT staff at the nonprofit organization has taken its systems offline along with the email, landline phone systems and students’ devices.
10. Scammers target universities in ongoing IRS phishing attacks
The IRS is warning of ongoing phishing attacks impersonating the IRS and targeting educational institutions. The attacks use tax refund payment baits and mainly focus on universities' staff and students with .edu email addresses. These phishing messages use subject lines such as Tax Refund Payment or Recalculation of your tax refund payment.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: California phished, ransomware tied to Hafnium, MobiKwik breach
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
