Cybersecurity Weekly: California school ransomware, Office Sway phishing campaign, SNAKE ransomware
A ransomware attack causes a California school district to teach with pen and paper for the week. A new phishing campaign is hosting landing pages on Office Sway. A new strain of ransomware targets business networks. All this, and more, in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Ransomware hits, but doesn’t stop, the Pittsburg Unified School District
The Pittsburg Unified School District is recovering from a ransomware attack over the holiday break, but school remains open as usual. The superintendent announced to students and families that they will be teaching and learning without laptops and internet while the school’s IT department recovers from the attack.
Read more »
2. SNAKE ransomware targets business networks
The new SNAKE strain of ransomware joins other popular ransomware families such as Ryuk, Maze and Sodinokibi. Security researchers noted trends of ransomware shifting their focus from individuals to enterprises to maximize profits. Unlike other ransomware, SNAKE is designed to target the entire network rather than individual computers or servers.
Read more »
3. Attackers increase focus on North American electric utilities
In recent months, four hacker organizations expanded their attack efforts against electric utilities in North America. One of these organizations is notorious for targeting utilities, aerospace firms and oil-and-gas companies. An October 2019 report revealed that only 42% of surveyed security professionals felt their organization was prepared for an attack.
Read more »
4. Office 365 phishing emails point to Office Sway
A new phishing campaign was spotted by security researchers last week that hosts the landing page on an Office Sway site. The malicious site will often spoof Microsoft applications, such as Sharepoint or Office 365. If the user is logged into an Office account, links on the page will lead to familiar account pages, making the spoof even more convincing.
Read more »
5. Hospital breach exposes sensitive data on 50,000 patients
A security incident at Alomere Health involved the hacking of two employee email accounts. The company discovered “portions” of patient information were exposed via email attachments in the compromised accounts. Exactly how much of the information that was exfiltrated by the hackers is still under review.
Read more »
6. City of Las Vegas suffers a cyberattack
A cyberattack breached the city’s computer systems last week, but it is not immediately clear if any sensitive data was exposed. Officials pointed out that city networks receive about two million emails, which means attackers “likely compromised the internal network of the city through a malicious email.”
Read more »
7. Google removes over 1,700 joker malware infected apps from Play store
Roughly 1,700 applications infected with the Joker Android malware were removed by Google's Play Protect from the Play Store since the company started tracking it in early 2017. The malware's operators use malicious apps to trick victims into purchasing various types of content via their phone bill.
Read more »
8. Over 56 million U.S. residents' records exposed on Chinese server
Found by a white-hat hacker in early January, the huge data store includes names, home addresses, phone numbers and ages. The size of the database is 22GB and included metadata that links the collection to CheckPeople.com. The hacker said in an interview that “the data is harmless by itself, but could be combined with other data sources for malicious purposes.”
Read more »
9. Researchers demonstrate how to hack any TikTok account by sending SMS
The Chinese video-sharing app contained dangerous vulnerabilities that allowed remote attackers to hijack any user account just by knowing the mobile number of targeted victims. Chaining multiple vulnerabilities allowed security researchers to remotely execute malicious code on the victims’ devices without their consent.
Read more »
See Infosec IQ in action
10. Critical Firefox 0-day under active attacks
Late last week, Mozilla released a new Firefox version to patch a critical zero-day vulnerability that an undisclosed group of hackers is actively exploiting in the wild. This type of flaw occurs when the code blindly uses objects without checking their type, allowing attackers to crash the application or execute arbitrary code.
Read more »
In this Series
- Cybersecurity Weekly: California school ransomware, Office Sway phishing campaign, SNAKE ransomware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
