Cybersecurity Weekly: Card details listed for sale, new phishing attack spotted, Sprint support conversations exposed
Hackers list 30 million stolen payment card details for sale from the recent Wawa attack. Microsoft detects a new phishing attack that uses HTML attachments. Sprint exposed private customer conversations to the web. All this, and more, in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Hackers list 30 million stolen payment card details for sale
Last December, Wawa convenience stores announced a breach that affected an unknown number of customers who shopped there in 2019. Hackers uploaded 30 million credit cards to Joker’s Stash, one of the largest dark web marketplaces for cybercriminals to buy and sell payment card data.
Read more »
2. Microsoft detects new TA505 malware attacks
Microsoft detected an ongoing TA505 phishing campaign delivering malicious Excel documents. This is the first time Microsoft has seen threat actors adopt an HTML attachment redirection technique. This attack looks like an HTML attachment that automatically downloads the infected Excel document.
Read more »
3. Sprint exposed private customer conversations to web
Shortly after Microsoft leaked internal customer support data to the Internet, Sprint exposed posts in a private customer support community to the internet. A configuration error allowed search engines to crawl through private sections of the community, some of which contained minimal customer data.
Read more »
4. Collating hacked data sets
As part of a project, two Harvard undergraduates obtained several stolen datasets from the dark web. Then they correlated the information and combined it with additional, publicly available information to build an even richer database — including data on individuals’ net worth and password reuse habits.
Read more »
5. Hackers blitz social media accounts of 15 NFL teams
Fifteen NFL teams had their social media accounts hacked last week. After This attack was performed by the same group of attackers that breached the social media accounts of Google CEO Sundar Pichai and Twitter co-founder Jack Dorsey.
Read more »
6. Mozilla banned hundreds of malicious Firefox add-ons over the last few weeks
Over the past two weeks, Mozilla banned 197 Firefox add-ons for executing malicious code and stealing user data. Mozilla also disabled malicious add-ons in the browsers that already had them installed. Most of the add-ons used obfuscation to hide their source code and downloaded and executed code from a remote server.
Read more »
7. City of Potsdam offline following a cyberattack
The German City of Potsdam suffered a major cyberattack that took down its servers earlier this week. Emergency services and payments were not affected, but the rest of the city’s operations were shut down to contain and mitigate the damage. City officials announced that email will not flow in or out while they recover from the attack.
Read more »
8. TrickBot launches quietly using new Windows 10 UAC bypass
The TrickBot trojan recently switched to a new Windows 10 UAC bypass. This will allow it to execute itself with elevated privileges without showing a User Account Control prompt. Since this is not considered a high priority to Microsoft, it could be several weeks or months before the bypass is fixed.
Read more »
9. 97% of airports show signs of weak cybersecurity
Security researchers examined 100 of the world’s largest airports, and only found three that passed their web and app security assessment. The vast majority of web apps used outdated software and were not GDPR-compliant. The only airports that passed were Schiphol Airport in Amsterdam, Helsinki-Vantaa Airport in Finland and Ireland’s Dublin Airport.
Read more »
10. Microsoft invites gamers and researchers to new Xbox bug bounty program
See Infosec IQ in action
Microsoft invited gamers, security researchers and technologists to identify and report security vulnerabilities in Xbox networks and services. Bounty rewards will range from $500 to $20,000 depending on the severity of the issue. Included in the program are remote code execution, privilege escalation, security bypass and information disclosure vulnerabilities.
Read more »
In this Series
- Cybersecurity Weekly: Card details listed for sale, new phishing attack spotted, Sprint support conversations exposed
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
