Cybersecurity Weekly: Citrix backdoor, Amazon data leak, Equifax to spend on data security
Hackers patch Citrix servers to deploy their own backdoor. Amazon fires employees for leaking customer data. Equifax commits to spending $1 billion on data security under data breach settlement. All this, and more, in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Maze ransomware operators leak 14GB of files stolen from Southwire
The operators behind the Maze ransomware set up a website where they published the names of eight companies that refused to pay the ransom. After their latest victim, Southwire, refused to pay a $6 million ransom, Maze released an additional 14GB of the total 120GB they stole from the cable manufacturer.
Read more »
2. Hackers set up site selling temporary Social Security numbers
A group of hackers set up a scam site claiming to offer financial compensation to users whose personal data appeared in data leaks. Despite posing as the Federal Trading Commission, this scheme accepts victims from any country and offers to sell "temporary Social Security numbers" to those who don't have one.
Read more »
3. Amazon fires employees for leaking customer data
Last week, Amazon sent an email to affected customers that an employee had been terminated for sharing their email addresses and phone numbers to a third party. Amazon confirmed the incident but did not disclose how many customers were affected. The company is supporting local law enforcement in an investigation into the breach.
Read more »
4. FBI to warn state officials of election infrastructure cyber threats
The new internal policy was prompted by the need to make sure that security incidents can be mitigated quickly. That mitigation directly depends on delivering cyber incident notifications as soon as possible to the right people after a threat is detected.
Read more »
5. Hacker lists 49 million user records for sale from U.S. data broker
49 million user records from U.S. data broker LimeLeads were available for sale on a hacking forum last week. The company failed to configure its Elasticsearch server and accidentally exposed it online, allowing anyone to access its content. A threat actor could launch an elaborate spearphishing attack using the stolen data.
Read more »
6. FBI seize WeLeakInfo.com for selling info from data breaches
Last week, the FBI seized the WeLeakInfo.com domain for selling subscriptions to data exposed in breaches. We Leak Info compiled almost 12.5 billion records stolen from data breaches and allowed users to pay to access it. To access this data, visitors could subscribe to various plans ranging from a $2 trial to a $70 three-month, unlimited access account.
Read more »
7. Hackers patch Citrix servers to deploy their own backdoor
Security experts are monitoring a spike in attacks against Citrix servers after researchers uncovered exploits for a recent vulnerability. The attack involves patching the vulnerable Citrix servers, installing their own backdoor and locking out any other threats. Estimates project 80,000 companies to be at risk of this attack.
Read more »
8. Equifax will spend $1 billion on data security under data breach settlement
On January 13, a federal court approved the proposed settlement for the class action suit filed against Equifax. Part of this settlement included the commitment “to spend a minimum of $1 billion for data security and related technology over five years and to comply with comprehensive data security requirements.”
Read more »
9. More Health Quest patients added to phishing attack victims
New York-based Health Quest recently began another round of breach notification letters after discovering more patient data was compromised during a 2018 phishing attack. Health Quest has since implemented multi-factor authentication on its email system and provided employees with additional phishing-related training.
Read more »
Phishing simulations & training
10. Phishing for apples, bobbing for links
Security researchers have noticed a rise in iPhone-specific phishing campaigns in the wild over the past few months. These scams have taken the form of emails as well as text messages, both with hyperlinks to fraudulent Apple-related websites. Most of the observed campaigns invoked a sense of urgency or warned of dire consequences if no action was taken.
Read more »
In this Series
- Cybersecurity Weekly: Citrix backdoor, Amazon data leak, Equifax to spend on data security
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
