Cybersecurity Weekly: COVID malware, Exchange Server flaw, Botnet dismantled
Coronavirus-themed malware is infecting PCs to steal passwords. A Microsoft Exchange Server flaw is being exploited in APT attacks. A large-scale botnet operation was dismantled by a coalition of security organizations. All this, and more, in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Coronavirus map malware infecting PCs to steal passwords
A new attack is taking advantage of internet users' increased craving for information about the novel coronavirus. The malware specifically targets victims who are looking for maps of the spread of COVID-19 on the internet, and tricks them into downloading and running a malicious application that compromises the computer.
Read more »
2. Microsoft Exchange Server flaw exploited in APT attacks
Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges. The vulnerability in question was fixed as part of Microsoft’s February Patch Tuesday updates, but cybersecurity researchers are still seeing unpatched systems in the wild.
Read more »
3. Researchers warn of Novel PXJ ransomware strain
While PXJ performs functions similar to other ransomware variants, it does not appear to share the same underlying code with most known ransomware families. Researchers first identified PXJ on February 29, after discovering two samples that were uploaded to VirusTotal by a member of the community.
Read more »
4. Necurs botnet operation dismantled, millions of malicious domains disabled
A coalition of security organizations struck a major blow against the Necurs botnet, dismantling its infrastructure in a global takedown. The organization blocked an additional 6 million domains that were predicted to be used by the cybercriminals over the next 25 months.
Read more »
5. Open Exchange Rates data breach affects users of well-known organizations
Open Exchange Rates has announced a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. The service's API is used by companies such as Etsy, Shopify, Coinbase and Kickstarter — all of which have been affected by this data breach.
Read more »
6. New COVID ransomware acts as cover for Kpot infostealer
A new ransomware called CoronaVirus has been distributed through a website pretending to promote the system optimization software and utilities from WiseCleaner. The download links on the site distribute a file called WSHSetup.exe that acts as a downloader for both the CoronaVirus ransomware and a password-stealing trojan called Kpot.
Read more »
7. Crafty web skimming domain spoofs HTTPS
Security researchers recently discovered a new card skimming website that hides in plain sight from its victims. The site’s URL is http.ps, which can easily be mistaken for the standard https:// that precedes secure sites’ URLs. This domain has been stealing payment card details on several other sites over the past few weeks.
Read more »
8. Massive uptick in credential stuffing attacks against bank APIs
According to security researchers, 75 percent of all credential abuse attacks against the financial services industry in 2019 targeted APIs directly, rather than user-facing login pages. Several large-scale credential stuffing attacks saw over 55 million malicious login attempts in a span of only a few hours.
Read more »
9. New Android cookie-stealing malware hijacking Facebook accounts
A new strain of Android malware has been found in the wild that steals users' authentication cookies from web browsers and other apps. Dubbed Cookiethief, the trojan works by acquiring superuser root rights on the target device and transferring stolen cookies to a remote command-and-control server.
Read more »
Phishing simulations & training
10. Critical patch released for wormable SMBv3 vulnerability
Last week, Microsoft released an emergency software update to patch a very dangerous vulnerability in the SMBv3 protocol that lets attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The latest patch is available on Microsoft’s website.
Read more »
In this Series
- Cybersecurity Weekly: COVID malware, Exchange Server flaw, Botnet dismantled
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
