Cybersecurity Weekly: COVID ransomware truce, Sodinokibi selling data, Windows EoS delayed
A hacking group promises to stop attacking medical units until COVID-19 cools down. Sodinokibi ransomware data leaks are now sold on hacker forums. Microsoft delays Windows 10 1709 end of service due to pandemic. All this, and more, in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Hacking group promises to stop attacking medical units until COVID-19 cools down
The Maze Team ransomware gang, infamous for shutting down hospitals and clinics with ransomware, said it will stop attacking the healthcare sector until the Coronavirus crisis is under control. They’re going so far as to offer discounts for some victims while completely halting targeted attacks against the healthcare industry.
Read more »
2. Sodinokibi ransomware data leaks now sold on hacker forums
Ransomware victims who have their stolen files leaked are now facing a bigger nightmare as other hackers and criminals sell and distribute the released files on hacker forums. Following in Maze’s footsteps, several new ransomware operators are beginning to release stolen files for purchase on dark web marketplaces.
Read more »
3. Microsoft delays Windows 10 1709 end of service due to pandemic
To help ease the transition to the updated version of its operating system, Microsoft is pushing back the scheduled end of service date of Windows 10, version 1709 to October 2020. Originally scheduled for end of service in April 2020, version 1709 will receive monthly security updates from May to October.
Read more »
4. Security flaws found in popular password managers
According to security researchers, several popular password managers contain security vulnerabilities that could be exploited to breach the tools. They uncovered a total of four new vulnerabilities, including a flaw in the 1Password and LastPass Android applications that made them susceptible to phishing attacks.
Read more »
5. Cyberattacks ramp up amid pandemic, work from home prep uneven
A poll of Threatpost readers shows that security preparedness is uneven as organizations make an unprecedented transition to remote working. While most respondents said they feel prepared from a security standpoint for this transition, 40 percent of those companies reported seeing increased cyberattacks as they enable remote working.
Read more »
6. Rogers data breach exposed customer info in unsecured database
In a data breach notification posted to their site, Rogers states that they learned on February 26th that a vendor database containing customer information was unsecured and publicly exposed to the Internet. Included in the data breach were addresses, account numbers, email addresses and telephone numbers.
Read more »
7. Phishing emails push fake government stimulus checks
Last week, the FBI warned of an ongoing phishing campaign that uses fake government economic stimulus checks as bait to steal personal information from victims. Similar campaigns might also ask potential victims for donations to various charities, promise general financial relief and airline carrier refunds as well as try to push fake COVID-19 testing kits.
Read more »
8. Misconfigured Elasticsearch instance exposes over five billion records
An open Elasticsearch instance exposed over five billion records in an incident discovered on March 16. The data in that instance appears to be information on data breaches collected by a UK-based research firm from 2012 to 2019. The data was taken offline by the owner within an hour of being notified by security researchers.
Read more »
9. Security breach disrupts fintech firm Finastra
Finastra, a company that provides technology solutions to banks worldwide, shut down key systems in response to a security breach discovered late last week. The company’s public statement does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.
Read more »
Phishing simulations & training
10. TrueFire guitar tutoring website suffers Magecart-like credit card breach
Online guitar tutoring website TrueFire has reportedly suffered a Magecart style data breach incident. The data breach notification reveals that an attacker gained unauthorized access to the company's web server somewhere around mid last year and stole payment information of customers that were entered into its website for over five months.
Read more »
In this Series
- Cybersecurity Weekly: COVID ransomware truce, Sodinokibi selling data, Windows EoS delayed
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
