Cybersecurity Weekly: Cybercrime-fighting dog, cancelled Netflix accounts hacked, TLS phishing bait
The Midwest gets its first cybercrime-fighting dog. Dead Netflix accounts are getting reactivated by hackers. Cybercriminals are now using green TLS padlocks as phishing bait. All this, and more, in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Midwest gets first cybercrime-fighting dog
Bellevue, Indiana hired the Midwest’s first ever cybercrime-fighting dog to the city’s police force last week. Officer Quinn, a two-year-old black Labrador, is responsible for sniffing out a certain chemical used in electronic storage devices. She can detect devices 18 inches under a wall and through 18 inches of water.
Read more »
2. Santa hacker speaks to girl via smart camera
Video showing a hacker talking to a young girl in her bedroom via her family's Ring camera has been circulating on social media this past week. Amazon said the incident was not related to a security breach. Instead, the incident was a result of a password stuffing attack, in which the hacker reused credentials found in an unrelated breach.
Read more »
3. Dead Netflix accounts reactivated by hackers
Hackers have exploited Netflix's data retention policies to reactivate cancelled customer subscriptions and steal their accounts. Former subscribers noticed a monthly fee months after cancelling their service. This is due to the streaming service storing customer data, including billing information, for ten months after cancellation.
Read more »
4. Green padlocks now used as phishing bait
Cybercriminals have started to find more elaborate ways to steal credentials, such as using free certificate issuing authorities like Let’s Encrypt to lull the victim into a false sense of security. To defend against this phishing tactic, users must not only look for the green TLS padlock but also at the URL to ensure familiarity with the site.
Read more »
5. Another ransomware will now publish victims' data if not paid
The operators of the REvil ransomware announced they will use stolen files and data as leverage to get victims to pay ransoms. While this has been threatened in the past, only recently have ransomware operators followed through. REvil goes on to say that this would be more costly to the victim than paying the ransom.
Read more »
6. Flaw in Elementor and Beaver addons let anyone hack WordPress sites
Security researchers discovered a critical authentication bypass vulnerability in the Elementor and Beaver Wordpress plugins. This vulnerability could allow a remote attacker to gain administrative privileges on a site without the need for a password. Some attackers have already started exploiting this vulnerability within two days of discovery.
Read more »
7. AirDoS attack could make iPhones, iPads unusable via AirDrop attack
The denial-of-service technique allows the attacker to remotely render any nearby iPhone or iPad unusable. It relies on the AirDrop feature that allows Apple users to share documents, photos and files with nearby devices via Bluetooth or Wi-Fi. Researchers demonstrated the possibility to use an AirDoS attack to “infinitely spam” all nearby devices with an AirDrop popup.
Read more »
8. The great $50 million African IP address heist
A top executive at the nonprofit entity responsible for distributing public IP addresses to African organizations resigned last week. This announcement follows accusations that he secretly operated several companies which sold tens of millions of dollars worth of IPv4 addresses to online marketers.
Read more »
9. Data leak exposes 750,000 birth certificate applications
Over 750,000 birth certificate applications have recently been exposed online, according to a report by a penetration testing company. The data was found on an unprotected AWS server, and included sensitive personal information such as name, date of birth, current home address, email and phone number.
Read more »
Phishing simulations & training
10. Ransomware targets healthcare and IT sectors in U.S. and Europe
Cybercriminals are using a new strain of ransomware dubbed Zeppelin against healthcare and IT companies in The United States and Europe. Zeppelin actors appear to have “carefully chosen” their targeted organizations in a campaign that dates back to at least November 6, 2019.
Read more »
In this Series
- Cybersecurity Weekly: Cybercrime-fighting dog, cancelled Netflix accounts hacked, TLS phishing bait
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
