Cybersecurity Weekly: DNS flaw, Natura data leak, ZLoader banking malware
A new DNS vulnerability lets attackers launch large-scale DDoS attacks. Cosmetic brand Natura exposes personal details of its users. The ZLoader banking malware has been deployed in over 100 campaigns. All this, and more, in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. New DNS vulnerability lets attackers launch large-scale DDoS attacks
Cybersecurity researchers disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale DDoS attacks to take down targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice.
Read more »
2. Cosmetic brand Natura exposes personal details of its users
Brazil's biggest cosmetics company, Natura, accidentally left hundreds of gigabytes of its customers' personal and payment-related information accessible online that could have been accessed by anyone without authentication. Security researchers found over 1.5 terabytes of data in a public-facing database.
Read more »
3. ZLoader banking malware deployed in over 100 campaigns
A banking malware called ZLoader, last seen in early 2018, has been spotted in more than 100 email campaigns since the beginning of the year. The trojan is under active development with 25 versions seen in the wild since its comeback in December 2019, with the latest observed this month. The malicious email campaigns target users with COVID-19 topics and invoices.
4. Police arrest hacker who tried selling billions of stolen records
Ukrainian police arrested a hacker who made headlines in January 2019 by posting a massive database containing 773 million stolen email addresses and 21 million unique plaintext passwords for sale on various underground hacking forums. In an official statement, police identified the hacker by his screen name Sanix.
Read more »
5. Mathway investigates data breach after 25 million records sold on dark web
Earlier this month, a cyber intelligence firm tracked a potential data breach of Mathway after a purported database was being sold in private sales. This week, a data breach seller known as Shiny Hunters began to publicly sell an alleged Mathway database on a dark web marketplace for $4,000.
Read more »
6. Bluetooth flaw exposes devices to BIAS attacks
A team of cyber researchers uncovered a new vulnerability in the Bluetooth wireless communication protocol that exposes a wide range of devices, such as smartphones, laptops, and smart-home devices, to bluetooth impersonation attacks. Any standard-compliant Bluetooth device can be expected to be vulnerable.
Read more »
7. Hackers tried to use Sophos zero-day to deploy ransomware
Hackers tried to exploit a zero-day in the Sophos XG firewall to distribute ransomware to Windows machines but were blocked by a hotfix. At the end of April, attackers utilized a zero-day SQL injection vulnerability that leads to remote code execution in Sophos XG firewalls. Attackers used this vulnerability to install various ELF binaries and scripts.
8. Silent Night banking trojan charges top dollar on the underground
A descendant of the infamous Zeus banking trojan, dubbed Silent Night, has emerged on the scene with a host of functionalities available in a spendy malware-as-a-service model. Custom builds can run as much as $4,000 per month to use, which is now placing the code out of the range of any but large cybercriminal groups.
Read more »
9. Supreme Court phish targets Office 365 credentials
A highly-targeted phishing attack pretends to deliver subpoenas, but actually ends up collecting victims’ Office 365 credentials. The ongoing campaign hit several C-Suite level victims thus far. The phishing emails spoof the U.S. Supreme Court, aiming to capitalize on scare tactics to convince targets to click on an embedded link.
Read more »
See Infosec IQ in action
10. Ragnar Locker ransomware uses virtual machines for evasion
The Ragnar Locker ransomware has been deploying a full virtual machine to ensure that it can evade detection. The cybercriminals behind Ragnar Locker use various exploits or target Remote Desktop Protocol connections to compromise networks and steal data from targeted networks prior to deploying ransomware.
Read more »
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: DNS flaw, Natura data leak, ZLoader banking malware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
