Cybersecurity Weekly: DNS vulnerabilities, W-2 phishing scam, Google URL malware
DNS vulnerabilities affect over 100 million devices. A W-2 phishing scam is targeting the 2021 tax season. Microsoft warns of malware delivery via Google URLs. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. DNS vulnerabilities affect over 100 million devices
Last week, security researchers disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. The flaws could be leveraged to take affected devices offline or to gain control over them.
2. W-2 phishing scam targeting the 2021 tax season
With the United States’ tax season in high gear, threat actors have sprung into action with a recent tax document phishing scam that abuses TypeForm forms to steal login credentials. The scam starts with users receiving an email pretending to be from OneDrive where a file named 2020_TaxReturn&W2.pdf is shared with the user.
3. Microsoft warns of malware delivery via Google URLs
Microsoft warned organizations of a new attack campaign that uses legitimate website contact forms to deliver malicious links to businesses via emails containing fake legal threats. Analysts believe the influx of emails stemming from contact forms indicates the attackers may have automated the process by bypassing CAPTCHA protections.
4. BRATA malware poses as Android security scanners
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. The apps in question were designed to target users in Brazil, Spain and the U.S., with most of them accruing anywhere between 1,000 and 5,000 installs.
5. RCE exploit released for unpatched Chrome and Opera browsers
A security researcher has published a proof-of-concept exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera and Brave. The working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers.
6. Upstox suffers data breach leaking 2.5 million users' data
Online trading and discount brokerage platform Upstox became the latest company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth and bank account information.
7. Adobe fixes critical vulnerabilities in Photoshop and Digital Editions
The company addressed ten security vulnerabilities affecting four products, with seven of them rated as critical as they allow arbitrary code execution or arbitrary file writes. Adobe advises customers using vulnerable products to update to the latest versions as soon as possible to fix bugs that could lead to successful exploitation of unpatched installations.
8. ParkMobile breach exposes license plate data, mobile numbers of 21 million users
Someone is selling account information for 21 million customers of ParkMobile, a popular mobile parking app in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.
9. Expired certificate caused a Pulse Secure VPN global scale outage
Pulse Secure VPN users were not able to login after a code signing certificate expired. The outage stems from a bug related to the improper verification of the signature for Pulse Secure components. The check of the signature was performed on the certificate’s expiration date rather than the timestamp on a digitally signed file.
10. New Linux, macOS malware hidden in fake Browserify NPM package
A new malicious package has been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems. The malicious package is called web-browserify, and imitates the popular Browserify NPM component downloaded over 160 million times.
In this Series
- Cybersecurity Weekly: DNS vulnerabilities, W-2 phishing scam, Google URL malware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
