Cybersecurity Weekly: Geico breach, Morse code phishing attack, CMMC's role in cybersecurity
A Geico breach exposed customers' driver's license numbers. Hackers are using Morse code in phishing attacks to evade detection. How CMMC can help counter current cyberattacks. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Geico breach exposed customers' driver's license numbers
In a data breach notification filed with the California Attorney General's office, Geico states that, for over a month, threat actors abused an online sales portal to gain access to policy holder's driver's license numbers. The threat actors utilized customer information obtained elsewhere to pull up the info on policyholders.
2. Hackers using Morse code in phishing attacks to evade detection
Microsoft disclosed details of an evasive year-long social engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average. In an attempt to cover their tracks and surreptitiously harvest user credentials, the group periodically relied on the use of Morse code in their attacks.
3. How CMMC can help counter current cyberattacks
The publicly available Cybersecurity Maturity Model Certification (CMMC) is getting a lot of attention these days, both within and outside the public sector. Developed in response to escalating cyberattacks aimed at the defense industrial base and DoD supply chain, CMMC has broader appeal for any organization determining the maturity of its IT security controls.
4. Evasive Office 365 phishing campaign active since July 2020
Microsoft says that a year-long and highly evasive spear-phishing campaign targeted Office 365 customers in multiple waves of attacks starting with July 2020. The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims.
5. Seven ways technical debt increases security risk
Two in three CISOs believe that technical debt, the difference between what's needed in a project and what's finally deployed, to be a significant cause of security vulnerability. Here are seven ways technical debt can become a problem for a CISO.
6. Hackers actively searching for unpatched Microsoft Exchange servers
Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year.
7. Experts shed light on new malware-as-a-service written in Rust
An information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.
8. Vice Society ransomware joins ongoing PrintNightmare attacks
The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims' networks. Attackers can abuse this set of security flaws for local privilege escalation or distributing malware as Windows domain admins via remote code execution with SYSTEM privileges.
9. WordPress sites abused in Aggah spearphishing campaign
Threat actors are using compromised WordPress websites to target manufacturers across Asia with a new spear-phishing campaign that delivers the Warzone RAT.The threat group Aggah is delivering the RAT in a campaign aimed at spreading malware to manufacturing companies in Taiwan and South Korea.
10. Accenture hit by apparent ransomware attack
Accenture appears to have been hit by the LockBit ransomware gang, who are offering to sell data stolen from the global consultancy firm to interested parties. On their dark web website, the LockBit ransomware gang confirmed the breach, and has threatened to release data exfiltrated from Accenture’s systems if a ransom is not paid.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: Geico breach, Morse code phishing attack, CMMC's role in cybersecurity
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
