Cybersecurity Weekly: Gift card scams, IKEA breached, cyber knowledge gaps

November 29, 2021 by Sam Fay

New twists on gift card scams flourish on Black Friday. IKEA was hit by a cyber attack that uses stolen internal reply-chain emails. Cybersecurity knowledge gaps at any level of the organization pose security risks. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. New twists on gift card scams flourish on Black Friday

Black Friday cybercriminals have revamped gift card scams to better target modern online shoppers. New tactics include bogus gift card generators that install malware designed to sniff out a victim’s cryptocurrency wallet address. The attack offers gift cards for significantly less than face value as a ploy to entice users to buy stolen gift-cards or download malware.
Read more »


2. IKEA hit by cyber attack that uses stolen internal reply-chain emails

Once the mail servers are compromised, threat actors use the access to reply to the company’s internal emails in reply-chain attacks. Sending the messages from the organizations allows the attackers to bypass detection. Threat actors also exploit the access to internal emails to target business partners.
Read more »


3. Cybersecurity knowledge gaps at any level of the organization pose security risks

Human error remains the most pressing challenge in cybersecurity, with as many as 88% of the breaches attributed to mistakes made by employees. Jack Koziol, CEO and founder of Infosec, discussed with CyberNews why education remains the most important cybersecurity practice to follow and how Infosec will help in training your workforce.
Read more »


4. Hackers using compromised Google Cloud accounts to mine cryptocurrency

Threat actors are exploiting improperly-secured Google Cloud Platform instances to download cryptocurrency mining software to the compromised systems. They can then abuse its infrastructure to install ransomware, stage phishing campaigns and even generate traffic to YouTube videos for view count manipulation.
Read more »


5. Study reveals an urgent need to quantify cybersecurity culture

Studies have shown that organizations with strong cybersecurity cultures experience increased visibility into potential threats and reduced cyber incidents. However, cybersecurity culture has historically been difficult to quantify. To help overcome this challenge, Infosec came up with a survey to classify cybersecurity culture and systematically measure results.
Read more »


6. Recently patched Apache HTTP server vulnerability exploited

The vulnerability, tracked as CVE-2021-40438, is a server-side request forgery that can be exploited against httpd web servers that have the mod_proxy module enabled. An attacker can leverage this critical flaw using a specially crafted request to cause the module to forward the request to an arbitrary origin server.
Read more »


7. VMware patches file read, SSRF vulnerabilities in vCenter Server

The arbitrary file read issue, rated high severity, affects the vSphere Web Client and it could be exploited to obtain sensitive information by an attacker who has network access to port 443 on vCenter Server. The second flaw, rated medium severity, affects the vSphere Web Client, specifically the vSAN Web Client plug-in.
Read more »


8. Tardigrade malware hits biomanufacturing facilities

WHEN RANSOMWARE HIT a biomanufacturing facility this spring, something didn’t sit right with the response team. The attackers left only a halfhearted ransom note, and didn’t seem all that interested in actually collecting a payment. It was later discovered that they had used a shockingly sophisticated malware strain dubbed Tardigrade.
Read more »


9. Arrest in Ransom Your Employer email scheme

In August, it was discovered that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme.
Read more »


10. Attackers Actively Target Windows Installer Zero-Day

Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. The researcher posted a proof of concept exploit on GitHub for the newly discovered bug that he said works on all currently-supported versions of Windows.
Read more »

Posted: November 29, 2021
Sam Fay
View Profile