Cybersecurity Weekly: Job offer ID theft, Bluetooth vulnerability, SolarWinds hackers target think tanks
How to tell a job offer from an ID theft trap. A Bluetooth vulnerability enables hackers to mimic genuine devices. SolarWinds hackers target think tanks with a new NativeZone backdoor. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. How to tell a job offer from an ID theft trap
One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, according to an FBI warning. Last year, more than 16,000 people reported being victims of employment scams with losses totaling more than $59 million.
2. Bluetooth vulnerability enables hackers to mimic genuine devices
Hackers could exploit newly discovered flaws in Bluetooth Core and Mesh Profile Specifications to disguise themselves as legitimate devices and carry out man-in-the-middle attacks. These attacks work even when the victims use Bluetooth's strongest security modes, including SSP and Secure Connections.
3. SolarWinds hackers target think tanks with new NativeZone backdoor
The threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants and non-governmental organizations located across 24 countries. This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations.
4. FBI to share compromised passwords with Have I Been Pwned
The FBI will soon begin to share compromised passwords with Have I Been Pwned's Password Pwned service that were discovered during law enforcement investigations. By providing this feed, the FBI will allow administrators and users to check for passwords that are known to be used for malicious purposes.
5. Cyber espionage hackers continue to target Pulse Secure VPN devices
Cybersecurity researchers unmasked additional tactics, techniques and procedures adopted by threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks.
6. Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer
Cybersecurity researchers publicized the disruption of a clever malvertising network targeting AnyDesk. This network delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign involves a malicious file that masquerades as a setup executable for AnyDesk.
7. Ransomware gangs' slow decryptors prompt victims to seek alternatives
Recently, two highly publicized ransomware victims received a decryptor that was too slow to make it effective in quickly restoring the victim's network. The first was Colonial Pipeline, which paid a $4.4 million ransom for a decryptor after being attacked by the DarkSide ransomware operation. However, the decryptor was so slow that the company resorted to restoring from backups.
8. Bose admits ransomware attack exposed employee data
Bose confirmed that it experienced a data breach, having fallen victim to a ransomware attack in early March. Immediately upon discovering the attack on March 7, Bose initiated incident response protocols, activated its technical team to contain the incident, and hardened its defenses against unauthorized activity.
9. Facefish backdoor spreading Linux rootkits
Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed Facefish owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to its server.
10. Researchers demonstrate two new hacks to modify certified PDF documents
Cybersecurity researchers disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents.
In this Series
- Cybersecurity Weekly: Job offer ID theft, Bluetooth vulnerability, SolarWinds hackers target think tanks
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
