Cybersecurity Weekly: Ledger account leak, SUPERNOVA malware, Citrix NetScaler attacks

December 30, 2020 by Sam Fay

Physical addresses of 270,000 Ledger owners were leaked on a hacker forum. A new SolarWinds flaw likely let hackers install SUPERNOVA malware. Attackers are abusing Citrix NetScaler devices to launch amplified DDoS attacks. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Physical addresses of 270,000 Ledger owners leaked on hacker forum

Last week, a threat actor leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. The text file is sensitive as it contains the names, mailing addresses and phone numbers for 272,853 people who purchased a Ledger device.
Read more »


2. New SolarWinds flaw likely let hackers install SUPERNOVA malware

According to an advisory published last week, the SolarWinds Orion API that’s used to interface with all other Orion system monitoring and management products suffers from a security flaw. This could allow a remote attacker to execute unauthenticated API commands, resulting in a compromise of the SolarWinds instance.
Read more »


3. Attackers abusing Citrix NetScaler devices to launch amplified DDoS attacks

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller devices that attackers are abusing to launch amplified distributed denial-of-service attacks against several targets. The company said it’s monitoring the incident and is continuing to investigate its impact on Citrix ADC.
Read more »


4. Hackers trying to steal COVID-19 vaccine research

Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries’ vaccine-development efforts. Researchers detailed two incidents at a pharmaceutical company and a government ministry in September and October that used similar techniques.
Read more »


5. Google discloses Windows zero-day bug

Google’s Project Zero team published details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to rectify it within 90 days of responsible disclosure on September 24.
Read more »


6. Multi-platform card skimmer found on Shopify, BigCommerce stores

A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart and Woocommerce. This new type of web skimming malware can take over the checkout process on shops using multiple online store management systems by injecting a malicious checkout page.
Read more »


7. GitHub-hosted malware calculates Cobalt Strike payload from Imgur

A new strand of malware uses Microsoft Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems. Researchers linked this strain to the MuddyWater APT group.
Read more »

8. Koei Tecmo discloses data breach after hacker leaks stolen data

On December 20th, a threat actor claimed to have hacked into the website on December 18th through a spearphishing campaign sent to an employee. As part of this attack, a forum database with 65,000 users was stolen, and the actor claims to have planted a web shell on the site for continued access.
Read more »


9. Trucking giant Forward Air hit by new Hades ransomware gang

Trucking and freight logistics company Forward Air suffered a ransomware attack by a new ransomware gang that impacted the company’s business operations. Per their security protocols, they immediately took systems offline, notified law enforcement and engaged several third-party experts to assist in conducting an internal investigation.
Read more »


10. Amazon gift card scam delivers Dridex this holiday season

The operators behind Dridex have a nefarious trick up their sleeves this holiday season: A widespread phishing scam promises victims a $100 Amazon gift card but instead delivers the prolific banking Trojan to target machines. This campaign first appeared around Halloween and picked up in the beginning of November.
Read more »

Posted: December 30, 2020
Sam Fay
View Profile