Cybersecurity Weekly: Ledger account leak, SUPERNOVA malware, Citrix NetScaler attacks
Physical addresses of 270,000 Ledger owners were leaked on a hacker forum. A new SolarWinds flaw likely let hackers install SUPERNOVA malware. Attackers are abusing Citrix NetScaler devices to launch amplified DDoS attacks. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Physical addresses of 270,000 Ledger owners leaked on hacker forum
Last week, a threat actor leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. The text file is sensitive as it contains the names, mailing addresses and phone numbers for 272,853 people who purchased a Ledger device.
2. New SolarWinds flaw likely let hackers install SUPERNOVA malware
According to an advisory published last week, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers from a security flaw. This could allow a remote attacker to execute unauthenticated API commands, resulting in a compromise of the SolarWinds instance.
3. Attackers abusing Citrix NetScaler devices to launch amplified DDoS attacks
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller devices that attackers are abusing to launch amplified distributed denial-of-service attacks against several targets. The company said it's monitoring the incident and is continuing to investigate its impact on Citrix ADC.
4. Hackers trying to steal COVID-19 vaccine research
Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Researchers detailed two incidents at a pharmaceutical company and a government ministry in September and October that used similar techniques.
5. Google discloses Windows zero-day bug
Google's Project Zero team published details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to rectify it within 90 days of responsible disclosure on September 24.
6. Multi-platform card skimmer found on Shopify, BigCommerce stores
A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart and Woocommerce. This new type of web skimming malware can take over the checkout process on shops using multiple online store management systems by injecting a malicious checkout page.
7. GitHub-hosted malware calculates Cobalt Strike payload from Imgur
A new strand of malware uses Microsoft Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems. Researchers linked this strain to the MuddyWater APT group.
8. Koei Tecmo discloses data breach after hacker leaks stolen data
On December 20th, a threat actor claimed to have hacked into the koeitecmoeurope.com website on December 18th through a spearphishing campaign sent to an employee. As part of this attack, a forum database with 65,000 users was stolen, and the actor claims to have planted a web shell on the site for continued access.
9. Trucking giant Forward Air hit by new Hades ransomware gang
Trucking and freight logistics company Forward Air suffered a ransomware attack by a new ransomware gang that impacted the company's business operations. Per their security protocols, they immediately took systems offline, notified law enforcement and engaged several third-party experts to assist in conducting an internal investigation.
10. Amazon gift card scam delivers Dridex this holiday season
The operators behind Dridex have a nefarious trick up their sleeves this holiday season: A widespread phishing scam promises victims a $100 Amazon gift card but instead delivers the prolific banking Trojan to target machines. This campaign first appeared around Halloween and picked up in the beginning of November.
In this Series
- Cybersecurity Weekly: Ledger account leak, SUPERNOVA malware, Citrix NetScaler attacks
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
