Cybersecurity Weekly: LemonDuck malware, REvil decryptor, XCSSET MacOS malware
Microsoft warns of LemonDuck malware. Kaseya obtains a universal decryptor for REvil ransomware. The MacOS malware XCSSET now targets Google Chrome. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Microsoft warns of LemonDuck malware
An infamous cross-platform crypto-mining malware continued to refine and improve upon its techniques to strike both Windows and Linux operating systems. Setting its sights on older vulnerabilities, it simultaneously latches onto a variety of spreading mechanisms to maximize the effectiveness of its campaigns.
2. Kaseya obtains universal decryptor for REvil ransomware
Kaseya obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a series of worldwide cyberattacks on July 2. The attacks, which exploited now-patched zero-days in the Kaseya Virtual System/Server Administrator platform, affected Kaseya customers in 22 countries using the on-premises platform.
3. MacOS malware XCSSET now targets Google Chrome
A malware known for targeting the macOS operating system was updated once again to add more features to its toolset. It can now amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further refinements in its tactics.
4. Microsoft shares mitigations for PetitPotam NTLM relay attack
Microsoft released mitigations for the new PetitPotam NTLM relay attack that allows attackers to take over a domain controller or other Windows servers. The new attack uses the Microsoft Encrypting File System Remote Protocol to force a device, including domain controllers, to authenticate to a remote NTLM relay controlled by a threat actor.
5. Six things you must do right now to secure your company’s data
According to Verizon’s 2020 Data Breach Investigations Report, 28% of the breaches in 2019 involved small businesses. Data security was a huge issue before COVID. And now it’s an even bigger problem because so many employees have been working from home. So what can you do? Here are six things you need to do immediately.
6. Hackers abuse single bit change in Intel CPU register to evade detection
Security researchers discovered a trap flag in the Intel CPU register that malware can abuse to evade sandbox detection. Malware can detect whether it is executing in a physical or virtual machine by monitoring the response of the CPU after setting this single bit. Researchers have since been able to fix the problem of malware evading automatic detection.
7. Threat actor selling database containing 3.8 billion phone numbers
A threat actor is selling on hacking forums the secret database Clubhouse containing 3.8 billion phone numbers. According to the threat actor, the company steals the phonebook of each user in a secret database that it is offering for sale. The threat actor also published a link to a sample of data contained in the database, which included 83.5 million phone numbers.
8. Crooks target Kubernetes installs via Argo Workflows to deploy miners
Researchers uncovered new attacks on Kubernetes installs via misconfigured Argo Workflows aimed at deploying cryptocurrency miners. The unprotected instances are operated by organizations in multiple sectors, including technology, finance, and logistics sectors.
9. Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics
Months ago, the FBI warned companies of cyberattacks that might attempt to disrupt the 2021 Tokyo Olympics. Researchers from the Japanese security firm Mitsui Bussan Secure Directions discovered an Olympics-themed malware that implements wiping capabilities. The malicious code was detected ahead of the opening ceremony of the 2021 Tokyo Olympics.
10. Law firm for Ford, Pfizer, Exxon discloses ransomware attack
Campbell Conroy & O'Neill, a law firm that represents hundreds of major organizations, confirmed a data privacy incident related to a ransomware attack detected earlier this year. An investigation revealed its network was hit with ransomware and prompted Campbell to hire third-party forensics investigators to determine the information affected.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: LemonDuck malware, REvil decryptor, XCSSET MacOS malware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
