Cybersecurity Weekly: LokiBot spearphish, Marriott breach, Zoom vulnerability
A spearphishing campaign exploits COVID-19 to spread LokiBot infostealer. Marriott suffers a second breach, exposing data of 5.2 million hotel guests. A new Zoom hack lets attackers compromise Windows and its login password. All this, and more, in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Spearphishing campaign exploits COVID-19 to spread LokiBot infostealer
Researchers discovered threat actors harnessing a new spearphishing campaign designed to spread the LokiBot trojan. Using the WHO trademark as a lure, this new attack claims to address misinformation about the pandemic, but actually sends an attachment that unleashes LokiBot if downloaded and executed.
Read more »
2. Marriott suffers second breach, exposing data of 5.2 million hotel guests
Last week, international hotel chain Marriott disclosed a data breach impacting 5.2 million hotel guests — the second security incident to hit the company in recent years. The company believes guest data was accessed between January and February 2020, but found no evidence of compromised passwords or payment information.
Read more »
3. New Zoom hack lets attackers compromise Windows and its login password
According to cybersecurity researchers, the Zoom video conferencing software for Windows is vulnerable to a UNC path injection vulnerability that could allow remote attackers to steal victims' Windows login credentials. Once the malicious link is clicked, the attack allows the attacker-controlled SMB share to automatically capture authentication data.
Read more »
4. Some mobile phone apps may contain hidden behaviors that users never see
Cybersecurity researchers discovered a large number of cell phone applications that contain hardcoded secrets, allowing others to access private data or block content provided by users. Of the 150,000 apps they tested, about 8.5% contained backdoor secrets, such as unnecessarily invasive permissions, master passwords or a payment authorization bypass.
Read more »
5. iPhone and Macbook cameras hacked using Safari zero-day
Merely visiting a website using Safari browser could let remote attackers secretly access a device's camera, microphone or location, and in some cases, saved passwords as well. Apple recently paid a $75,000 bounty to an ethical hacker who demonstrated the attack and helped the company patch seven new vulnerabilities.
Read more »
6. WordPress plugin bug can be exploited to create rogue admins
The Contact Form 7 datepicker plugin allows attackers to create rogue admins or take over admin sessions after exploiting an authenticated stored cross-site scripting vulnerability. The development team behind the plugin said the plugin will no longer be maintained and they were okay with its removal from the WordPress repository.
Read more »
7. Unidentified database exposes 200 million Americans
Cybersecurity researchers uncovered an unsecured database owned by an unidentified party, comprising 800 gigabytes of personal user information.The database in question was left on a publicly accessible server and contained more than 200 million detailed user records. On March 3, the entire database was wiped by the anonymous owner.
Read more »
8. Office 365 phishing uses CSS tricks to bypass email gateways
An Office 365 voicemail phishing campaign is tricking victims into visiting landing pages designed to steal their personal information or infect their computers with malware. The malicious emails use the old trick of reversing some of the text elements in the source code and rendering forward within the email displayed to the target.
Read more »
9. 14 million Key Ring users exposed in open database
A misconfigured Amazon Web Services S3 bucket exposed the data of 14 million users of the popular Key Ring app that includes some payment and medical card information. The open buckets were first spotted in January, but may have been open for a longer period of time. They were finally locked down or taken offline on February 20.
Read more »
See Infosec IQ in action
10. Twitter tells users Firefox possibly exposed personal information
Twitter recently discovered that Firefox’s cache stored some private information associated with the use of its platform, including sent or received direct messages and the downloaded data archive. Twitter has made some changes on its end to ensure Firefox no longer stores potentially sensitive information belonging to its users.
Read more »
In this Series
- Cybersecurity Weekly: LokiBot spearphish, Marriott breach, Zoom vulnerability
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
