Cybersecurity Weekly: New COVID domains, Pulse Secure VPN, Nemty goes private
Thousands of newly-registered Coronavirus-themed domains have appeared since early March. Patched Pulse Secure VPNs could still expose organizations to hackers. Nemty Ransomware shuts down public RaaS operation. All this, and more, in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Thousands of newly-registered Coronavirus-themed domains
The Cyber Threat Coalition recently published data showing the rapid rise in new domains in February, around the same time the CDC began publicly warning that a severe global pandemic was inevitable. By mid-March, the number of COVID-related phishy domains spiked to over 20,000, and has trailed off considerably since then.
Read more »
2. Patched Pulse Secure VPNs could still expose organizations to hackers
The United States Cybersecurity and Infrastructure Security Agency issued a fresh advisory alerting organizations of cyberattacks trying to leverage a known remote code execution (RCE) vulnerability in Pulse Secure VPN servers — even if they have already patched it. This warning comes just three months after a similar CISA alert.
Read more »
3. Nemty Ransomware shuts down public RaaS operation
The Nemty Ransomware is shutting down its public Ransomware-as-a-Service operation and switching to an exclusive private operation where affiliates are hand-selected for their expertise. As part of this arrangement, the ransomware operators receive a 30% cut and an affiliate receives 70% of the ransom payments they brought in.
Read more »
4. Critical Starbleed vulnerability in FPGA chips identified
Attackers can gain complete control over the chips and their functionalities through the Starbleed vulnerability. Since the bug is integrated into the hardware, the security risk can only be removed by replacing the chips. The manufacturer of the FPGAs has been informed by the researchers and has already reacted.
Read more »
5. Over 700 malicious typosquatted libraries found on RubyGems repository
Cybersecurity experts recently caught threat actors distributing over 700 malicious packages through the RubyGems repository. The attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead.
Read more »
6. 49 new Google Chrome extensions hijacking cryptocurrency wallets
Google ousted 49 Chrome browser extensions from its Web Store that posed as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. Although the offending extensions were removed within 24 hours of being reported, analysis showed that they appeared on the Web Store in February 2020.
Read more »
7. Hackers steal Wi-Fi passwords using Agent Tesla malware
Some new variants of the Agent Tesla info-stealer malware now come with a dedicated module for stealing Wi-Fi passwords from infected devices. The new malware samples are heavily obfuscated and are designed by the author to collect wireless profile credentials from compromised computers by issuing a netsh command.
Read more »
8. Zoom to let you report Zoom-bombing attackers crashing meetings
Zoom's efforts to improve the video conferencing platform's privacy and security will continue next week with the introduction of a user report feature aimed at helping prevent future zoom-bombing attacks. Zoom's CEO announced that the company will change its long-term focus on addressing the current security and privacy issues.
Read more »
9. Ransomware's new normal combines encryption with data theft
Double extortion is the term given to an evolving ransomware tactic: first steal confidential data, then encrypt the victim's files. If the victim doesn't pay the ransom, expose the data. First used by the Maze ransomware gang, double extortion has become standard practice in the ransomware community.
Read more »
Phishing simulations & training
10. Linksys asks users to reset passwords after hackers hijacked home routers last month
Linksys locked user accounts on its Smart Wi-Fi cloud service and is asking users to reset passwords after hackers hijacked accounts and changing router settings to redirect users to malware sites. Smart Wi-Fi is widely deployed across Linksys' router fleet, making it an ideal target for hackers who may want to hijack routers at scale.
Read more »
In this Series
- Cybersecurity Weekly: New COVID domains, Pulse Secure VPN, Nemty goes private
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
