Cybersecurity Weekly: New SolarWinds backdoor found, affects Microsoft and VMWare
A new SUPERNOVA backdoor found in SolarWinds cyberattack analysis. Microsoft says its systems were also breached in the SolarWinds hack. VMware is the latest to confirm breach in SolarWinds hacking campaign. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor. Named SUPERNOVA, the malware is a webshell planted in the code of the Orion network, an applications monitoring platform, and enables adversaries to run arbitrary code on affected machines.
2. Microsoft says its systems were also breached in massive SolarWinds hack
The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft. The unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication and impact than previously thought.
3. VMware latest to confirm breach in SolarWinds hacking campaign
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts. The company said that the hackers did not make any efforts to further exploit their access after deploying the backdoor now tracked as Sunburst or Solarigate.
4. iPhones of 36 journalists hacked using iMessage zero-click exploit
Researchers said personal phones of 36 journalists, producers, anchors and executives at Al Jazeera, and a journalist at London-based Al Araby TV were infected with Pegasus malware via a now-fixed flaw in Apple's iMessage. Pegasus is developed by Israeli private intelligence firm NSO Group and allows an attacker to access sensitive data stored on a target device.
5. Software supply-chain attack hits Vietnam government certification authority
Cybersecurity researchers disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority that compromised the agency's digital signature toolkit to install a backdoor on victim systems. The compromise of a certification authority website is a good opportunity for APT groups.
6. Physical addresses of 270K Ledger owners leaked on hacker forum
A threat actor leaked stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. The text file contains the email addresses of 1,075,382 people who subscribed to the Ledger newsletter. The other file is more sensitive as it contains the names and mailing addresses for 272,853 people who purchased a Ledger device.
7. NATO checking systems to determine impact of SolarWinds hack
NATO announced it is checking its systems after the SolarWinds supply chain attack to determine if they were infected with a backdoor. At this time, no evidence of compromise has been found on any NATO networks. NATO experts continue to assess the situation, with a view to identifying and mitigating any potential risks to their networks.
8. Flavors designer Symrise halts production after Clop ransomware attack
Flavor and fragrance developer Symrise suffered a Clop ransomware attack where the attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices. In order to be able to assess the consequences and to prevent possible further effects, the company shut down all essential systems.
9. FBI warns of DoppelPaymer attacks on critical infrastructure
The FBI is warning businesses of DoppelPaymer ransomware attacks and a change in tactics among operators, who are now cold-calling victims to pressure them into paying the ransom.These attacks have disrupted the provision of healthcare, emergency and education services for people around the world.
10. Massive fraud operation stole millions from online bank accounts
Experts uncovered a massive fraud operation that used a network of mobile device emulators to steal millions of dollars from online bank accounts. The cybercriminals used about 20 mobile device emulators to mimic the phones of over 16,000 customers whose mobile bank accounts had been compromised.
In this Series
- Cybersecurity Weekly: New SolarWinds backdoor found, affects Microsoft and VMWare
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
