Cybersecurity Weekly: "Nice guy" hacker attacks Tom's, programmer hacks hackers, 60,000 records breached after phishing incident
A hacker encourages others to spend more time outside. A hacked programmer retaliates by hacking hackers who hacked him. A phishing incident results in a leak of personal information for 60,000 patients. All this, and more, in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Toms Shoes' mailing list hacked to tell users to log off
A self-proclaimed "nice man" hacked Toms Shoes' email newsletter list last week. The hacker told journalists that the hack of Toms was easy, but shared no details about how it had occurred. What he did share was a strong message against those who hack with more malicious intent.
Read more »
2. Hackers bypassing some types of 2FA security
Last month, the FBI warned U.S. companies that some types of two-factor authentication (2FA) security are not guaranteed to keep attackers out. The most popular bypass is SIM swap fraud, where the attacker convinces a carrier to port the target’s mobile number, allowing them to receive 2FA security codes via text message.
Read more »
3. Iran-linked “Charming Kitten” touts new spearphishing tactics
An Iran-linked advanced persistent threat group tied to attacks on President Trump’s 2020 re-election campaign has added new spearphishing techniques to its arsenal. The group — dubbed “Charming Kitten” — has escalated its volume of phishing attempts, as well as adding four new impersonation vectors to its campaign.
Read more »
4. Hacked programmer retaliates by hacking hackers who hacked him
Germany-based programmer Tobias Fromel was affected by Muhstik ransomware a few months ago. In retaliation, he recently released around 3,000 decryption keys as well as the free decryptor software, which he acquired by hacking the hacker behind the ransomware. In an interview, he said he did this to help others who were attacked by the ransomware.
Read more »
5. Phishing incident exposes medical, personal info of 60,000 patients
Community-based healthcare system Methodist Hospitals from Gary, Indiana, disclosed that sensitive personal and medical information for 68,039 individuals may have been exposed. On August 7, a forensic investigation determined that two Methodist employees fell victim to a phishing attack that resulted in unauthorized access to their email accounts.
Read more »
6. Twitter users’ 2FA info found its way to advertisers
This week, Twitter disclosed that it gave advertisers access to email addresses and phone numbers that users had supplied to the social media platform for two-factor authentication purposes. The company is asserting that this practice was inadvertent, and that the company does not know how many people were impacted by this incident.
Read more »
7. Alabama hospitals pay up in ransomware attack
An Alabama hospital system has paid its attackers in a ransomware incident that knocked its systems offline on Oct. 1. Officials at the DCH Health System didn’t say how much they paid for the decryption key, but noted that they have started a “methodical” process of system restoration.
Read more »
8. Credit info exposed in TransUnion data security incident
An unauthorized person was able to gain access to a TransUnion web portal and pull consumer credit files from it. This was done by using credentials stolen from a TransUnion customer who had access to the portal. Starting last week, TransUnion began sending out data security incident notifications to consumers whose information was accessed via the unauthorized login.
Read more »
9. UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked
A 39-year-old password of Ken Thompson, the co-creator of the UNIX operating system, has finally been cracked. It belonged to a BSD-based system, which was used by various computer science pioneers several decades ago. Thompson's password has been revealed as "p/q2-q4!a" — a notation in chess to describe the move "pawn from Queen's 2 to Queen's 4."
Read more »
Phishing simulations & training
10. RobbinHood ransomware using street cred to make victims pay
Operators behind the RobbinHood ransomware have updated language used in their ransom note to remove all hopes of free file decryption. In their message, the cybercriminals pointed to past incidents involving their ransomware, which ended in victims paying much more than the ransom demand.
Read more »
In this Series
- Cybersecurity Weekly: "Nice guy" hacker attacks Tom's, programmer hacks hackers, 60,000 records breached after phishing incident
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
