Cybersecurity Weekly: Palo Alto bug, Robinhood breach, Costco finds card skimmer

November 17, 2021 by Sam Fay

A zero-day bug was found in Palo Alto firewalls using GlobalProtect portal VPN. A Robinhood data breach exposes 7 million users’ information. Costco discloses a data breach after finding a credit card skimmer. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Zero-day bug in Palo Alto firewalls using GlobalProtect portal VPN

A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. The security weakness impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.
Read more »


2. Robinhood data breach exposes 7 million users’ information

Last week, Robinhood disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor. The attack has been contained and the company believes that no Social Security numbers, bank account numbers or debit card numbers were exposed.
Read more »


3. Costco discloses data breach after finding credit card skimmer

Costco discovered the breach after finding a payment card skimming device in one of its warehouses during a routine check conducted by Costco personnel. The company removed the device, notified the authorities and is now working with law enforcement agents who are investigating the incident.
Read more »


4. BotenaGo botnet targets millions of IoT devices with 33 exploits

The new BotenaGo malware botnet is using over thirty exploits to attack millions of routers and IoT devices. In the case of BotenaGo, only six out of 62 AV engines on VirusTotal flag the sample as malicious, and some identify it as Mirai.
Read more »


5. State-based hackers infected Hong Kong websites to spy on Apple users

Suspected foreign government-backed hackers infected websites belonging to a Hong Kong-based media outlet and a pro-democracy group in a bid to install malware on visitors’ Apple devices, Google researchers say. Google’s Threat Analysis Group discovered the watering hole attack in August, which relied on a previously unreported backdoor.
Read more »


6. Canadian health systems recovering from data breach

A security incident affecting the province of Newfoundland and Labrador, first detected October 30, took down multiple health networks. This led to the cancellation of thousands of appointments, including for chemotherapy treatments. The regional Eastern Health authority, which employs 13,000 people, recently announced that its email system was again functioning.
Read more »


7. Check Point Software launches Mind to make cybersecurity knowledge accessible to all

Check Point is launching Check Point Mind, a knowledge training portal, in collaboration with over 200 of the world’s most recognized training partners. Users can sign up with the portal for free, and choose from a wide range of courses and programs available from over 200 partners.
Read more »


8. Cybercrime group Void Balaur attacks high-profile targets for cash

After monitoring Void Balaur for more than a year, cybersecurity researchers released a report that identified more than 3,500 of the group’s targets. Amnesty International has likewise identified cyberattacks on activists and journalists working in Uzbekistan that were carried out by the cybermercenary service.
Read more »


9. SMS about bank fraud as a pretext for voice phishing

KrebsOnSecurity recently heard from a reader who received an SMS that said it was from her bank, and inquired whether she’d authorized a $5,000 payment from her account. The message said she should reply to accept or decline future fraud alerts. Shortly thereafter, the victim received a phone call requesting her account information.
Read more »


10. Microsoft Patches actively exploited Excel, Exchange Server zero-day bugs

Microsoft released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system.
Read more »

Posted: November 17, 2021
Sam Fay
View Profile