Cybersecurity Weekly: Paypal phishing texts, Facebook ad phishing, T-Mobile data breach
PayPal phishing texts state users accounts are limited. Facebook ads are being used to steal 615,000+ credentials in a phishing campaign. T-Mobile disclosed a recent data breach. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. PayPal phishing texts state accounts are limited
A PayPal text message phishing campaign is underway that attempts to steal account credentials and other sensitive information that can be used for identity theft. When PayPal detects suspicious or fraudulent activity on an account, the account will have its status set to limited, which will put temporary restrictions on withdrawing, sending or receiving money.
2. Facebook ads used to steal 615,000+ credentials in a phishing campaign
Security researchers spotted a new large-scale campaign abusing Facebook ads. Threat actors are using these ads to redirect users to GitHub accounts that host phishing pages used to steal victims’ login credentials. The campaign targeted more than 615,000 users in multiple countries including Egypt, the Philippines, Pakistan and Nepal.
3. T-Mobile disclosed data breach
Last week, T-Mobile disclosed a data breach exposing customers’ account information. The T-Mobile security staff discovered malicious, unauthorized access to their systems. The company reported the incident to the authorities and is investigating the incident with the help of a cybersecurity firm.
4. Alleged docs relating to Covid-19 vaccine leaked on dark web
Experts found documents relating to Covid-19 vaccine of European Medicines Agency on the dark web. In early December, the European Medicines Agency announced a cyberattack. The EMA did not provide technical details about the attack, nor whether it will have an impact on its operations while it is evaluating and approving COVID-19 vaccines.
5. Ticketmaster to pay $10 million fine for hacking rival
Ticketmaster agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to cut the company off at the knees. The California-based ticket sales and distribution company used the stolen information to gain an advantage over CrowdSurge.
6. Secret backdoor account found in several Zyxel firewall, VPN products
Zyxel released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. A researcher reported the vulnerability to Zyxel on November 29 and the company released a firmware patch on December 18.
7. Google Docs bug could have let hackers see private documents
Google patched a bug in its feedback tool that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents by embedding them in a malicious website. The flaw was discovered on July 9 by security researchers who were awarded as part of Google's Vulnerability Reward Program.
8. AutoHotkey-based password stealer targeting U.S., Canadian banking users
Threat actors have been discovered distributing a new credential stealer written in AutoHotkey scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the U.S. and Canada are among the primary targets for credential exfiltration.
9. FBI warns swatting attacks on owners of smart devices
The FBI recently issued an alert to warn owners of smart home devices with voice and video capabilities of so-called swatting attacks. Swatting attacks consist of fraudulent calls made to emergency services to trigger an immediate response from law enforcement and the S.W.A.T. team to a specific location.
10. APT hackers move to ransomware attacks
Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27.
In this Series
- Cybersecurity Weekly: Paypal phishing texts, Facebook ad phishing, T-Mobile data breach
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
