Cybersecurity Weekly: Phishing attacks using redirects, intermittent file encryption, Ragnarok shuts doors
Widespread phishing attacks are using open redirects. LockFile ransomware bypasses protection using intermittent file encryption. Ragnarok ransomware gang shuts shop and releases decryption key for free. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Widespread phishing attacks using open redirects
Microsoft warned of a widespread phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking.
2. LockFile ransomware bypasses protection using intermittent file encryption
A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called intermittent encryption. Called LockFile, the ransomware has been exploiting recently disclosed flaws to deploy file-encrypting malware that scrambles only every alternate 16 bytes of a file.
3. Ragnarok ransomware gang shuts shop, releases decryption key for free
The Ragnarok ransomware gang has reportedly shut shop and has published a decryption key to let all victims recover their data. Ragnarok now joins the likes of infamous ransomware gangs such as REvil, DarkSide, and Ziggy who were forced to shut shop earlier this year following a spate of disruptive ransomware attacks and law enforcement crackdowns.
4. Hacker brute-forced his way through T-Mobile network
Last week, T-Mobile's CEO Mike Sievert said that the hacker behind the carrier's latest massive data breach brute forced his way through T-Mobile's network after gaining access to testing environments. The attacker could not exfiltrate customer financial information, credit card information, debit or other payment information during the incident.
5. Security engineer job requirements, certifications and salary
As companies large and small finally realize that cybersecurity is everybody's problem, security engineers are increasingly in demand, and command salaries to match. While this isn't a job for beginners, if you have the right background and experience, it could make for an exciting job and a solid step up in your career as a security pro.
6. Boston Public Library discloses cyberattack, system-wide technical outage
The Boston Public Library disclosed last week that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage. An ongoing investigation in collaboration with law enforcement and the Mayor's IT experts has not yet found any evidence of employee or patron data stolen from the impacted systems.
7. 1 GB of data belonging to Puma available on Marketo
The emerging underground marketplace of stolen data Marketo, available in TOR network, announced the publication of data presumably stolen from sportswear manufacturer Puma. The ad on Marketo claims to have about 1GB of data stolen from the company that are now auctioned to the highest bidder.
8. Synology products impacted by recent OpenSSL flaws
Multiple vulnerabilities allow remote attackers to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager, Synology Router Manager, VPN Plus Server or VPN Server, according to the advisory published by the company.
9. FIN8 targets U.S. bank with new Sardonic backdoor
The financially motivated FIN8 cybergang used a brand-new backdoor in attempted (but unsuccessful) breaches of networks belonging to two unidentified U.S. financial organizations. The Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components.
10. Attackers can remotely disable Fortress Wi-Fi Home Security Alarms
New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: Phishing attacks using redirects, intermittent file encryption, Ragnarok shuts doors
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
