Cybersecurity Weekly: Ransomware affiliates, Cisco ASA flaws, Dell vulnerabilities
Ransomware gangs are now creating websites to recruit affiliates. A Cisco ASA flaw is under attack after a PoC exploit was posted online. 30 million devices are at risk from Dell SupportAssist RCE vulnerabilities. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Ransomware gangs now creating websites to recruit affiliates
Ever since two prominent cybercrime forums banned ransomware-related topics, criminal operations have been forced to promote their service through alternative methods. At least two ransomware gangs in need of hackers to run the attacks have been using their sites to advertise features of their encryption tools to attract new recruits.
2. Cisco ASA flaw under attack after PoC exploit posted online
A security vulnerability in Cisco ASA that was addressed by the company last October, and again earlier this April, was subjected to active attacks following the release of proof-of-concept exploit code. The issue concerns multiple vulnerabilities in the web services interface of Cisco ASA software, and allows an attacker to perform XSS attacks on an affected device.
3. 30 million devices at risk from Dell SupportAssist RCE vulnerabilities
Security researchers identified four serious vulnerabilities in the BIOSConnect feature of Dell SupportAssist that could be remotely exploited by attackers to gain full control of targeted devices. The flaws are present in an update mechanism that affects 129 models of laptop and desktop computers protected by Secure Boot.
4. MyBook users urged to unplug devices from internet
Western Digital is urging users of its MyBook Live network storage drives to disconnect them from the Internet. Malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device. Commands can then be sent to factory reset the device.
5. Nvidia Jetson chips make IoT devices vulnerable to attack
Nvidia patched several vulnerabilities in its Jetson system-on-module series chips that hackers could have exploited to escalate privileges and mount denial-of-service attacks. The products affected by the vulnerabilities include the Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, Nano and Nano 2GB running Jetson Linux versions before 32.5.1.
6. Ransomware attack on eye clinic network affects half a million patients
On February 8, 2021, Wolfe Eye Clinic in Iowa suffered a ransomware attack that resulted in widespread encryption of data on its network. An investigation was immediately launched into the attack, but due to the complexity of the attack it took four months to complete the forensic investigation.
7. Attackers breach Microsoft customer service accounts
The same group behind the SolarWinds supply-chain attacks has been targeting Microsoft’s corporate networks to gain access to IT and government organizations. Microsoft officially announced the attacks after the threat group Nobelium stole customer-service-agent credentials to gain access and launch attacks against Microsoft customers.
8. Mercedes-Benz customer data flies out the window
Last week, Mercedes-Benz disclosed that one of its vendors leaked customer information out of its cloud storage system. The company said in its advisory that the leaked customer information contained data collected between 2014 and 2017. Mercedes credited an unnamed external security researcher for giving it the heads-up.
9. Microsoft Edge bug could've let hackers steal website data
Microsoft rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. The weakness stems from a universal cross-site scripting issue related to the built-in Microsoft Translator feature.
10. Tulsa officials warn ransomware attackers leaked city files
The attackers behind a May 2021 ransomware campaign against the city of Tulsa, Oklahoma, shared more than 18,000 city files via the Dark Web. Most of the leaked files were police citations and internal department files, officials wrote in a release, noting that police citations contain some personally identifiable information.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: Ransomware affiliates, Cisco ASA flaws, Dell vulnerabilities
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
