Cybersecurity Weekly: Ransomware casualty, Google App Engine phish, SecOps struggling
The NCSC sees a surge in ransomware attacks on education institutions. Google’s App Engine feature was abused to create phishing pages. SecOps teams wrestle with manual processes and HR gaps. All this, and more, in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. NCSC sees surge in ransomware attacks on education institutions
The U.K. National Cyber Security Centre issued an alert about a surge in ransomware attacks against education institutions. The British security agency is urging the institutions in the industry to follow the recommendations to mitigate the risk of exposure to ransomware attacks.
Read more »
2. Google App Engine feature abused to create phishing pages
A newly discovered technique shows how Google's App Engine domains can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products. What makes Google App Engine infrastructure risky in how the subdomains get generated and paths are routed.
Read more »
3. SecOps teams wrestle with manual processes, HR gaps
Only about half of enterprises are satisfied with their ability to detect cybersecurity threats, according to a survey from Forrester. 79% of enterprises covered in the survey have experienced a breach in the past year, and nearly 50% have been breached in the past six months.
Read more »
4. Patient dies after ransomware attack paralyzes German hospital systems
German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away. The incident marks the first recorded casualty as a consequence of cyberattacks on critical healthcare facilities.
Read more »
5. Bug could let attackers hijack Firefox for Android via Wi-Fi network
Last week, security researchers published an alert that demonstrates the exploitation of a recently disclosed high-risk remote command execution vulnerability affecting the Firefox app for Android. The vulnerability resides in the SSDP engine of the browser that can be exploited against devices on the same Wi-Fi network as the attacker.
Read more »
6. Maze Ransomware adopts Ragnar Locker virtual machine approach
The operators of the Maze ransomware are now distributing ransomware payloads via virtual machines. It’s a radical approach meant to help the ransomware get around endpoint defense. The attackers bundled a stripped down, 11-year-old copy of the VirtualBox hypervisor inside the malicious file, which runs the VM as a headless device with no user interface.
Read more »
7. Researchers uncover 6-year cyberespionage campaign
New research offers insights into a six-year-long surveillance campaign targeting expats and dissidents with an intention to steal sensitive information. The threat actor orchestrated the campaign with at least two different moving parts — one for Windows and the other for Android.
Read more »
8. U.S. Treasury sanctions international hacking group
The U.S. government imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors.
Read more »
9. Mozi Botnet responsible for most of the IoT Traffic
The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, according to an IBM report. It is actively targeting Netgear, D-Link and Huawei routers by probing for weak Telnet passwords to compromise them. It implements a custom extended Distributed Hash Table protocol that provides a lookup service similar to a hash table.
Read more »
10. Tutanota encrypted email service suffers DDoS cyberattacks
Tutanota experienced a series of DDoS attacks last week, targeting the Tutanota website and its DNS providers. The outage was further exacerbated by the fact that different DNS servers continued to cache the incorrect entries for the domain. The second iteration of the DDoS attack hit the DNS provider which hosts records for Tutanota.
Phishing simulations & training
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: Ransomware casualty, Google App Engine phish, SecOps struggling
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
