Cybersecurity Weekly: Software skimmer, Android app flaws, Google ad phish
Hackers hide software skimmer in social media sharing icons. Unpatched Android apps put millions of users at risk. MetaMask phishing steals cryptocurrency wallets via Google ads. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Hackers hide software skimmer in social media sharing icons
Security researchers uncovered a new technique to inject a software skimmer onto checkout pages. The malware hides in social media buttons. The attacks used various techniques across the time to carry out an e-skimming attack, such as exploiting flaws in e-commerce platforms like Magento and OpenCart.
2. Unpatched Android apps put millions of users at risk
A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. The bug is rated 8.8 out of 10.0 for severity and impacts Android's Play Core Library.
3. MetaMask phishing steals cryptocurrency wallets via Google ads
Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds to a phishing scam that lured potential victims through Google search ads. MetaMask offers an Ethereum cryptocurrency wallet in the browser via a browser extension that lets distributed applications read from the blockchain.
4. Drug dealers are selling Pfizer COVID vaccines on the darkweb
The UK government announced the distribution of the Pfizer/BioNTech vaccine that has been granted emergency authorization by British regulators. While the first doses are expected to be rolled out from next week, multiple vendors on the darknet are already offering for sale doses of the Pfizer/BioNTech vaccine.
5. Payment card skimmer group using Raccoon info-stealer to siphon off data
A cybercrime group known for targeting e-commerce websites unleashed a multi-stage malicious campaign earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. The campaign progressed in four waves, starting in February and ending in September.
6. Hackers-for-hire group develops new PowerPepper in-memory malware
Last week, cybersecurity researchers disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe and the U.S. The malware has been attributed to the DeathStalker group.
7. Kmart hit by Egregor ransomware
Longtime retailer Kmart has reportedly been hit by a ransomware attack that has shut down access to certain back-end systems. The attack is based on Egregor ransomware, which is a strain that exfiltrates data pre-encryption and then threatens to release sensitive information if a ransom is not paid.
The threat actors behind the Egregor ransomware are showing a prolificacy in their early months of activity. On the heels of targeting struggling U.S. retailer Kmart, the Egregor gang also disrupted the Vancouver metro system with a ransomware attack. The attack left Vancouver residents unable to use their Compass metro cards or pay for new tickets
9. High-severity Chrome bugs allow browser hacks
Google updated its Chrome web browser, fixing four bugs with a severity rating of high and eight overall. Three are use-after-free flaws, which could allow an adversary to generate an error in the browser’s memory, opening the door to a browser hack and host computer compromise.
10. VMware rolls a fix for formerly critical zero-day bug
VMware has patched a zero-day bug that was disclosed in late November — an escalation-of-privileges flaw that impacts Workspace One for both Windows and Linux operating systems. VMware has also revised the CVSS severity rating for the bug to important, down from critical.
In this Series
- Cybersecurity Weekly: Software skimmer, Android app flaws, Google ad phish
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
