Cybersecurity weekly: SolarWinds blames intern, AOL phishing scam, Kia ransomware attack
SolarWinds blames an intern for the weak password that led to a cyberattack. An AOL phishing email states your account will be closed. Kia Motors allegedly suffers a ransomware attack. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. SolarWinds blames intern for weak password that led to cyberattack
As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. The password solarwinds123 was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018.
2. AOL phishing email states your account will be closed
An AOL mail phishing campaign is underway to steal users' login name and password by warning recipients that their account is about to be closed. The email stated that the recipients need to login and verify their account within 72 hours, or AOL will deactivate their account.
3. Kia Motors allegedly suffers a ransomware attack
Kia Motors America was hit by a $20 million ransom by the hackers behind the DoppelPaymer ransomware. The attack took the car manufacturer’s systems offline and the gang has threatened to leak sensitive information if the company didn’t pay up. So far, the attack has created a nationwide outage of internal websites used by dealers.
4. MacBook users vulnerable to EvilQuest ransomware
Security researchers spotted a new ransomware variant that targets macOS devices in the wild. According to Varonis’s February 2021 Malware Trends Report, EvilQuest, also known as ThiefQuest and Mac.Ransom.K, is ransomware that aims to encrypt macOS devices, which are typically less affected by this type of threat.
5. Hackers targeted India's power grid amid geopolitical tensions
Cybersecurity researchers revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and transmission sector.
6. Hackers targeting defense firms with ThreatNeedle malware
A prolific North Korean state-sponsored hacking group is tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings signal an expansion of the APT threat actor's tactics.
7. Cisco releases security patches for critical flaws in its products
Cisco addressed a maximum severity vulnerability in its Application Centric Infrastructure Multi-Site Orchestrator that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. A successful exploit could allow the attacker to receive a token with administrator-level privileges.
8. Malicious Amazon Alexa skills can bypass vetting process
Researchers uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name. The threat actor can then make backend code changes after approval to trick users into giving up sensitive information.
9. NSA embraces the Zero Trust security model
The National Security Agency recently published a document to explain the benefits of adopting a zero-trust model, and advice to navigate the process. A Zero-Trust security model eliminates implicit trust in any entities inside or outside the perimeter of an organization. Instead, it recommends implementing authentication for any processes within the company.
10. New Zealand-based cryptocurrency exchange Cryptopia hacked again
In 2019, the New Zealand-based cryptocurrency exchange disclosed a cyberattack that took place on January 14th. At the time of the first attack, the threat actors stole approximately $30 million worth of cryptocurrencies. The alleged theft happened several months after a former employee stole almost $250,000 worth of cryptocurrency.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity weekly: SolarWinds blames intern, AOL phishing scam, Kia ransomware attack
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
