Cybersecurity Weekly: SonicWall zero-day, Experian leak, Python vulnerability
Hackers exploit a SonicWall zero-day bug in ransomware attacks. An Experian API exposed the credit scores of most Americans. Python was impacted by a critical IP address validation vulnerability. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Hackers exploit SonicWall zero-day bug in ransomware attacks
A financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances to deploy a new strain of ransomware called FIVEHANDS. The group took advantage of an improper SQL command neutralization flaw that allows an unauthenticated attacker to achieve remote code execution.
2. Experian API exposed credit scores of most Americans
Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address. Experian says it plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.
3. Python impacted by critical IP address validation vulnerability
Python’s ipaddress standard library also suffers from the critical IP address validation vulnerability identical to the flaw that was reported in the netmask library earlier this year. The module provides developers with functions to easily create IP addresses and to parse and normalize IP addresses inputted in different formats.
4. Task force seeks to disrupt ransomware payments
In an 81-page report from last week, top executives from several security firms joined the U.S. Department of Justice, Europol and the U.K. National Crime Agency in calling for an international coalition to combat ransomware criminals, and for a global network of ransomware investigation hubs.
5. Passwordstate warns of ongoing phishing attacks following data breach
Last week, Click Studios warned customers of an ongoing phishing attack by an unknown threat actor. Attackers employed sophisticated techniques to compromise Passwordstate's update mechanism, using it to drop malware on user computers. Only customers who performed in-place upgrades between April 20 and April 22 are said to be affected.
6. New PHP composer bug could enable supply-chain attacks
The maintainers of Composer shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and backdoor every PHP package, resulting in a supply-chain attack. The security issue was discovered and reported on April 22, and a hotfix was deployed less than 12 hours later.
7. LuckyMouse hackers target banks, companies and governments
An adversary known for its watering hole attacks against government entities was linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named EmissarySoldier, is said to have happened in 2020 with the goal of obtaining geopolitical insights in the region.
8. Stolen ParkMobile data is now free for scammers
Account information of almost 22 million ParkMobile customers is now in the hands of hackers and scammers after the data was released for free on a hacking forum. After a threat actor is unable to sell a stolen database or buyers begin to show little interest, it is common for the stolen data to be released on hacker forums for free.
9. Hotbit cryptocurrency exchange down after hackers targeted wallets
Cryptocurrency trading platform Hotbit shut down all services for at least a week after a cyberattack that took down several of its services last Thursday evening. Hotbit assured its roughly 2 million registered users from over 210 countries that their cryptocurrency assets were safe and secure.
10. Rust-based Buer malware variant spotted in the wild
Cybersecurity researchers disclosed a new malspam campaign distributing a fresh variant of a malware loader called Buer written in Rust. Dubbed RustyBuer, the malware is propagated via emails masquerading as shipping notices from DHL Support, and is said to have affected more than 200 organizations across more than 50 verticals since early April.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: SonicWall zero-day, Experian leak, Python vulnerability
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
