Cybersecurity Weekly: Thunderbolt flaws, DocuSign phishing, Sharefile vulnerability
New Thunderbolt security flaws affect systems shipped before 2019. A DocuSign phishing campaign uses COVID-19 as bait. A Citrix ShareFile flaw could let attackers steal data. All this, and more, in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. New Thunderbolt security flaws affect systems shipped before 2019
Attackers who gain physical access to Windows, Linux or macOS devices can access and steal data from their hard drives by exploiting seven vulnerabilities found in Intel's Thunderbolt hardware interface and collectively known as Thunderspy. The new attack makes it possible for attackers to steal information from any vulnerable Thunderbolt-enabled device.
Read more »
2. DocuSign phishing campaign uses COVID-19 as bait
DocuSign users on Office 365 are the target of a new phishing campaign that features COVID-19 as a lure to convince them to offer up their credentials in return for pandemic information. According to researchers, up to 60,000 DocuSign users have received the phishing email, which purports to be an automated message from DocuSign.
Read more »
3. Citrix ShareFile flaw could let attackers steal data
Over the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting the Citrix ShareFile content collaboration platform. If exploited, the vulnerabilities could allow an unauthenticated attacker to access sensitive ShareFile documents and folders.
Read more »
4. Black Hat and DEF CON security conferences go virtual
DEF CON and Black Hat announced last week that their security conferences in Las Vegas this summer will no longer be in-person. DEF CON, who has a running joke every year that their conference is being canceled, have actually gone through with it and now entered “Safe Mode with Networking”' as they switch to an online conference.
Read more »
5. Rail vehicle manufacturer Stadler hit by cyberattack
International rail vehicle construction company Stadler disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data. After the attack was discovered and contained, the attackers also asked for a large ransom and attempted to blackmail the company by threatening to leak stolen data.
Read more »
6. DigitalOcean data leak incident exposed some of its customers’ data
DigitalOcean, one of the biggest modern web hosting platforms, was recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it has started warning affected customers of the scope of the breach via an email.
Read more »
7. ChatBooks discloses data breach after data sold on dark web
ChatBooks photo print service has informed its customers that user information was stolen from their systems following a cyberattack. Data consisting of 15 million user records is now being offered for sale on the dark web. This breach is part of a spree of leaks from a group of hackers that is now selling over 73 million user records from 11 companies.
8. Sodinokibi ransomware can now encrypt open and locked files
The Sodinokibi ransomware added a new feature that allows it to encrypt more of a victim's files, even those that are opened and locked by another process. Cyber researchers spotted Sodinokibi using the Windows Restart Manager API to close processes or shut down Windows services keeping a file open during encryption.
Read more »
9. Undisclosed critical vulnerability affects vBulletin forums
Maintainers of the vBulletin project recently announced an important patch update, but didn't reveal much information on the underlying security vulnerability. Cybersecurity researchers and hackers have already started reverse-engineering the software patch to locate and understand the vulnerability.
Read more »
Phishing simulations & training
10. Over 4,000 Android apps expose users' data in misconfigured Firebase databases
According to a report by cybersecurity researcher Bob Diachanko, more than 4,000 Android apps that use Google's cloud-hosted Firebase databases are unknowingly leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.
Read more »
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: Thunderbolt flaws, DocuSign phishing, Sharefile vulnerability
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
