Cybersecurity Weekly: UPS attack warning from CISA and DOE, Lapsus$ hacker group takedown and a surprising new text scam

April 4, 2022 by Ryan Miner

CISA and DOE warn users to take connected UPS devices offline, Lapsus$ hacker group takedowns net surprising targets, and scam text victims are getting messages from…themselves. All these and more in this week’s edition of Cybersecurity Weekly.

1. CISA, DOE Warn of Uninterruptible Power Supply Attacks 

Threat actors are hacking Internet-connected uninterruptible power supply (UPS) devices, typically via default username and password combinations, the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy (DoE) warned this week in a joint alert.
Read more »

2. Lapsus$ Hacking Group May Be a Bunch of Teenagers

Experts suggested that there was some skill involved in the attacks, using advanced attack methods to compromise companies such as Okta, which is known for its security measures.
Read more »

3. Calendly Actively Abused in Microsoft Credentials Phishing

Phishing actors are actively abusing Calendly, a meeting scheduling calendar app, to kick off a clever sequence to trick targets into entering credentials on the phishing page.
Read more »

4. People Are Getting Scam Texts From…Themselves

A seemingly widespread scam tries to get people to click on a phishing link contained in a text that appears to come from a target’s own number.
Read more »

5. Apple, Meta Duped by Law Enforcement-Spoofing Hackers

Apple and Meta, the parent company of Facebook, have been tricked into providing personal information of their users, such as phone numbers, home addresses, and IP addresses, to youth hackers in the US and UK.
Read more »

Posted: April 4, 2022
Ryan Miner
View Profile