Cybersecurity Weekly: UScellular data breach, Emotet takedown, Washington State breach

February 2, 2021 by Sam Fay

UScellular suffers a data breach. Europol announces a takedown of the Emotet botnet. A data breach exposes 1.6 million jobless claims filed in Washington State. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. UScellular data breach: Attackers ported customer phone numbers

U.S. wireless carrier UScellular discloses a data breach that exposed personal information of its customers. Then threat actors tricked UScellular employees working in retail stores into downloading and installing malicious software. The malware allowed the attackers to access the CRM using the employee’s accounts and then access personal information.
Read more »

2. Europol announces takedown of the Emotet botnet

Europol has announced that following a global operation by law enforcement and judicial authorities, the Emotet botnet has been disrupted and law enforcement agencies have seized control of its infrastructure. The takedown was planned for two years and involved Europol, Eurojust, the FBI, the Royal Canadian Mounted Police and the U.K. National Crime Agency.
Read more »

3. Data breach exposes 1.6 million jobless claims filed in Washington State 

The Office of the Washington State Auditor said it’s investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerability in Accellion’s File Transfer Appliance service.
Read more »


4. SonicWall SMA 100 zero-day exploit actively used in the wild

A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity researchers. SonicWall has not provided many details as the investigation is ongoing, but they stated it likely affects their SMA 100 series line of remote access appliances.
Read more »


5. A new software supply‑chain attack targeted millions with spyware

Cybersecurity researchers disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. The highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in Taiwan, Hong Kong and Sri Lanka.
Read more »


6. New cryptojacking malware targeting Apache and Oracle servers

A financially-motivated threat actor leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. The Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as new evasion tactics to sidestep detection methods.
Read more »


7. Google discloses severe bug in Libgcrypt encryption library

A severe vulnerability in GNU Privacy Guard’s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero.
Read more »


8. Google uncovers new iOS security feature after zero-day attacks

Last week, Google disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. The new, tightly sandboxed BlastDoor service is now responsible for almost all parsing of untrusted data in iMessages.
Read more »


9. SpamCop anti-spam service suffers an outage after its domain expired

Last week, mail administrators, organizations and ISPs worldwide suddenly found that their outgoing mail was being rejected by mail servers using the SpamCop service. It turns out that this was a false positive caused by the domain expiring and being parked at the Sedo domain parking service with a wildcard DNS resolution.
Read more »


10. Scammers posing as FBI agents threaten targets with jail time

The U.S. Federal Bureau of Investigation is warning of scammers actively posing as FBI representatives and threatening targets with fines and jail time unless they don’t hand out personal and/or financial information. Multiple versions of the government impersonation scam have been reported in recent days, all of which exploit intimidation tactics.
Read more »

Posted: February 2, 2021
Sam Fay
View Profile