Cybersecurity Weekly: UScellular data breach, Emotet takedown, Washington State breach
UScellular suffers a data breach. Europol announces a takedown of the Emotet botnet. A data breach exposes 1.6 million jobless claims filed in Washington State. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. UScellular data breach: Attackers ported customer phone numbers
U.S. wireless carrier UScellular discloses a data breach that exposed personal information of its customers. Then threat actors tricked UScellular employees working in retail stores into downloading and installing malicious software. The malware allowed the attackers to access the CRM using the employee’s accounts and then access personal information.
2. Europol announces takedown of the Emotet botnet
Europol has announced that following a global operation by law enforcement and judicial authorities, the Emotet botnet has been disrupted and law enforcement agencies have seized control of its infrastructure. The takedown was planned for two years and involved Europol, Eurojust, the FBI, the Royal Canadian Mounted Police and the U.K. National Crime Agency.
3. Data breach exposes 1.6 million jobless claims filed in Washington State
The Office of the Washington State Auditor said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerability in Accellion's File Transfer Appliance service.
4. SonicWall SMA 100 zero-day exploit actively used in the wild
A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity researchers. SonicWall has not provided many details as the investigation is ongoing, but they stated it likely affects their SMA 100 series line of remote access appliances.
5. A new software supply‑chain attack targeted millions with spyware
Cybersecurity researchers disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. The highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in Taiwan, Hong Kong and Sri Lanka.
6. New cryptojacking malware targeting Apache and Oracle servers
A financially-motivated threat actor leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. The Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as new evasion tactics to sidestep detection methods.
7. Google discloses severe bug in Libgcrypt encryption library
A severe vulnerability in GNU Privacy Guard's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero.
8. Google uncovers new iOS security feature after zero-day attacks
Last week, Google disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. The new, tightly sandboxed BlastDoor service is now responsible for almost all parsing of untrusted data in iMessages.
9. SpamCop anti-spam service suffers an outage after its domain expired
Last week, mail administrators, organizations and ISPs worldwide suddenly found that their outgoing mail was being rejected by mail servers using the SpamCop service. It turns out that this was a false positive caused by the spamcop.net domain expiring and being parked at the Sedo domain parking service with a wildcard DNS resolution.
10. Scammers posing as FBI agents threaten targets with jail time
The U.S. Federal Bureau of Investigation is warning of scammers actively posing as FBI representatives and threatening targets with fines and jail time unless they don't hand out personal and/or financial information. Multiple versions of the government impersonation scam have been reported in recent days, all of which exploit intimidation tactics.
In this Series
- Cybersecurity Weekly: UScellular data breach, Emotet takedown, Washington State breach
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
