Hyundai data breach and Microsoft’s warning to accountants
Hyundai data breach exposes sensitive customer data, Microsoft warns accountants of phishing near Tax Day and the Goldoson Android malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Hyundai data breach compromises details of Italian and French car owners
Hyundai recently disclosed a data breach impacting car owners in Italy and France. The attackers managed to spoof personal data, including physical addresses, email IDs, telephone numbers, and vehicle chassis numbers. Notably, no financial data or identification numbers were stolen. In response, Hyundai has taken impacted systems offline and engaged IT experts to implement additional security measures. Customers are warned to be cautious of unsolicited emails and texts claiming to be from Hyundai, as they could be phishing attempts.
2. Microsoft warns accountants of phishing as U.S. Tax Day looms
Microsoft has warned accountants of cybercriminals leveraging the U.S. Tax Day deadline on April 18. Accounting and tax preparation firms are being targeted in a malware campaign disguised as client emails. The emails contain links to download password-protected PDFs, which initiate the download of malicious content, including the Remcos Remote Access Trojan (RAT). This allows hackers to potentially gain unauthorized access to victims' computers and networks. Companies are urged to implement layered defense, patch vulnerabilities and follow safe computing practices to mitigate the risks.
3. Android malware piggybacks on 60 legitimate apps with 100M downloads
An Android malware called Goldoson has infiltrated 60 Google Play apps with 100 that collectively have 100 million installs. The malware is part of a third-party library unknowingly added by developers to their apps. Goldoson is capable of collecting data on Wi-Fi and Bluetooth-connected devices, and GPS locations, as well as performing ad fraud by clicking ads in the background without user consent. While many impacted apps have been cleaned or removed from Google Play, the risk remains as Goldoson may also be present in third-party Android app stores. Users should be vigilant for signs of adware and malware infection, such as device overheating, quick battery drainage and unusually high data usage.
4. Ransomware attack prompts Yum! Brands to disclose a data breach
Yum! Brands, the US-based fast-food giant behind beloved chains like KFC, Pizza Hut and Taco Bell, fell victim to a cyberattack on January 18, 2023. The malicious actor gained unauthorized access to Yum! Brands' network, resulting in the temporary closure of approximately 300 UK restaurants. Swift action was taken with Yum! Brands locking down affected systems and notifying law enforcement. The company has reassured that there is no evidence of identity theft or fraud with the stolen data, and customer information remains unaffected. Also, it doesn’t expect any significant impact on its business or financial results, as stated in a report filed with the U.S. Securities and Exchange Commission.
5. Hackers selling Python-based credential harvester on Telegram
Legion, a new Python-based credential harvester and hacking tool, is being promoted on Telegram as a means for threat actors to exploit online services. It resembles AndroxGh0st malware and targets vulnerable SMTP servers, conducts remote code execution attacks and exploits unpatched Apache versions. It retrieves credentials for email providers, cloud services and payment platforms. Legion also exploits PHP vulnerabilities for web shell access and delivers SMS spam messages to U.S. mobile networks. The threat actor behind Legion remains unknown, and users of vulnerable web server technologies are urged to review security processes.
Phishing simulations & training
In this Series
- Hyundai data breach and Microsoft’s warning to accountants
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
