JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
A server hack exposes the data of 10 million JD Sports customers, a massive ransomware campaign exploits VMware bug targeting ESXi servers and the stealthy HeadCrab malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. JD Sports reveals data of 10 million customers was accessed in a cyber attack
British sports apparel chain JD Sports has reported a data breach that has affected more than 10 million customers. The breach occurred after a server containing online order information for customers was hacked. Information accessed during the breach may include email addresses, names, phone numbers, the last four digits of payment cards, order details and billing addresses. The company said it proactively contacted the affected parties and urged all customers to remain vigilant for fraud and phishing attacks.
2. Massive ransomware campaign exploits VMware bug to target ESXi servers
CERT-FR has warned about a large ransomware campaign that’s targeting VMware ESXi hypervisors across the globe. The attack targets a heap-overflow weakness in VMware ESXi to deploy a new ESXIArgs ransomware. Tracked as CVD-2021-21974, the vulnerability was first reported in February 2021 and patches were made available for it in VMWare’s security advisory. CERT-FR recommends applying the patches as directed in the advisory and deactivating the SLP service on ESXI servers yet to be updated.
3. Stealthy HeadCrab malware infects 1,200 Redis servers
A new malware has infected over 1,200 Redis database servers worldwide since September 2021, and another 2,800 servers remain at high risk of exploitation, according to Aqua Nautilus security researchers. The malware, which they’re calling HeadCrab, is designed to evade detection by running solely in memory and communicating with legitimate IP addresses. The main purpose of the malware is to build a botnet for cryptocurrency mining, but it also has the capability to perform other malicious activities such as executing shell commands, loading fileless kernel modules, and exfiltrating data to remote servers.
4. Instant Checkmate and TruthFinder confirm data breach impacting 20 million users
Owners of background check services Instant Checkmate and TruthFinder recently confirmed they experienced a data breach after adversaries leaked an old database containing the information of millions of users. On 21st January, an associate of the breached hacking and data breach forum published the data of allegedly 20.22 million of the services’ customers. The leaked information includes email addresses, hashed passwords, names and phone numbers. The parent company behind these services, PeopleConnect, is investigating the incident and believes it was an accidental leak.
5. EV charging stations at risk of DoS and DDoS attacks
Security researchers have revealed that hackers could exploit weaknesses in a popular networking protocol for electric vehicle chargers to remotely shut down EV charging stations. The flaws in the OCPP protocol, when exploited, allow a hacker to hijack the connection between the charger and the management platform, potentially leading to a denial of service attack. Sensitive information such as server credentials and payment card data is at risk. Although a fix is available, the slow application of updates in the electric vehicle industry remains a concern.
Phishing simulations & training
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
