Massive AT&T data breach and fake jobs targeting security researchers
AT&T data breach exposes 9 million user accounts, North Korean adversaries target security researchers with fake job offers and the IceFire ransomware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. AT&T data breach affects 9 million customer accounts, notification issued
AT&T recently disclosed a data breach that impacted around nine million customers. The AT&T breach occurred at a vendor’s system, allowing attackers to access the Customer Proprietary Network Information (CPNI). CPNI is information that telecom companies acquire about subscribers, including services, payment and usage details. The carrier stated that the exposed data did not include financial or other sensitive information, but basic personal information such as customer names, phone numbers, and email addresses was exposed.
2. North Korean hacking group targets security researchers with fake employment offers
A North Korean hacking group, UNC2970, has targeted security researchers and media organizations in the U.S. and Europe using fake job offers. The adversaries use LinkedIn to lure their targets before moving to WhatsApp and sharing a malicious Word document with embedded macros. These macros fetch a trojanized version of TightVNC from compromised WordPress sites, and the attackers establish a foothold in the target's corporate environment using previously unseen malware. UNC2970 has previously targeted tech firms, media groups, and entities in the defense industry.
3. Enterprise Linux systems targeted by a new form of IceFire ransomware
Researchers at SentinelOne have observed a recent increase in ransomware attacks targeting Linux enterprise networks, marking a notable shift from a long-standing focus on Windows-only malware. This shift could be due to hackers perceiving Linux as an untapped market. Among the attackers targeting Linux systems is the IceFire ransomware, previously a Windows-based malware. The attackers' modus operandi is straightforward, with valuable data stolen before encryption to ensure payment. Linux-based systems are often used for critical applications and could yield higher returns, making them more valuable targets.
4. Acer discloses data breach after hacker lists 160GB trove of stolen data for sale
Acer has suffered a breach by a hacker claiming to have 160 GB of the PC maker’s data. The culprit is selling access to the stolen files on a hacker forum. The data reportedly includes confidential presentations, product model documentation, and data about the BIOS system used on Acer computers. Acer has confirmed the breach but claims there is no indication that consumer data was stored on the server. This is not the first time Acer has experienced a breach, with the company suffering at least a couple of hacking incidents in 2021.
5. Xenomorph Android malware has a new variant that can target 400+ banks
A new variant of the Android banking trojan Xenomorph has emerged, according to security researchers at ThreatFabric. The updated version, Xenomorph 3rd generation, incorporates Accessibility Services to perform fraud via overlay attacks. Xenomorph also has cookie-stealing capabilities, which allow cybercriminals to perform account takeover attacks. The malware is being distributed through Discord’s Content Delivery Network (CDN) and has expanded its target from 56 European banks to over 400 banking and financial institutions.
See Infosec IQ in action
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Massive AT&T data breach and fake jobs targeting security researchers
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
