U.S. Marshals service breach and TPM 2.0 security flaws
Hackers steal sensitive data from U.S. Marshals Service systems, TPM 2.0 security flaws could allow cybercriminals to steal cryptographic keys and the MQsTTang custom backdoor. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Hackers use ransomware against U.S. Marshals Service, steal law enforcement data
A U.S. Marshals Service spokesperson confirmed that a ransomware attack allowed hackers to steal data from USMS’s systems. The stolen data contained sensitive law enforcement info, including administrative and legal returns, and personal data of subjects of investigations, third parties, and some USMS employees. The system has since been disconnected, and the Department of Justice is conducting a forensic investigation, categorizing it as a "major incident." Notably, this is the second cyberattack to hit a U.S. federal law enforcement agency in February.
2. New flaws in TPM 2.0 Library could impact billions of IoT devices
Cybersecurity research firm Quarks Lab has uncovered two vulnerabilities in the Trusted Platform Module (TPM) 2.0 that could lead to sensitive data leakage or escalation of privileges. The flaws discovered in November impact revisions 1.59, 1.38, and 1.16 of the TPM's reference implementation code. These vulnerabilities occur when handling malicious TPM 2.0 commands with encrypted parameters. TCG, the publisher of the TPM 2.0 Library documentation, has updated its Errata for TPM 2.0 Library Specification with guidelines on how to fix the issues before their public disclosure.
3. Chinese Mustang Panda group using new MQsTTang backdoor against European entities
Chinese cyber espionage group Mustang Panda was recently seen using a new backdoor named MQsTTang. This malware was discovered as part of a social engineering campaign aimed at entities in Europe and Asia since January 2023. ESET's research reveals that the backdoor is a barebones single-stage implant that allows the execution of arbitrary commands received from a remote server via an IoT messaging protocol called MQTT for command-and-control communications. The attack starts with spearphishing and decoy file names related to diplomatic themes. ESET has also noted the use of previously undocumented tools distributed through an FTP server linked to the threat actor.
4. Hackers could exfiltrate data from Google Cloud without being detected
Mitiga researchers have discovered that Google Cloud Platform (GCP) storage buckets may not be as secure as previously thought. Attackers can potentially exfiltrate company data from them without leaving forensic traces of malicious activity in GCP's storage access logs. This follows recent concerns raised by researchers regarding Google Cloud Storage's potential security issues, including vulnerabilities in third-party storage solutions and the need for companies to understand and secure their cloud storage infrastructure.
5. Royal ransomware growth poses widespread risks, warns U.S. advisories
A joint advisory by CISA and FBI warns of rising Royal ransomware attacks targeting critical infrastructure, including healthcare, communications, and education. The agencies shared indicators of compromise and TTPs to detect and block Royal ransomware payloads on networks. Enterprises should prioritize the remediation of known vulnerabilities and train employees to identify and report phishing attempts. Multi-factor authentication should be enforced to strengthen cybersecurity defenses. Victims have been urged to report Royal ransomware incidents to the FBI or CISA and not to pay any ransom. Royal ransomware operators demand hefty ransom payments and deceive corporate victims with callback phishing attacks.
Phishing simulations & training
In this Series
- U.S. Marshals service breach and TPM 2.0 security flaws
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
