University of Manchester hack and Honda API flaws
The University of Manchester says data was likely stolen in a cyberattack, Honda API flaws expose sensitive customer information and Asylum Ambuscade’s espionage activities. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. University of Manchester suffers a data breach, says information ‘likely’ stolen
The University of Manchester has issued a warning regarding a cyberattack that led to unauthorized access to some of their systems and likely data theft. The breach was discovered on June 6th, prompting an ongoing investigation by internal and external experts. Relevant authorities, including the Information Commissioner's Office and the National Cyber Security Centre, have been notified. The university has expressed regret over the incident and is dedicating all available resources to resolve the issue.
2. Honda e-commerce API vulnerabilities exposed customer and dealer data
Honda's ecommerce platform used for equipment sales suffered serious vulnerabilities that could have exposed customer and dealer information. Discovered by researcher Eaton Zveare, the flaws allowed unauthorized access to customer orders, names, addresses, and phone numbers. Zveare also identified the potential modification of over 1,500 dealer sites and the acquisition of private keys for payment services. Although Honda promptly addressed the issues, the company doesn't have a bug bounty program and didn't reward the researcher. Additionally, no evidence of malicious exploitation was found.
3. Asylum Ambuscade hackers combine cyber heists with espionage
Researchers have linked a series of APT-like espionage activities and financially motivated attacks to a cybercrime group named "Asylum Ambuscade." ESET analysis reveals that the group has been active since 2020, conducting spear-phishing campaigns against European government staff and targeting bank customers and cryptocurrency traders through malicious Google Ads. The compromise chains and malware variants used in both attacks (AHKBOT and SunSeed) are remarkably similar. While the group's motivations and affiliations remain uncertain, researchers emphasize the need to monitor their activities closely.
4. Cybercriminal using new PowerDrop malware to target U.S. aerospace
An unidentified threat actor has targeted the U.S. aerospace industry with PowerDrop, a newly discovered PowerShell-based malware. PowerDroputilizes advanced evasion techniques, including encryption and decoding. Acting as a post-exploitation tool, it gathers information from compromised networks. The malware then communicates with a command-and-control server using ICMP messages and executes PowerShell commands via the Windows Management Instrumentation service. Despite its basic nature, PowerDrop demonstrates the ability to evade endpoint defenses, suggesting the involvement of more sophisticated cybercriminals.
5. 60K+ Android apps spread adware for months without detection
Romanian cybersecurity firm Bitdefender has uncovered a staggering 60,000 Android apps that have been silently infecting mobile devices with adware over the past six months. Using its anomaly detection feature, the firm warns that these malicious apps are disguised as legitimate applications and primarily target users in the United Kingdom, United States, South Korea, Germany, France, and Brazil. The apps are distributed through third-party websites and employ stealthy installation techniques to evade detection. While currently displaying ads, they have the potential to carry more dangerous payloads such as banking Trojans or ransomware.
Phishing simulations & training
In this Series
- University of Manchester hack and Honda API flaws
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
