Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
An ex-employee leaks a Yandex source code repository, malware campaign infects over 4,500 WordPress sites and the new SwiftSlicer wiper tool. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Yandex blames former employee for source code leak, denies hack
An ex-employee of Yandex has allegedly stolen its source code repository. The leaker recently posted a magnet link on a popular hacking forum, claiming it to be Yandex git source carrying 44.7 GB of files stolen from the Russian technology company. Security researcher Arseniy Shestakov analyzed the leaked repository and revealed it contains code and technical data about various Yandex products, including the Yandex search engine. Yandex has officially stated that its systems weren’t hacked and attributed the leak to a former employee.
2. Over 4,500 WordPress sites have been compromised in a widespread malware operation
A widespread campaign as part of a long-running operation that’s thought to be active since 2017 has infected over 4,500 WordPress websites. According to the cybersecurity company Sucuri, the campaign involves the injection of an obfuscated JavaScript designed to redirect visitors to sketchy malicious websites. When unsuspecting users land on one of the malicious sites, a traffic direction system is used to trigger a redirect chain, leading the victims to webpages serving sketchy ads about items that ironically block unnecessary ads.
3. Hackers use new SwiftSlicer wiper malware to attack Ukraine
ESET researchers have identified a new form of wiper malware being used in attacks against Ukrainian organizations. Dubbed SwiftSlicer, the malware is written in a highly versatile, cross-platform programming language called Go. Researchers state that once SwiftSlicer is executed on a network of a targeted firm, it deletes shadow copies, uses 4096 bytes length blocks to overwrite files located in the Windows CSIDL_SYSTEM drive and other non-system drives, and reboots the PC. ESET has attributed the attack to the Sandworm APT group.
4. New PlugX malware variant spreads via removable USB devices
Palo Alto Networks Unit 42 has discovered a revamped version of the PlugX malware that can infect any attached USB device automatically. This new version is wormable and can infect the USB device in a way that it remains hidden from the Windows Operating System. In an advisory issued by the Unit, it was revealed that the malware uses an innovative technique to conceal the attacker's files on the USB device, making them visible only on nixOS or by using forensic tools to mount the USB device.
5. U.S. government agencies warn against malicious use of RMM
U.S. Feds have issued a new advisory to warn network protectors against the malicious use of remote management software (RMM) tools. The CISA wrote that adversaries sent phishing emails that resulted in the download of legitimate RMM software that the threat actors used in a refund scam to spoof money from victims’ bank accounts. Using portable executables of such software makes way for adversaries to create local user access without admin privilege. Although the campaign appears to be financially motivated, government agencies believe it could lead to other forms of malicious activity.
See Infosec IQ in action
In this Series
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
