Cybersecurity Weekly: UPS attack warning from CISA and DOE, Lapsus$ hacker group takedown and a surprising new text scam
CISA and DOE warn users to take connected UPS devices offline, Lapsus$ hacker group takedowns net surprising targets, and scam text victims are getting messages from…themselves. All these and more in this week’s edition of Cybersecurity Weekly.
1. CISA, DOE Warn of Uninterruptible Power Supply Attacks
Threat actors are hacking Internet-connected uninterruptible power supply (UPS) devices, typically via default username and password combinations, the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy (DoE) warned this week in a joint alert.
2. Lapsus$ Hacking Group May Be a Bunch of Teenagers
Experts suggested that there was some skill involved in the attacks, using advanced attack methods to compromise companies such as Okta, which is known for its security measures.
3. Calendly Actively Abused in Microsoft Credentials Phishing
Phishing actors are actively abusing Calendly, a meeting scheduling calendar app, to kick off a clever sequence to trick targets into entering credentials on the phishing page.
4. People Are Getting Scam Texts From…Themselves
A seemingly widespread scam tries to get people to click on a phishing link contained in a text that appears to come from a target’s own number.
5. Apple, Meta Duped by Law Enforcement-Spoofing Hackers
Apple and Meta, the parent company of Facebook, have been tricked into providing personal information of their users, such as phone numbers, home addresses, and IP addresses, to youth hackers in the US and UK.