Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
Boeing confirms ransomware attack by Lockbit gang, researchers spot WhatsApp mods with dangerous spyware and Apple’s "Find My" network vulnerability. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Boeing confirms ransomware attack after Lockbit Gang’s revelations
Boeing has confirmed it was hit with a cyberattack after the LockBit ransomware gang claimed responsibility. Jim Proulx, the company's spokesperson, stated the attack targeted Boeing distribution operations but assured it does not compromise flight safety. The confirmation follows LockBit's threat to release Boeing's data if a ransom was not paid. Boeing has not disclosed whether it has entered into ransom negotiations or if it complied with the demand.
2. Researchers spot multiple WhatsApp mods with CanesSpy Spyware
Kaspersky researchers have uncovered several WhatsApp mods containing the CanesSpy spyware. This malicious module stealthily harvests device information and transmits it to a command-and-control server. It activates with common phone events, like charging, putting personal data at constant risk. Users in multiple countries have been affected, prompting a strong recommendation to use only official apps for communication.
3. Apple’s ‘Find My’ network vulnerability makes it prone to keylogger abuse
Apple's "Find My" network has a vulnerability that keyloggers in keyboards can exploit to access sensitive data. Designed to locate Apple devices, the network can be hijacked to transmit arbitrary data via Bluetooth. Researchers showcased this by integrating a keylogger with a Bluetooth transmitter, revealing a stealthy data theft method using Apple's extensive location-sharing system. This technique eludes Apple's anti-tracking features, posing a significant security risk to the "Find My" service.
4. New ‘KandyKorn’ macOS malware targets blockchain community and engineers
Elastic Security recently uncovered macOS malware linked to North Korea's Lazarus group. Dubbed KandyKorn, it targets cryptocurrency exchange engineers via Discord. Victims are tricked into downloading a malicious 'Cross-platform Bridges.zip' file. Inside, a Python script triggers a chain ending in the KandyKorn payload, which stealthily operates to steal data. This discovery highlights Lazarus' focus on financial theft and its sophisticated approach to targeting macOS systems.
5. Researchers uncover massive URL shortening service run by cybercriminals
Infoblox revealed last week that a threat actor known as Prolific Puma has been running a link-shortening service for cybercriminals. Over the past four years, this service has secretly registered thousands of US domains to enable phishing and malware attacks. The source also found that Prolific Puma has facilitated a range of cybercrimes while cleverly avoiding detection via tactics like aging domains and Bitcoin payments.
Phishing simulations & training
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
