Discord.io data breach and Ivanti Avalanche vulnerabilities
Discord.io suffers a massive hack exposing the data of 760,000 users, critical flaws in Ivanti Avalanche put 30,000 organizations at risk and the Apple iOS 16 fake Airplane mode exploit. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Discord.io suffers massive data breach, exposes data of 760,000 users
Discord.io, a third-party service offering custom Discord channel invites, ceased operations following a data breach that exposed 760,000 users' data. The breach came to light when a person known as 'Akhirah' attempted to sell the Discord.io database on the resurrected Breached hacking forum. Akhirah cited issues with Discord.io's alleged links to harmful content as a motivator beyond financial gain. Exposed data includes usernames, email addresses and encrypted passwords. Despite the encrypted nature of passwords, Discord advises users to exercise caution against potential phishing attempts.
2. Security flaws in Ivanti Avalanche threaten 30,000 organizations
Ivanti Avalanche, utilized by 30,000 organizations for mobile device management, has reported critical security vulnerabilities. Labeled as CVE-2023-32560, with a high CVSS score of 9.8, these flaws stem from stack-based buffer overflows. Cybersecurity firm Tenable highlights that processing specific data types can trigger these overflows. This vulnerability allows unauthenticated attackers to trigger buffer overflows, potentially causing system crashes or enabling code execution. Ivanti has since launched Avalanche version 6.4.1 to address these issues and six additional vulnerabilities. With rising scrutiny on Ivanti's security, users are urged to update swiftly.
3. Cybersecurity experts share new Apple iOS 16 exploit using fake Airplane Mode
Researchers from Jamf Threat Labs have uncovered a potential exploit in iOS 16 that tricks users into thinking their device is in Airplane Mode. In reality, it only simulates the appearance of Airplane Mode while allowing connectivity for a rogue app. This means attackers can retain access even when users believe their device is offline. The experts achieved this by manipulating two daemons responsible for Airplane Mode’s UI and cellular data connectivity. This simulated mode replicates expected behaviors, like the inability to access the internet in certain apps. So far, this technique hasn’t been used in real-world cyberattacks.
4. Chinese cybercriminals use DDL hijacking to target Southeast Asian gambling sector
SentinelLabs has unveiled a fresh cyberespionage attack on Asian gambling firms believed to originate from the Chinese hacking group Bronze Starlight. It manipulates vulnerabilities in software such as Adobe Creative Cloud and Microsoft Edge to plant Cobalt Strike beacons on target computers. A stolen code signature from Singapore's VPN provider, PMG PTE, is also used, a tactic seen in other Chinese cyberattacks. While evidence suggests Bronze Starlight's involvement, attributing the attacks is complex due to shared tactics and tools among Chinese cyber groups. Interestingly, the malware avoids devices in countries like the UK, the U.S. and Canada.
5. Attackers target top U.S. energy company with QR code phishing
Phishing threat management company Cofense recently identified a campaign employing QR codes to target a leading US energy firm. The attackers used these codes to navigate around traditional email security defenses, sending malicious emails under the guise of updating Microsoft 365 account settings. Nearly 29% of over 1,000 malicious emails focused on this energy company, with others targeting various sectors. The scale and sophistication of this campaign indicate a potentially growing trend in QR code phishing tactics.
See Infosec IQ in action
In this Series
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
