Hyundai data breach and Microsoft’s warning to accountants
Hyundai data breach exposes sensitive customer data, Microsoft warns accountants of phishing near Tax Day and the Goldoson Android malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Hyundai data breach compromises details of Italian and French car owners
Hyundai recently disclosed a data breach impacting car owners in Italy and France. The attackers managed to spoof personal data, including physical addresses, email IDs, telephone numbers, and vehicle chassis numbers. Notably, no financial data or identification numbers were stolen. In response, Hyundai has taken impacted systems offline and engaged IT experts to implement additional security measures. Customers are warned to be cautious of unsolicited emails and texts claiming to be from Hyundai, as they could be phishing attempts.
2. Microsoft warns accountants of phishing as U.S. Tax Day looms
Microsoft has warned accountants of cybercriminals leveraging the U.S. Tax Day deadline on April 18. Accounting and tax preparation firms are being targeted in a malware campaign disguised as client emails. The emails contain links to download password-protected PDFs, which initiate the download of malicious content, including the Remcos Remote Access Trojan (RAT). This allows hackers to potentially gain unauthorized access to victims' computers and networks. Companies are urged to implement layered defense, patch vulnerabilities and follow safe computing practices to mitigate the risks.
3. Android malware piggybacks on 60 legitimate apps with 100M downloads
An Android malware called Goldoson has infiltrated 60 Google Play apps with 100 that collectively have 100 million installs. The malware is part of a third-party library unknowingly added by developers to their apps. Goldoson is capable of collecting data on Wi-Fi and Bluetooth-connected devices, and GPS locations, as well as performing ad fraud by clicking ads in the background without user consent. While many impacted apps have been cleaned or removed from Google Play, the risk remains as Goldoson may also be present in third-party Android app stores. Users should be vigilant for signs of adware and malware infection, such as device overheating, quick battery drainage and unusually high data usage.
4. Ransomware attack prompts Yum! Brands to disclose a data breach
Yum! Brands, the US-based fast-food giant behind beloved chains like KFC, Pizza Hut and Taco Bell, fell victim to a cyberattack on January 18, 2023. The malicious actor gained unauthorized access to Yum! Brands' network, resulting in the temporary closure of approximately 300 UK restaurants. Swift action was taken with Yum! Brands locking down affected systems and notifying law enforcement. The company has reassured that there is no evidence of identity theft or fraud with the stolen data, and customer information remains unaffected. Also, it doesn’t expect any significant impact on its business or financial results, as stated in a report filed with the U.S. Securities and Exchange Commission.
5. Hackers selling Python-based credential harvester on Telegram
Legion, a new Python-based credential harvester and hacking tool, is being promoted on Telegram as a means for threat actors to exploit online services. It resembles AndroxGh0st malware and targets vulnerable SMTP servers, conducts remote code execution attacks and exploits unpatched Apache versions. It retrieves credentials for email providers, cloud services and payment platforms. Legion also exploits PHP vulnerabilities for web shell access and delivers SMS spam messages to U.S. mobile networks. The threat actor behind Legion remains unknown, and users of vulnerable web server technologies are urged to review security processes.
See Infosec IQ in action