Moscow ISP revenge hack and Microsoft Sharepoint bug warning
Ukrainian cyber group takes down Moscow ISP in revenge hack, CISA warns about exploitation of critical SharePoint vulnerability and fake 401K statements decoy. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Ukraine claims responsibility for Moscow internet service provider hack
Ukrainian hackers linked to the country's spy agency breached Moscow-based M9 Telecom in retaliation for a Russian cyber attack on Kyivstar, Ukraine's largest telecom operator. The group, known as "Blackjack" and connected to Ukraine's Security Service, deleted 20 terabytes of data, causing internet outages in Moscow. The CEO of M9 Telecom declined to comment on the attack, and its full extent remains unverified.
2. CISA warns of critical SharePoint privilege escalation vulnerability
CISA warns that hackers are exploiting a critical SharePoint vulnerability that allows admin privilege escalation. Identified as CVE-2023-29357, attackers can combine it with another vulnerability to execute arbitrary code. STAR Labs' Jang demonstrated this exploit chain at Pwn2Own 2023, following which a proof-of-concept was released on GitHub.
3. Threat actors use fake 401k year-end statements to spoof corporate credentials
Cofense reports that hackers are using fake 401(k) updates, salary changes, and performance reports to steal employee credentials. They send phishing emails posing as HR, with QR codes leading to fraudulent sites. This tactic fools even employees at companies with strong email security. Cofense advises HR departments to clearly schedule real communications to help employees spot these scams.
4. Medusa ransomware gang ramp up activities with new attacks identified
Palo Alto Networks' Unit 42 reports that the Medusa ransomware group is intensifying its activities. Using a blog and a Telegram channel, Medusa posts stolen data and pressures victims with ransom demands, including double extortion for decryption and preventing data leaks. Their transparent extortion methods have affected 74 organizations, underscoring the growing threat of ransomware and the need for robust cybersecurity measures.
5. Hackers exploit Ivanti VPN zero-days to deploy custom malware
Mandiant reports that hackers have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure for espionage since December 2023. Tracked as CVE-2023-46805 and CVE-2024-21887, these flaws allow attackers to bypass authentication and inject arbitrary commands. UNC5221, the threat group behind these exploits, used the opportunity to deploy multiple families of custom malware.
Phishing simulations & training
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
