Okta support system breach and Google Ads fake KeePass campaign
Okta discloses support system hack caused by stolen credentials, researchers identify fake KeePass site using Google Ads to spread malware and the North Korean IT scam crackdown. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Okta says hackers used stolen credentials to breach its support system
Software vendor Okta revealed a breach in its support management system last week. Attackers accessed customer files containing cookies and session tokens using stolen credentials. David Bradbury, Okta's Chief Security Officer, confirmed the primary Okta service remains secure. The system in question stored HTTP Archive (HAR) files potentially laden with sensitive data, posing a risk of impersonation by malicious actors. In response, Okta advised customers to clean HAR files before sharing, revoked compromised session tokens and notified affected customers.
2. Researchers identify fake KeePass site using Google Ads and Punycode to distribute malware
Malwarebytes recently discovered a Google Ads campaign promoting a fake KeePass download site. The campaign used Punycode to imitate the official KeePass domain, misleading even cautious users. Those duped downloaded malware-laden KeePass installers. Researchers found similar deceptive ads and noted other software, such as WinSCP and PyCharm Professional, were also targeted.
3. U.S. DoJ cracks down on North Korean IT workers using deceptive schemes
The U.S. Department of Justice has seized 17 domains linked to North Korean IT workers accused of defrauding businesses, evading sanctions and funding North Korea's missile program. Confiscating $1.5 million from the operations, these workers, predominantly in China and Russia, posed as legitimate IT professionals to channel funds to North Korea. The domains mimicked authentic U.S. IT companies, prompting the FBI to advise firms to thoroughly vet IT recruits.
4. TetrisPhantom threat actors steal data from encrypted USBs on government computers
Security experts have identified 'TetrisPhantom' as a sophisticated threat utilizing compromised secure USB drives to infiltrate Asia-Pacific government systems. These USBs contain encrypted files, with hackers using decryption software like UTetris.exe. to gain access. Recent findings highlight trojanized UTetris versions on these drives, targeting APAC governments for years. With espionage as its main objective, TetrisPhantom appears to have a specific focus on certain government entities.
5. Casio reveals data breach impacting users across 149 nations
Casio has reported a security breach affecting its ClassPad.net education platform. Intruders accessed a database, compromising details of over 90,000 Japanese customers, including 1,108 educational entities, and data from 35,049 international customers across 149 countries. The information exposed includes names, emails, residence countries, service usage and purchase specifics. Casio cited disabled network security settings due to operational errors as the cause.
Phishing simulations & training
In this Series
- Okta support system breach and Google Ads fake KeePass campaign
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
