Staples cyberattack, Agent Racoon backdoor and other news
Staples confirms cyberattack behind online order disruption, hacker uses new Agent Racoon malware to backdoor U.S. and other entities, and the BLUFFS Bluetooth attack. Catch all and more in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Staple discloses cyberattack caused system outages and order disruptions
American retailer Staples recently encountered a cyberattack that caused it to shut down key systems in order to protect customer data. Reports on Reddit surfaced about internal operation issues affecting email access, VPNs, phone lines and more. In response, the company acknowledged a cybersecurity risk that disrupted business functions and online orders. This latest security incident follows a 2020 data breach and a major outage at Staples-owned Essendant earlier this year.
2. Threat actor uses new Agent Racoon backdoor to infiltrate U.S. and African entities
An unknown threat actor is targeting organizations across the U.S., Africa and Middle East with a new backdoor malware named Agent Racoon. Palo Alto Networks' Chema Garcia reports that this malware leverages the .NET framework and DNS protocol to sneak in and provide backdoor access. The victims range from education to nonprofit to government sectors and more. While the cybersecurity firm hasn’t profiled the attacker, it thinks a nation-state might be behind this infiltration due to the attack patterns and sophisticated evasion techniques.
3. New BLUFFS attack enables cybercriminals to hijack Bluetooth sessions
Eurecom researchers have discovered a series of attacks that enable hackers to compromise Bluetooth security. Dubbed BLUFFS, these attacks affect Bluetooth versions 4.2 to 5.4 and can lead to device impersonation and man-in-the-middle attacks. The firm suggests users reject connections with weak security and use ‘Security Mode 4 Level 4' to ensure better encryption.
4. New FjordPhantom Android malware uses virtualization to remain undetected
Security experts have found a new Android malware called FjordPhantom that uses virtualization to evade detection. FjordPhantom is designed to run apps in virtual containers, which enables it to access files and other memory across different apps without the usual need for root access. Hackers are spreading it via fake apps and social engineering, with one infiltration in Thailand resulting in a loss of about $280,000. To avoid this threat, researchers advise users to be careful about downloading apps from non-official sources.
5. Cactus ransomware targets Qlik Sense vulnerabilities to exploit networks
Arctic Wolf Labs reports that hackers recently hit large organizations with Cactus ransomware by exploiting Qlik Sense vulnerabilities. They gained system control using PowerShell and BITS, downloading tools like AnyDesk and a modified Plink binary. The attackers also removed Sophos' security, changed passwords and set up RDP tunnels for data theft and disk space analysis. Eventually, they deployed Cactus ransomware. Arctic Wolf Labs links these attacks to a single group, while security expert Kevin Beaumont urges prompt patching due to the rising threat.
See Infosec IQ in action
In this Series
- Staples cyberattack, Agent Racoon backdoor and other news
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
