TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
Hackers exploit household TP-Link routers to attack European entities, 18-year-old gets charged with hacking thousands of DraftKings betting accounts and the MalasLocker ransomware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Chinese hackers exploit TP-Link routers to attack EU foreign affairs entities
CheckPoint Research recently uncovered a disturbing cyberattack involving TP-Link routers. The attack, attributed to the Chinese state-sponsored APT group "Camaro Dragon," utilized a malicious firmware implant called "Horse Shell." This implant granted the attackers complete control over the compromised devices and facilitated undetected access to targeted European foreign affairs entities. While the exact method of deploying the firmware remains unclear, the incident underscores the need for more robust protection measures.
2. Federal officials charge an 18-year-old for hacking 60,000 DraftKings accounts
Federal officials have charged an 18-year-old Wisconsin resident, Joseph Garrison, for hacking 60,000 user accounts on sports betting site DraftKings. Garrison employed a credential stuffing attack using stolen usernames and passwords from previous data breaches. He then sold access to compromised accounts, resulting in a theft of approximately $600,000. Garrison was traced through his IP address, and evidence was found on his devices. If convicted, he could face significant prison time for charges including computer intrusions and wire fraud.
3. Open source mail client Zimbra becomes a victim of MalasLocker ransomware
A new ransomware operation called MalasLocker has been targeting Zimbra servers, encrypting emails and files. Interestingly, instead of demanding a ransom payment, the ransomware actors request a donation to a charity of the victim's choice. The encryption method used is Age, which is uncommon among ransomware operations and does not target Windows systems. The operation has already affected multiple companies and victims and shows no signs of slowing down. Although the ransom notes provide contact details, there is no mention of a data leak site.
4. Threat actors exploit Azure Serial Console for stealthy access to VMs
A new cybergang known as 'UNC3944' has been targeting Microsoft Azure admin accounts via phishing and SIM swapping tactics. Their primary objective is to steal data from organizations utilizing Azure. To achieve this, they exploit the Azure Serial Console and Azure Extensions, employing these tools for surveillance and persistence. Once they gain administrative access to virtual machines, they execute commands and utilize commercially available remote administrator tools discreetly. UNC3944's proficiency in Azure, combined with their adept social engineering skills in performing SIM swapping intensify the risks for Azure users.
5. CISA warns of critical Samsung vulnerability used to bypass ASLR
CISA has issued a warning about a security flaw affecting Samsung devices, enabling attackers to bypass Android ASLR protection. The vulnerability (CVE-2023-21492) affects Samsung mobile devices running Android 13, 12 and 11, allowing local attackers with high privileges to bypass ASLR and exploit memory-management issues. Samsung has released security updates to address the issue. Additionally, U.S. federal agencies have been ordered to patch their Samsung Android devices by June 9, as these vulnerabilities are frequently targeted by cyber actors. Private companies have also been urged to prioritize addressing such vulnerabilities.
Phishing simulations & training
In this Series
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
