U.S. federal agency hack and the return of FakeCalls Android malware
Cybercriminals use an old software bug to hack a U.S. federal agency, FakeCalls Android malware returns with new capabilities and Samsung Exynos chipset flaws. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Hackers exploit a four-year-old vulnerability to breach a U.S. federal agency
The CISA, FBI, and MS-ISAC released a joint alert on Wednesday informing that nation state-backed hackers managed to hack a U.S. federal agency via a four-year-old bug exploit. The vulnerability in the agency's UI tool for web servers Telerik allowed malicious actors to successfully deploy remote code, exposing access to the agency's internal network. CISA did not identify the agency in question, but warned that the vulnerability is one of the most frequently exploited in 2020 and 2021.
2. FakeCalls Android malware returns targeting banks in South Korea
Check Point Research (CPR) has uncovered a new version of the vishing malware tool "FakeCalls” targeting banking users in South Korea. The malware lures victims into confirming their credit card numbers by impersonating one of the 20 leading institutions in the region. Researchers found over 2,500 samples of the malware that use several unique evasion techniques not previously seen in the wild. CPR also warned that the techniques used by FakeCalls could be used in other applications targeting markets worldwide, urging people to be wary of unusual delays or pauses in phone calls.
3. Google detects 18 critical security flaws in Samsung Exynos chipsets
Google's Project Zero team found 18 zero-day vulnerabilities in Samsung's Exynos chips for mobiles, wearables and vehicles, including four "serious" ones. Attackers could remotely execute code without user interaction and detection, using just a victim's phone number. The other 14 vulnerabilities can only be exploited with local access or by a malicious mobile network operator. Samsung has provided patches to other vendors, but not to all affected users. Users can disable Wi-Fi calling and Voice-over-LTE to thwart baseband RCE attempts. Users are urged to update devices as soon as possible.
4. YoroTrooper targeting government and energy firms in Europe and CIS
Cisco has identified a new threat actor, YoroTrooper, targeting government and energy organizations in the European and CIS regions for espionage and data theft. The group has been active since June 2022 and is believed to consist of Russian-speaking individuals. YoroTrooper uses malicious and typosquatted domains to trick victims with phishing emails that carry a shortcut file triggering the infection and a decoy PDF document. Its threat portfolio includes in-house and commodity malware families, such as LodaRAT and AveMaria/Warzone RAT.
5. Cybercriminals exploit Adobe Acrobat Sign to distribute info-stealing malware
Cybercriminals are exploiting Adobe Acrobat Sign, an online document signing service, to distribute Redline information stealer malware. Threat actors register with the free-to-try service and send malicious emails to target email addresses containing a link to a document hosted on Adobe's servers. The documents contain a link to a website that asks visitors to solve a CAPTCHA before downloading a ZIP archive containing the Redline malware. Avast researchers warn about the effectiveness of the method in bypassing security layers. Highly targeted attacks employing this method have also been spotted, including one targeting a popular YouTube channel.
Phishing simulations & training
In this Series
- U.S. federal agency hack and the return of FakeCalls Android malware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
