SAN MATEO, CA, January 15, 2024 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
Cybersecurity giant Mandiant sees X account hacked to peddle malware scam
Cybersecurity firm Mandiant suffered an embarrassing event when scammers took over its X account in an effort to push crypto-stealing malware to its 123,500 followers. After taking back control of its account, the firm stated, “There are no indications of malicious activity beyond the impacted X account, which is back under our control.” Placing part of the blame on the social network’s shifting policies, Mandiant went on to say that “due to some team transitions and a change in X’s 2FA policy, we were not adequately protected.” The hackers responsible are said to be associated with CLINKSINK, a drainer-as-a-service group that uses phishing tactics and impersonation to part victims from their crypto. Read more.
Exploitable WordPress plugin puts 150K websites at risk of takeover
Wordfence security researchers have reported two vulnerabilities within the POST SMTP Mailer WordPress plugin that may have dire consequences for users. The plugin is used across 300,000 websites, and successfully exploiting it could allow threat actors to reset a site’s API key and access sensitive data and password reset emails to gain administrative privileges. The flaw impacts POST SMPT up to version 2.8.7 and has been fixed with a January 1st update issued by the publisher. However, around 150,000 websites are still running a vulnerable version of the plugin, leaving many users at risk. Read more.
Fraudulent 401K statements are being used to steal credentials
The fake end-of-year 401K statements are being sent to unsuspecting victims to steal corporate login credentials, according to email security company Cofense. The messages purport to come from a company’s HR department and indicate that a contribution adjustment or plan update has occurred. The emails often include a QR code that sends users to a bogus landing page that asks them to log in to view their documentation. Other end-of-year scams targeting workers include surveys, salary communications, bonus adjustments, and performance reports. Read more.
The financial cost of a cyberattack doubled in 2023
The costs associated with dealing with a cyberattack doubled in 2023, increasing from the previous year’s $0.66 million to $1.41 million, according to new research from Dell. More than half of the global respondents to Dell’s research report that network breaches resulted from someone clicking a malicious link in a spam or phishing email, hacked personal devices, or stolen credentials. The company’s survey also noted that 74% of respondents believe that simply paying off ransomware attackers will result in a system recovery. Only 28% of ransomware insurance policyholders received a full reimbursement after an attack. Read more.
US Securities and Exchange Commission X account hacked to announce fake news regarding Bitcoin
The X account associated with the US Securities and Exchange Commission (SEC) issued a post announcing the approval of Bitcoin ETFs on security exchanges. The announcement was fake and followed the agency’s X account being hacked. The SEC did not describe how its account had been compromised but reported that the “unauthorized tweet regarding bitcoin ETFs was not made by the SEC or its staff.” The hack of the agency’s account is the latest in a long streak of verified X accounts being compromised by threat actors to peddle fake cryptocurrency sites designed to infect victims with wallet drainers and malware. Read more.
Less than 4% of US states are prepared for election hacking
Research by Arctic Wolf indicates that less than 4% of US states are prepared to identify and recover from cyberattacks targeting elections. According to the company’s surveys, “14.3% of states were ‘not at all prepared’ to deal with such incidents, with 42.9% only ‘somewhat prepared’ ahead of the 2024 US election cycle.” Arctic Wolf researchers also found that “16.1% of cities were not prepared at all, and 41.1% only somewhat prepared for election-based cyber-threats.” With cyber threats mounting and distrust in the US electoral system inflamed by partisan division, the 2024 elections may become increasingly chaotic. Read more.
CISA adds six new security flaws to its KEV catalog
CISA has added six security flaws to its Known Exploited Vulnerabilities catalog. CVE-2023-27524 is a “high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.” CVE-2023-38203 and CVE-2023-29300 are Adobe ColdFusion Deserialization of Untrusted Data Vulnerabilities. CVE-2023-41990 is an Apple Multiple Products Code Execution Vulnerability. CVE-2016-20017 is a D-Link DSL-2750B Devices Command Injection Vulnerability. Lastly, CVE-2023-23752 is a Joomla! Improper Access Control Vulnerability. CISA has not provided specific details but reports that all of these flaws have been observed being exploited in the wild. Read more.
Ransomware attackers resort to swatting in medical institution extortion attempts
Proving once more that there are no lows to which ransomware attackers won’t stoop, hackers are now “swatting” patients associated with targeted medical institutions to pressure them to pay up. Swatting is when an individual is falsely reported to the police for making bomb threats or otherwise posing extreme danger. This results in the authorities appearing at the person’s home heavily armed and prepared to encounter a violent situation. The criminals behind a recent attack on Fred Hutchinson Cancer Center used swatting threats against patients after stealing the hospital’s data, hoping that harming the center’s most vulnerable people would ensure that their demands are met. Read more.
YouTube videos promoting cracked software lead to Lumma Stealer
Victims are being tricked into downloading Lumma Stealer by threat actors using YouTube videos that purport to link to cracked versions of popular software. “These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly,” according to Fortinet FortiGuard Labs researcher Cara Lin. Links in the video descriptions send victims to bogus installers hosted on MediaFire that, when unpacked, present the user with “a Windows shortcut (LNK) masquerading as a setup file that downloads a .NET loader from a GitHub repository, which, in turn, loads the stealer payload, but not before performing a series of anti-virtual machine and anti-debugging checks.” Read more.
US infrastructure targeted by AsyncRAT malware for 11 months
AsyncRAT, an open-source RAT for Windows, has been found to have been zeroing in on US infrastructure via phishing emails sent to “carefully selected targets” for the past 11 months. According to AT&T’s Alien Labs researchers, those in the crosshairs were chosen to “broaden the campaign’s impact. Some of the identified targets manage key infrastructure in the U.S.” The emails carry a malicious GIF attachment that “leads to an SVG file that downloads an obfuscated JavaScript and PowerShell scripts.” AsyncRAT uses an anti-sandboxing system and a domain generation algorithm (DGA) to avoid detection. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles brought to you by NetworkTigers
