Each week Zacco tracks the latest cyber security threats, current industry news or trends and insights into the latest protection best practice. The Cyber Security Digest is a weekly compilation of the most significant developments within both cybersecurity and digital protection space, with links to further information on how it might affect you, your company or your clients.
Essential reading for cyber security professionals, as well as the general public, to keep you informed of current events and emerging threats.
Experts warn of an Office 365phishing campaign targeting small scale business in the U.S and Australia. A compromised website is used as a proxy chain. The phishing email sends fake notifications for voice messages and Zoom invitations to trick victims into clicking a link which leads the victim to the phishing page to steal login credentials
“Pumpedkids” a threat actor leaked a list of exploits which could be used to steal VPN credentials from almost 50000 Fortnight devises.
This malware spreads through discord attachments and discord webhooks. This malware steals web browser tokens, Discord webhook tokens, web browser passwords, and system information.
The threat actors tricked the employees of GoDaddy into transferring the ownership and control over targeted domains. This campaign was targeted towards the cryptocurrency trading platform liquid.com.
The flaw was discovered by Natalie Silvanovich of Google’s Project Zero bug-hunting team. The vulnerability could allow hackers to send a specially crafted message known as Sdpupdates which connects to the callees website before being answered.
Ransomware gangs are using hacked Facebook accounts to post adds of the stolen data which pressurise the victims into paying the ransom.
Microsoft patch Tuesday for November has issued patches for 112 newly discovered vulnerabilities. out of the 112 vilnerabilities17 are rated as critical, 93 as important and 2 as low severity.
Vertafore an insurance software firm fell victim to a data breach which exposed 27.7 million personal details and licences records. The breach occurred because three files where stored on an unprotected third party server which was accessed by unauthorised individuals.
A report from a security researcher found several security flaws in the world’s 3rd largest android Tv manufacturer TLC. The researchers did a remote desktop session and ran a trivial Nmap which showed numerous open ports.
SpiderSilk a Dubai based cybersecurity firm has identified the exposed database. This happened due to some configuration error has exposed sensitive data including passwords and private message contents.
Cyble reported that India’s largest grocery e-commerce site has become a victim to a cyber-attack. They have identified 15gb worth of file which has around 20 million customer records is being sold for $40000 on the dark web.
Cisco Talos researchers have identified that an APT group named as DoNot is exploiting googles firebase cloud messaging to spread Firestarter android malware and bypass detection.
Security researchers at WMC global have identified a new creative way of phishing where attackers invert the image used as background for landing pages to avoid getting detected by security solutions as malicious.
Gunnebo a Swedish based Physical security company which provides its service for more than 25 countries. Was under a cyber-attack on the march and they disclosed the breach after 5 months and they claimed that the quick action prevents ransomware from spreading to other computers. But this week a journalist report that the hackers have posted at least 38,000 sensitive documents including schematics of client bank vaults and surveillance systems on a public server.
The Wisconsin Republic Party has reported that they have fallen victim for a sophisticated phishing attack. The threat actors have stolen funds which were meant for the re-election of President Trump.
The researchers have found 21 apps which contain malicious adware which is hidden by design. These apps have anti-Uninstall and evasion functions.
