Go to listing page

Daily Cybersecurity Roundup, February 23, 2021

When an enterprise software gets breached, it opens the door for a number of unwanted threats as shown by the recent Accellion-linked breaches. Now, researchers have established links between a cybercrime group and the data theft and extortion incidents affecting customers of Accellion. Meanwhile, scammers in Texas tried to cash in over the fear of excess overdue bills. On the other side of the globe, the Ukrainian government and defense sites were hit by attacks from Russian cyber actors. Let’s continue reading for top cybersecurity news for the day.

01

Transport for NSW was added to the list of victims affected by the recent Accellion breach. FireEye researchers revealed that the hacker group UNC2546 was behind the related data theft and extortion attacks.

02

Austin Energy, an electric utility in the US state of Texas, alerted its customers against scammers impersonating the company and threatening customers to make immediate payments for fake overdue bills.

03

Unspecified Russian internet networks targeted Ukrainian security and defense websites. The massive attacks allegedly began on February 18.

04

Fintech platform Cashalo revealed a breach due to unauthorized access to its database archive containing personal data of users, including device IDs and encrypted passwords.

05

A researcher discovered a DDoS attack vector that poses risks to about 1,500 exposed Powerhouse VPN servers. The attack vector has previously been used in real-world attacks by botnet operators.

06

A group of cybercriminals were spotted exploiting Google Alerts to promote a fraudulent Flash Player updater that installs other undesired programs on user systems.

07

Two phishing scams targeted more than 10,000 Microsoft users by counterfeiting mail couriers from FedEx and DHL Express. The phishing pages were reportedly hosted on legitimate domains such as Quip and Google Firebase.

08

Hackers are reportedly abusing the Telegram API to create malicious domains to steal victims’ credentials via phishing campaigns. The campaign is most active against the financial services sector.

09

Ten organizations, including the Scottish Government, Police Scotland, and others, have joined hands to collaborate and enhance cyber-resilience while educating organizations and individuals on cybersecurity.

10

Kaseya acquired cybersecurity firm RocketCyber to deliver managed SOC, automated internal threat detection, credential monitoring, anti-phishing, and more.

Get the Daily Cybersecurity Roundup delivered to your email!