Take a look at this week’s cyber weekly digest to discover the biggest cyber security news from this week. Find out about a WhatsApp phishing campaign spoofing voice messages and the takedown of the largest dark web marketplace. Keep reading to stay up to date on the latest cyber security stories.
UK retail chain, The Works announced this week that it was forced to shut down several stores due to till issues caused by a cyber security incident that involved unauthorised access to its computer systems. The Works have not released many details on the incident but it appears to have interrupted replenishment deliveries, extended online order fulfilment times, and compromised the safety of payments. The Works has since switched to new third-party credit and debit card payment processors to address the issue with payment security.
Researchers have discovered that threats actors are spoofing voice message notifications from WhatsApp in a malicious phishing campaign that uses a legitimate domain to spread an info-stealing malware. The attackers are targeting Office 365 and Google Workspace accounts using emails sent from domain associated with the “Center for Road Safety”. So far the attackers have reached 27,660 mailboxes with the campaign, which spoofs WhatsApp by informing victims they have a “new private voicemail” from the chat app.
Germany's Federal Criminal Police Office announced on Tuesday that it had shutdown Hydra, the world's largest illegal dark web marketplace that has cumulatively facilitated over $5 billion in Bitcoin transactions to date. As part of the shutdown they have also seized Bitcoins which amount to €23 million. The agency attributed the shutdown of Hydra to an extensive investigation operation conducted by its Central Office for Combating Cybercrime in partnership with US law enforcement authorities that it said had been underway since August 2021.
Cash App is notifying 8.2 million current and former US customers of a data breach after a former employee accessed their account information. The breach occurred on December 10th, 2021, after a former employee downloaded internal Cash App reports while no longer employed at the company. The reports included Cash App customers' full names and brokerage account numbers associated with investment activity on Cash App.
This week researchers discovered a server-side request forgery (SSRF) flaw in an API of a large financial technology platform that potentially could have compromised millions of bank customers. The vulnerability is in an API in a web page that supports the organisation’s platform fund transfer functionality, which allows clients to transfer money from their accounts on its platform into their bank accounts. If the flaw had been exploited, attackers could have performed various activities by gaining administrative access to the banking system using the platform.