In this week’s Cyber Weekly Digest find out about the latest Lapsus$ target and a new threat group that claims to have breached Coca-Cola. Keep reading to stay up to date on the biggest cyber security stories from the week.
T-Mobile confirmed that the extortion group Lapsus$ gained access to their system “several weeks ago”. T-mobile confirmed the breach after a journalist accessed the internal chats from the private Telegram channel of the core Lapsus$ gang members. The private chats revealed that the Lapsus$ hacking group got hold of the T-Mobile VPN credentials giving them access to the company’s internal tools such as Atlas, an internal T-Mobile tool for managing customer accounts. T-Mobile added that it has mitigated the breach by terminating the threat group’s access to its network and disabled the stolen credentials that were used in the breach.
Coca-Cola has confirmed that they are aware of the reports about a cyber attack on its network and is currently investigating the claims. This week the Stormous gang said that it successfully breached some of the company's servers and stole 161GB of data. The threat actors listed a cache of the data for sale on their leak site, asking for 1.65 Bitcoin. Stormous is a relatively new threat group, that claims to be a ransomware group. This is the first time Stormous has posted a stolen dataset. Last week Stormous posted a poll asking who their next victim should be, and Coca-Cola had the highest number of votes. Coca-Cola has not yet confirmed if any data was actually stolen.
Emotet malware attacks are back following a 10-month break. The botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default. The new campaigns use compromised email accounts to send out spam-phishing emails with a one-word headline, such as “salary”. The message body contains a OneDrive URL. This URL hosts Zip files containing Microsoft Excel Add-in (XLL) files with a similar name to the email subject line, if opened or executed Emotet will infect the machine with malware.
Microsoft on Thursday disclosed that it has addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. Successful exploitation of the critical flaws could have enabled an adversary to gain unauthorized read access to other customers' PostgreSQL databases, effectively circumventing tenant isolation. Microsoft said it mitigated the bug within 48 hours of disclosure in January.
Researchers have discovered that millions of Java applications still remain vulnerable, four months after the discovery of the zero-day Log4Shell critical flaw. Researchers searched on the Shodan search engine to see how many apps vulnerable to Log4Shell are exposed to the internet. They identified 90,000 potential vulnerable internet-facing applications, which they believe “is just the tip of the iceberg”. Currently, there are still dozens of recorded daily exploitation attempts of Log4Shell.