In this week’s Cyber Weekly Digest we dive into the biggest cyber security news including an airline that was hit by a ransomware attack, causing large flight delays, and why the largest English-speaking darknet market shut down. Keep reading to stay up to date on the latest cyber security news.
Indian airline SpiceJet has informed its customers of an attempted ransomware attack this week, that has impacted some of its systems and caused delays on flight departures. According to SpiceJet, their IT team was able to contain the attack quickly. However, customers reported that they were still unable to access some services including customer support. Customers were only able to access the company’s homepage and flight timetable status, in which most flights had large delays between two and five hours.
This week, Zoom patched a medium-severity flaw, advising Windows, macOS, iOS and Android users to update their client software to version 5.10.0. Researchers discovered that the vulnerability abuses the parsing inconsistencies between XML parser in Zoom client and server software to “smuggle” arbitrary XMPP stanzas to the victim machine. An attacker sending a specially crafted control stanza can force the victim client to connect with a malicious server.
The Versus Market, one of the most popular English-speaking criminal darknet markets, is shutting down after discovering a severe exploit that could have allowed access to its database and exposed the IP address of its servers. A hacker exposed the marketplace's vulnerability by leaking a PoC on how to access the file system of the site's server on Dread, a darknet social media space. After discovering the vulnerabilities the operators of Versus have decided to shut down the market themselves, finding it too risky to continue.
The notorious ransomware gang took down its attack infrastructure this week and broke down into smaller operations, including Karakurt and BlackByte. The Conti team is believed to have been actively creating subdivisions over the course of the last two months. According to researchers, Conti had been under pressure by Russian law enforcement agencies to halt its activity. Conti’s affiliation with Russia has also meant they have been unable to extract ransom payments from victims in light of the economic sanctions imposed on Russia.
US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers' information and allowed threat actors to redeem customer rewards points for gift cards. When the threat actors successfully breached a GM account, they could access certain information stored on the site, so GM requires affected users to reset their passwords and GM is also restoring all reward points for affected customers.