Cyber Weekly Digest - Week #36

Updated: 7 days ago



This week’s digest dives into the latest LockBit ransomware victim, Bangkok Airways, as well as a newly discovered set of Bluetooth vulnerabilities affecting around 1,400 commercial products. Keep reading to stay up to date on all the latest cyber security stories from around the world.


1. LockBit ransomware leaked 200GB of data belonging to Bangkok Airways.

Bangkok Airways confirmed it was the victim of a cyberattack in August that compromised passengers’ personal data; since then, the LockBit ransomware gang has claimed to be responsible. The LockBit ransomware leaked more than 200GB of data belonging to the Thai company, suggesting that the security of its system was not as secure as the airline claimed. The information stolen during the attack included full names, nationality, gender, phone numbers, email and physical addresses, passport info, historical travel data and partial credit card info.

2. New BrakTooth vulnerabilities leave millions of Bluetooth-enabled devices at risk.

A set of new security vulnerabilities, named BrakTooth, has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and could crash the devices via denial-of-service attacks. The 16 security weaknesses span across 13 Bluetooth chipsets from 11 vendors such as Intel, Qualcomm, Zhuhai Jieli Technology, and Texas Instruments. It is estimated that 1,400 or more commercial products are affected, including laptops, smartphones, programmable logic controllers, and IoT devices. The most severe of the 16 bugs is CVE-2021-28139, which affects the ESP32 SoC used in many Bluetooth-based appliances ranging from consumer electronics to industrial equipment.


3. Autodesk reveals it was targeted by Russian SolarWinds hackers.

Autodesk is a US software and services company that provides millions of customers from the design, engineering, and construction sectors with CAD, drafting, and 3D modelling tools. Autodesk confirmed they had identified a compromised SolarWinds server and took the necessary steps to remediate the incident. The attackers did not deploy any other malware besides the Sunburst backdoor, likely because it was not selected for second stage exploitation, or the attackers did not act quickly enough before they were detected.

4. The Federal Trade Commission has banned stalkerware maker Spyfone from surveillance business.

This week, the Federal Trade Commission (FTC) has banned spyware maker SpyFone out of the surveillance business along with the CEO Scott Zuckerman. On Wednesday, the FTC called Spyfone a stalkerware app that sold real-time access to “stalkers and domestic abusers to stealthily track the potential targets of their violence.” It added that SpyFone also failed to provide even basic security, exposing device owners “to hackers, identity thieves, and other cyber threats.” The FTC also ordered SpyFone to delete its illegally harvested information and notify owners that somebody had secretly slipped the app onto their devices.


5. Stolen Fujistu customer data is being sold on the dark web.

Data from Japanese tech giant Fujitsu is being sold on the dark web by a group called Marketo. Marketo claimed that it has 4GB of stolen data being sold on its leak site and provided samples suggesting they had confidential customer information, company data, budget data and reports. The data has had at least 70 bids since being posted. Although the legitimacy of the stolen information cannot be confirmed, a cyber threat intelligence analyst noted that previous data leaks from Marketo have been genuine and is known to be a reputable source.



4 views