Cyber Weekly Digest - Week #48


Read this week's Cyber Weekly Digest to learn about the latest GoDaddy data breach affecting 1.2 million customers and thousands of UK online websites affected by magecart attacks. Keep reading to stay up to date on the biggest cyber security stories from across the globe.


1. Apple sues spyware-maker NSO Group for targeting and spying on Apple users.

Apple has filed a lawsuit against Pegasus spyware-maker NSO Group and its parent company for the targeting and spying of Apple users with surveillance tech. The exploits used to deploy NSO Group's Pegasus spyware were used to compromise the devices of high-profile targets across the world. In August, NSO's FORCEDENTRY exploit was used by state-backed attackers to compromise Apple devices and install the latest version of Pegasus spyware. Apple said it's notifying all the users it discovered to have been targeted by attackers using the FORCEDENTRY exploit to prevent further abuse and harm to its users. Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.

2. GoDaddy suffers a data breach affecting over 1.2 million customers.

Web-hosting giant GoDaddy has confirmed another data breach affecting at least 1.2 million of its customers. This marks GoDaddy's 5th cyber incident since 2018. On Monday, GoDaddy confirmed that an unauthorised person had managed to infiltrate their WordPress systems using stolen credentials on September 6th and had continued access for almost two and a half months before GoDaddy noticed the breach. Later in the week, it was revealed that the data breach was wider than initially stated, as various subsidiaries that resell GoDaddy Managed WordPress were also affected.

3. One of Iran's largest privately-owned airlines suffers a cyber security incident.

Mahan Air, one of Iran's largest privately-owned airlines, has been hit by a cyberattack in which attackers are claiming to have stolen data. The threat actors claim to have stolen confidential documents exposing how Mahair Air has worked with Iran's Islamic Revolutionary Guard Corps (IRGC) and threatened to publish names, numbers, and proof of Mahan's activities. Mahan Air stated that the attack had been dealt with successfully and in a short time, downplaying its significance and disregarding any real impact.

4. UK NCSC warns thousands of SMBs their online stores were impacted by magecart attacks.

The UK National Cyber Security Centre (NCSC) informed 4151 compromised online websites that their sites had been infected with digital skimming code. Most of these were exploited via a known bug in the popular Magento e-commerce software. The compromised sites were found by the NCSC's Active Cyber Defence program, which proactively looks to remove malicious sites and tackle scams. Impacted retailers were urged to keep their software updated to block attackers' attempts to breach their servers and compromise their online shops and customers' information during Black Friday and Cyber Monday.

5. Attackers are hijacking email threads to evade detection.

Researchers have found attackers are using the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains by malspamming replies to ongoing email threads. Researchers noted that hijacking email replies for malspam is a way of avoiding getting flagged or quarantined by email gateways. The attacker also didn't drop or use tools for lateral movement after gaining access to the vulnerable Exchange servers, and no malware was executed on the Exchange servers that will trigger any alerts. These latest attacks are believed to be delivering SquirrelWaffle, a new email loader first found in September.