CYBERSECURITY NEWS V. March — MacStealer, Skylink CZ attack, AT&T leak, Twitter code leak

hexway hive& apiary cybersecurity news pentest

Latitude Financial announced the cyberattack on March 16th. According to a comment the company made at the time, the theft affected 300,000 of the company's customers.

Later it became known that the situation is much worse than originally thought: according to the calculations of the lender, a total of about 14 million customer records were stolen. The stolen data includes 7.9 million Australian and New Zealand driver's license numbers. 6.1 million stolen records contained names, addresses, phone numbers, and dates of birth since 2005, and 53,000 records were passport numbers.

Earlier, in January, one of AT&T's third-party suppliers suffered a cyberattack that affected the data of 9 million AT&T customers. Clients' personal information was exposed, but financial data, social security numbers, and other sensitive information remained intact. According to AT&T, its own systems were not affected by the cyberattack. This is one of the isolated cases in many years when the data of the telecommunications operator's customers were disclosed.

Previously, the other company that was hit in 2021 was T-Mobile, which lost 37 million customers' data in a cyberattack.

On March 21, Skylink CZ posted a message on its Facebook page stating that the system, including the web and the client area, is suffering from a hacker attack. However, the next day, when the Skylink CZ site was still down, Skylink SK, its Slovak site, was supposed to be up and running. On Friday, March 24, the Skylink CZ website was still down.

The company published the following message: “On Tuesday, March 21, 2023, from 7 a.m., our systems faced a massive attack by a Russian hacking group. Using a DDoS attack, hackers shut down most of Skylink's satellite and internet television web services. Customers were thus denied access to websites, customer systems, and applications. The attack did not affect the television broadcast."

Some parts of Twitter's source code were recently leaked online via GitHub. They were reportedly removed shortly after the social media platform filed a DMCA request. According to Github, the leaked information contained “proprietary source code for Twitter’s platform and internal tools.”There is speculation that the source code may have been available for several months before being removed. The account that posted the code was referred to as "FreeSpeechEnthusiast" and contained a reference to Twitter CEO Elon Musk. During the investigation, Twitter requested the names and IP addresses of everyone who uploaded the code.

On March 14, Microsoft released a patch for CVE-2023-23397, a Windows Microsoft Outlook client vulnerability. The vulnerability could be exploited when sending a custom email that fires automatically when it is processed by the Outlook client. In this case, no interaction directly with the user is required. The exploitation of this vulnerability could leak the Net-NTLMv2 hashes of the attacked user. With this, you can then relay attack other systems that support NTLMv2.

Mac malware called MacStealer, a cryptocurrency wallet and information thief, has been disguised as a plagiarized version of a legitimate "play to earn" (P2E) gaming app. The software was detected by Trend Micro as TrojanSpy.MacOS.CpypwdStealer.A and the company posted a warning message to users to avoid the threat. Trend Micro published an article detailing the malware and its distribution methods on its website.

Thank you for reading our digest! If you're looking for modern security solutions, go check out Hexway Hive & Apiary Red & Blue Team workspaces.