Month: June 2023

Oil and Gas giant Shell has confirmed that it is one of the victims of a recent large scale ransomware campaign conducted by the Clop gang exploiting a MOVEit zero-day vulnerability. Shell’s data has since been published on the darknet.

Cyber criminals are actively exploiting the zero-day vulnerability, tracked as CVE-2023-34362, to steal data from organizations worldwide.

“We are aware of a cyber security incident that has impacted a third-party tool from Progress called MOVEit Transfer, which is used by a small number of Shell employees and customers,” said Shell US spokesperson Anna Arata in a statement.

Read more about it here.

A database containing the personal information of more than 8.8 million Zacks Investment Research users has emerged on a hacking forum.

Founded in 1978, Zacks is one of the leading quantitative investment research firms. The company’s initial data breach notification stated that “sensitive” information for about 820,000 customers had been accessed during the breach window, but that it was limited to those that had subscribed to the company’s “Zacks Elite” product between November 1999 and February 2005.

However, in June 2023, a corpus of data with almost 9M Zacks customers appeared before being broadly circulated on a popular hacking forum. The most recent data was dated May 2020 and included names, usernames, email and physical addresses, phone numbers and passwords stored as unsalted SHA-256 hashes”, reported Have I Been Pwned. “On disclosure of the larger breach, Zacks advised that in addition to their original report “the unauthorized third parties also gained access to encrypted [sic] passwords of zacks.com customers, but only in the encrypted [sic] format”.

Read more about it here.

A new phishing technique, called “File Archiver In The Browser”, can be leveraged to to “emulate” a file archiver software in a web browser, when the victim visits a .zip domain. Security researcher mr.d0x detailed the new attack technique in a recent post.

In mid May 2023, Google released several new top-level domains (TLDs) including .zip and .mov. Many cybersecurity researchers expressed concerns that these TLDs can be mistaken for file extensions. The researcher showcased how these TLD’s can be used to deliver malicious content.

To carry out an attack using this technique, the attacker needs to “emulate” a file archive software through HTML/CSS. The researchers shared two samples: The first one emulates the WinRAR file archive utility. To prevent suspicion, when user clicks on the “Scan” icon, a message box reassuring them that the files are secure is displayed.

The second one emulates the Windows 11 File Explorer window

“It’s highly recommended for organizations to block .zip and .mov domains as they are already being used for phishing and will likely only continue to be increasingly used” recommended the expert.

Read more about it here.