Worried about keeping your data safe? We’re here with the latest in cybersecurity news covering FTC’s latest notice, the vulnerability that has affected 6700 WordPress websites, the outage of T-Mobile, and the latest SnappyTCP attacks by Sea Turtle that will help you keep safe from the latest cyber threats. Let’s get into it!
6,700 WordPress Sites Affected by Latest Balada Injector Campaign
Over 6700 WordPress websites that were using a vulnerable version of the Popup builder plugin were infected with Balada Injector.
The Balada Injector is a malware campaign that has been going on since the middle of December 2023. It was launched two days after the CVE-2023-6000 was reported. It was a flaw in the Popup Builder versions 4.2.3 and older – used in 200,000 websites for marketing and informational pop-ups. Researchers from Sucuri reported that threat actors behind the Balada Injector added an exploit for this flaw which allows them to execute malicious JavaScript code in the site’s database.
The threat actors use a secondary infection method for adding a backdoor and also check for admin-related cookies to load multiple script sets. They also summarized that the malware does not stop at the first step and also carries out an initial breach.
If you want to defend against the Balada Injection, you should update your WordPress site themes and plugins to the latest versions. Additionally, strengthening your malware protection measures is essential. Also, uninstalling products that are no longer supported or needed will help.
Major T-Mobile Service Hack Disrupts Account Access and Mobile App
T-Mobile is suffering a major outage which has prevented customers from logging into their accounts.
If you try to log into your account, you’ll see a warning that says that the mobile carrier’s website has been “unplugged.” As per an internal system issue alert, T-Mobile’s frontline teams are also getting similar messages and errors in various applications. Customer care has been advised to tell the customers that the issue is due to system challenges in processing the transactions.
This is another major outage following the one T-Mobile faced in June 2020, where a leased fiber circuit failure left T-Mobile users without Internet connections and blocked them from receiving or making any calls.
No details have been released as of yet but T-Mobile said that this is not a cyberattack and an internal technical issue even when the error message reads, “Oops, somebody unplugged the site. The site is currently unavailable. We’re working on it, but in the meantime please give us a call for anything you need.”
FTC Prohibits Data Brokers from Selling Location Data of Americans
FTC (Federal Trade Commission) banned Outlogic (X-Mode Social) from selling the location data of American citizens for tracking.
With the release of the order, Outlogic will now have to delete all unlawfully collected data along with the algorithms and models they derived from it. The data brokers often exposed location data and revealed sensitive information such as residential addresses, religious beliefs, and hospital visits.
The FTC highlighted Outlogic’s history of selling location data of its consumers across multiple industries. Even when individuals opted out of using their location data for marketing, Outlogic failed to respect their wishes and still shared such data. But that’s not all, the data brokers also failed to disclose information regarding the organizations or individuals who were able to buy said location data.
The FTC announcement comes as a relief to Americans as their location data will no longer be shared without their consent.
Sea Turtle Turkish Hackers Extend Attacks to Dutch ISPs and Telcos
Sea Turtle, the Turkish state-backed cyber-espionage group has been carrying out spying attacks on Netherland Telcos, Media, and ISPs (Internet Service Providers).
Sea Turtle was known as Cosmic Wolf and focused on the Middle East, Sweden, and the US. It recently started targeting the Netherlands. Analysts Hunk & Hackett have been observing the group’s recent activity and shared that they have started using new techniques between 2021 and 2023. They target specific organizations so they can steal away economic and political intelligence related to the Turkish state.
The threat actors get initial access by using compromised cPanel accounts and deploy their new tool, “SnappyTCP.” The tool offers C2 (Command and Control) capabilities and remains on the victim systems as a persistent backdoor – for which it uses the “NoHup” command.
SnappyTCP can be used for data exfiltration and Sea Turtle is using it to pose threats to organizations around the world. You should deploy strict network monitoring and enable MFA on critical accounts to stay safe.