Cyber Security Headlines: UK flight outage, the malware Big 3, spyware firm breached

Cyber Security Headlines: UK flight outage, the malware Big 3, spyware firm breached

UK network outage grounds flights

On August 28th, the UK’s National Air Traffic Service, or NATS, announced a “technical issue” caused it to  apply “traffic flow restrictions to maintain safety.” This resulted in flight controllers having to input flight plans manually, resulting in a trickle of usual air traffic volume. Through mid-afternoon roughly 500 flights saw cancellations or multiple hour delays, most from London’s Heathrow airport. NATS announced it “identified and remedied” the issue at 3:15pm local time, but flight disruptions could persist for days. NATS announced no further details on what caused the issue at the time of recording. 

(The Guardian)

The malware loader Big 3

A new report from the security firm ReliaQuest claims that the malware loaders QBot, SocGholish, and Raspberry Robin account for 80% of observed attacks in 2023. The three remain fairly close in marketshare, with QBot the most common, used in 30% of attacks. After the top three, the report four the remaining top 7 used in low single digit percentages. QBot also proved the most adaptable, perhaps why the one-time banking trojan has been around for 16-years. SocGholish targets Windows and showed ties to the Russian-linked group Evil Corp in the past. Raspberry Robin also targets Windows, starting out as a USB drive worm. Since then both Clop and LockBit used it to load ransomware.  

(The Register)

Another spyware firm breached

Earlier this month, we covered the shutdown of LetMeSpy, a Polish spyware developer, after attackers breached its servers and deleted customer data. Now TechCrunch received a message from an unnamed hacker group describing how it compromised another spyware vendor, the Brazilian-owned WebDetetive. Using a flaw in its client dashboard layout, the attackers proceeded to download every dashboard record, letting them delete enrolled devices and view customer email addresses. An analysis by DDoSecrets of an exfiltrated dataset shows the service had over 76,000 devices enrolled. A further analysis by TechCrunch showed the app to largely represent a repackaged version of the spyware OwnSpy. 


Microsoft Entra ID privilege escalation exploit

Researchers at Secureworks released a technical report detailing the exploit. This allows a threat actor to redirect authorization codes from an abandoned URL, which they could use to obtain access tokens. From there, they could call the Power Platform API to elevate privileges. Microsoft patched the issue and Secureworks released an open-source tool to let organizations scan for abandoned reply URLs used in the approach. No evidence attackers used this method in the wild. 

(TheHacker News)

Thanks to our sponsor, AppOmni

SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk.

Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at

Malicious packages found in Rust registry

We’ve covered a number of malicious npm packages in the past, but this latest finding shows exploiting the software supply chain knows no programming language bounds. Researchers at Phylum discovered 7 libraries uploaded to the Rust crate registry. Once installed, all the packages transmitted OS-level data to hard-coded Telegram channels. It seems this was part of an early stage campaign in an attempt to get the packages installed on a wide variety of environments. The packages appeared in the registry in mid-August and subsequently removed. 

(The Hacker News)

BlackBerry and SentinelOne could be acquired

Over the weekend Reuters’ sources said the private equity firm Veritas Capital made an acquisition offer for BlackBerry, the once iconic phone maker turned security vendor. No word on the offer but the stock market reacted to the news by raising BlackBerry’s market cap to $3.1 billion. Meanwhile SentinelOne hired the bank Qatalyst Partners to advise on acquisition talks with several prospective buyers. The cloud security startup Wiz confirmed its considering a big for the company. 

(Security Week, Reuters)

OpenAI launches ChatGPT Enterprise

While many organizations and employees already tried OpenAI’s ChatGPT, the release largely only offered consumer-grade tooling. The new enterprise-focused offering will offer the same capabilities, but provides a new admin console. This offers the ability to manage employees, see usage statistics and set up templates. The tier also offers unlimited access to Advanced Data Analysis, with more data analysis features. This comes after Microsoft released Bing Chat Enterprise back in July. 


KmsdBot malware expands to new audience

The KmsdBot botnet first appeared in November, largely targeting cloud providers and private gaming servers before transitioning to targeting educational institutions. An analysis of an update to the botnet by Akamai researcher Larry W. Cashdollar shows it recently added new capabilities to target IoT. It added support for several new CPU architectures and supports Telnet scanning. KmsdBot uses brute force password attacks using a list of common passwords to get into IoT devices with default credentials. 

(The Hacker News)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.