Officials for the Oceania region of the Japanese car maker Nissan have disclosed a recent cyberattack on their internal systems that may have compromised employee and customer data. While the main websites for the region have been unaffected by the incident, staff are still working to restore systems that were taken offline and are warning customers to be vigilant for identity and fraud attempts while the investigation continues. As the investigation is ongoing, it is still unclear as to who may have perpetrated the attack or if any information was exfiltrated.
SpyLoan Android apps reach 12 million downloads
Researchers have been tracking a recent campaign of malicious Android apps (dubbed SpyLoan), disguised as personal loan services, that have been stealing sensitive information for nearly a year and have racked up a combined 12 million individual downloads. 18 malicious apps have been identified so far, leading to Google removing 17 of them from the Play app store, and have been spotted predominantly in South American and South-East Asian countries.
ALPHV/BlackCat claims breach of HTC Global Services
Over the weekend, officials for the IT services provider, HTC Global Services have confirmed that they had fallen victim to a cyberattack via the known Citrix Bleed vulnerability. Threat actors behind the ALPHV/BlackCat ransomware group have claimed responsibility for the attack and have already named HTC as a victim on their dark web leak site, alongside screenshots of the stolen data. While the investigation continues, it is believed that the claims are accurate, as ALPHV/BlackCat have remained a major force in the ransomware/double-extortion marketplace since their rebranding from BlackMatter in late 2021.
LogoFAIL firmware vulnerability suite affects all bootable devices
Researchers have been tracking a series of long-standing UEFI vulnerabilities in both Windows and Linux operating systems for years and have identified a suite of specific firmware vulnerabilities that could have serious ramifications for every device. Labeled as LogoFAIL by researchers, the attack can replace manufacturer logo images in firmware during the initial boot-up stages with a malicious image, allowing remote code execution and are almost impossible to detect through normal security measures, including Secure Boot and other boot-kit protections.
Cyberattack halts operations at Staples
Late last week, officials for the office supplier Staples posted an announcement to their website regarding a cyberattack that was causing a disturbance in their communications and other critical services. The incident was impacting their delivery processes and staff were forced to take portions of their network offline, which may indicate the possibility of a ransomware attack, though the investigation has yet to confirm the cause of the disruption. December continues to be a preferred time for threat actors to target retailers, as holiday shoppers are making more online purchases and having their items shipped all around the world.
