Cybersecurity Weekly: LokiBot spearphish, Marriott breach, Zoom vulnerability
A spearphishing campaign exploits COVID-19 to spread LokiBot infostealer. Marriott suffers a second breach, exposing data of 5.2 million hotel guests. A new Zoom hack lets attackers compromise Windows and its login password. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Spearphishing campaign exploits COVID-19 to spread LokiBot infostealer
Researchers discovered threat actors harnessing a new spearphishing campaign designed to spread the LokiBot trojan. Using the WHO trademark as a lure, this new attack claims to address misinformation about the pandemic, but actually sends an attachment that unleashes LokiBot if downloaded and executed.
Read more »
2. Marriott suffers second breach, exposing data of 5.2 million hotel guests
Last week, international hotel chain Marriott disclosed a data breach impacting 5.2 million hotel guests — the second security incident to hit the company in recent years. The company believes guest data was accessed between January and February 2020, but found no evidence of compromised passwords or payment information.
Read more »
3. New Zoom hack lets attackers compromise Windows and its login password
According to cybersecurity researchers, the Zoom video conferencing software for Windows is vulnerable to a UNC path injection vulnerability that could allow remote attackers to steal victims’ Windows login credentials. Once the malicious link is clicked, the attack allows the attacker-controlled SMB share to automatically capture authentication data.
Read more »
For more cybersecurity news stories like these, check out the blog »