This Week In Cybersecurity: 11th March to 14th March

This week in cybersecurity highlights major incidents, including a $5 million theft from 1inch, a DDoS attack on X, and a significant data breach at Chicago Public Schools.
This Week In Cybersecurity: 11th March to 14th March
Table of Contents
    Add a header to begin generating the table of contents

    Malware: Clipboard Hijacking Malware Targets 778,000 CryptoWallets

    The newly discovered MassJacker malware targets 778,531 cryptocurrency wallets using clipboard hijacking techniques. This malware monitors the Windows clipboard for copied wallet addresses, replacing legitimate ones with those controlled by attackers. CyberArk’s analysis estimates approximately $95,300 stolen, but the true impact is likely greater. The malware spreads via a malicious website offering pirated software, utilizing a complex infection chain. Organizations are urged to implement robust security measures to protect against this evolving threat. Read more

    DDoS Assault on X, Cyberattack Claimed by Dark Storm Group Causes Worldwide Outages

    On March 4, 2025, X (formerly Twitter) suffered a significant DDoS attack claimed by the hacktivist group Dark Storm. The attack disrupted services for millions and involved fake announcements regarding cryptocurrency launches. Users were prompted to engage with phishing posts, which linked to malicious sites. In response, X implemented Cloudflare’s DDoS protection, requiring CAPTCHA verification for all requests. This incident exemplifies the rising trend of cyberattacks targeting prominent organizations to promote scams. Read more

    Cl0p Ransomware Published Rackspace Files on Leak Site

    The Cl0p ransomware group has published sensitive files from Rackspace Technology after the company allegedly ignored ransom demands. The breach, affecting numerous organizations, highlights vulnerabilities in cloud security. Cl0p’s leak site claimed to expose files linked to 170 companies, including some in the healthcare sector. Rackspace has not yet publicly commented on the incident, raising concerns about the effectiveness of their data protection measures. This attack underscores the ongoing risks posed by sophisticated ransomware actors. Read more

    NBA and NASCAR Accounts on X Hacked to Promote Cryptocurrency Scams

    On March 4, 2025, the official accounts of the NBA and NASCAR on X were hacked to promote fraudulent cryptocurrencies. Attackers used these high-profile accounts to announce the launch of fake digital assets like ‘NBACoin’ and ‘Nascar Coin.’ Despite prompt action from the NBA to remove the posts, the hackers managed to republish their messages, potentially affecting millions of followers. This incident highlights the need for enhanced cybersecurity measures for high-profile social media accounts. Read more

    $5 Million Stolen from 1inch Due to Smart Contract Flaw

    On March 5, 2025, 1inch confirmed a theft of approximately $5 million due to a vulnerability in its smart contracts. The breach affected resolver funds linked to the outdated Fusion v1 implementation, but no end-user funds were at risk. The stolen assets included 2.4 million USDC and 1,276 Wrapped Ether. 1inch is collaborating with affected resolvers to enhance security measures and has initiated a bug bounty program to identify further vulnerabilities. Read more

    Chicago Public Schools Data Breach Exposes Hundreds of Thousands of Student Records

    A data breach at Chicago Public Schools exposed the personal information of hundreds of thousands of students, including names, birthdates, and student IDs. The breach was linked to a server owned by CPS technology vendor Cleo. Affected data included sensitive information that could lead to identity theft. The FBI and Illinois Attorney General are investigating the incident, which highlights the urgent need for robust data security measures in educational institutions. Read more

    New Chirp Tool Using Audio Tones for Data Transit Between Devices

    The Chirp tool allows data transfer between devices using audio tones, developed by cybersecurity researcher solst/ICE. It converts characters into sound frequencies, enabling discreet communication via sound waves. However, Chirp has limitations, such as stopping message reception during transmission and lacking error correction. Future developments may explore using hypersonic sounds for more secure communications. The tool is available for free on GitHub, making it accessible for tech enthusiasts and developers. Read more

    Related Posts