Cybersecurity threats continue to grow in sophistication and execution. This week, we experienced the Toronto Public Library outage, a new MacOS malware, and a spate of spam attacks caused by Bluetooth notifications.

Cybersecurity News Roundup

Here’s what went down this week:

A portable wireless pen-testing and hacking tool Flipper Zero can cause Bluetooth devices to become locked, even unresponsive with notification spam.

The popular testing tool can now launch Bluetooth spam attacks with an Android app. Earlier, it affected Apple iOS and Windows devices.

Flipper Zero works by spoofing advertising packets (ADV) via Bluetooth Low Energy (BLE) technology. Any BLE-enabled device will recognize these signals as legitimate connection requests. Once the device accepts this request, it is flooded with notifications that can render it unusable.

With the new Android app, Flipper Zero can cause Denial of Service (DoS) attacks that can impact a wide range of devices that search for Bluetooth radio signals.

This type of spam attack can confuse the target, make it difficult to discern between legitimate and spoofed devices, and even disrupt the user experience with non-stop notifications popping up on the targeted device.

It should be noted that Android 14 and Windows 11 devices display notifications on Bluetooth connection requests by default. You will need to block these notifications on both systems.

The process to do so is easy:

If you use Android, navigate to Settings → Google → Nearby Share, and turn the toggle on Show notification to the "Off" position.

Another way to access the same menu is through Settings → Connected Devices → Connection preferences → Nearby Share.

If you use Windows, open Settings, select 'Bluetooth & devices' from the menu on the left, then click on 'Devices,' scroll down to 'Device settings,' and turn the 'Show notifications to connect using Swift Pair' toggle to the 'Off' position.

It has now been confirmed that a ransomware group knocked Canada’s largest public library system offline earlier this week.

A few days ago, the Toronto Public Library alerted its users of being hit by a cyber attack. During the attack, users were unable to access the tpl.ca site and their online account. The outages also affected the tpl:map passes and digital collections services.

TPL has about 100 branches and 12 million books. It boasts about 1,200,000 registered members and operates on a budget of $200 million.

Authorities say that they’ve found no evidence of personal information being breached so far. They continue to investigate the compromised attack with cybersecurity experts.

According to BleepingComputer, the Black Basta ransomware operation was behind the attack.

Apple computers are at risk from stealthy backdoor malware that can do data retrieval, upload/download files, and execute commands in the background without their consent.

Dubbed as KandyKorn, this new malware has been attributed to North Korea-based Lazarus hacking group. It targets engineers of a cryptocurrency platform.

This malware was linked to the Lazarus group by cybersecurity firm Elastic Security, who analyzed past campaigns and reviewed the techniques involved in this attack.

The attack begins on Discord, where the victim is deceived into downloading a malicious ZIP archive ‘cross-platform Bridges.zip.’  The target is told that they are downloading a legitimate bot that can help them generate profits automatically from cryptocurrency transactions.

In reality, the archive contains a Python script that establishes a connection with a rogue server and installs malicious software on the user’s machine. The attacker gets access to data from the victim’s machine as a result.