10 January 2023
2022
Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
Ravie Lakshmanan
https://thehackernews.com/2022/08/experts-find-malicious-cookie-stuffing.html
Excerpt:
“Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs.”
COVID-19 data put for sale on the Dark Web
https://www.helpnetsecurity.com/2022/08/29/covid-19-data-put-for-sale-on-the-dark-web/
Excerpt:
“Resecurity, a California-based cybersecurity company protecting Fortune 500, has identified leaked PII stolen from Thailand’s Department of Medical Sciences containing information about citizens with COVID-19 symptoms. The incident was uncovered and shared with Thai CERT.”
LockBit ransomware gang gets aggressive with triple-extortion tactic
Ionut Ilascu
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/
Excerpt:
“LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and working to take the operation to triple extortion level.”
Edfinancial and OSLA student loan account registration info hacked in Nelnet breach; 2.5 million affected
Dissent
https://www.databreaches.net/edfinancial-and-osla-student-loan-account-registration-info-hacked-in-nelnet-breach-2-5-million-affected/
Excerpt:
“Nelnet Servicing in Nebraska provides technology services to EdFinancial and OSLA, including portals that student loan borrowers use to create and access their student loan accounts. Their notification template, a copy of which was submitted to the Maine Attorney General’s Office, indicates that Nelnet discovered a vulnerability. They do not indicate exactly when they first discovered it although it appears to have been in July. Nor do they describe the nature of the vulnerability. What they do write is the following:”
John Deere tractor hack reveals food supply vulnerable to cyber attacks
Kallee Buchanan and Tanya Murphy
https://www.abc.net.au/news/rural/2022-08-24/tractor-hack-reveals-food-supply-vulnerable/101360062
Excerpt:
“Hacking a tractor to install a video game may seem like a funny prank, but it has confirmed security experts' fears about the vulnerability of our food supply to cyber attacks.“
France hospital Center Hospitalier Sud Francilien suffered ransomware attack
Pierluigi Paganini
https://securityaffairs.co/wordpress/134771/cyber-crime/center-hospitalier-sud-francilien-ransomware.html
Excerpt:
“The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients to other structures.”
DDoS attacks jump 203%, patriotic hacktivism surges
https://www.helpnetsecurity.com/2022/08/23/malicious-ddos-attacks-climbed/
Excerpt:
“Radware released a report revealing that the number of malicious DDoS attacks climbed by 203% compared to the first six months of 2021.”
LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data
Jeff Burt
https://www.theregister.com/2022/08/22/entrust_lockbit_ddos_ransomware/
Excerpt:
“The LockBit ransomware group last week claimed responsibility for an attack on cybersecurity vendor in June. The high-profile gang is now apparently under a distributed denial-of-service (DDoS) because of it.”
Misconfigured Meta Pixel exposed healthcare data of 1.3M patients
Bill Toulas
https://www.bleepingcomputer.com/news/security/misconfigured-meta-pixel-exposed-healthcare-data-of-13m-patients/
Excerpt:
“U.S. healthcare provider Novant Health has disclosed a data breach impacting 1,362,296 individuals who have had their sensitive information mistakenly collected by the Meta Pixel ad tracking script.”
Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts
Ravie Lakshmanan
https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html
Excerpt:
“Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps.”
Critical infrastructure is under attack from hackers. Securing it needs to be a priority - before it's too late
Danny Palmer
https://www.zdnet.com/article/critical-infrastructure-is-under-attack-from-hackers-securing-it-needs-to-be-a-priority-right-now/
Excerpt:
“Cyber attacks don't just affect the virtual world: they can have concerning real-world consequences for everyone, and a recent incident seemingly involving a near miss has demonstrated just how disruptive they can be.”
Cybercriminals are using bots to deploy DDoS attacks on gambling sites
https://www.helpnetsecurity.com/2022/08/19/gambling-sites-ddos-attacks/
Excerpt:
“Imperva releases data showing that 25% of all gambling sites were hit with DDoS attacks executed by botnets in June.”
Google blocks largest HTTPS DDoS attack 'reported to date'
Ionut Ilascu
https://www.bleepingcomputer.com/news/security/google-blocks-largest-https-ddos-attack-reported-to-date/
Excerpt:
“A Google Cloud Armor customer was hit with a distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind.”
Lazarus Attackers Turn to the IT Supply Chain
Lisa Vaas
https://threatpost.com/lazarus-apt-it-supply-chain/175772/
Excerpt:
“Lazarus – a North Korean advanced persistent threat (APT) group – is working on launching cyberespionage-focused attacks on supply chains with its multi-platform MATA framework.”
APT Lazarus Targets Engineers with macOS Malware
Elizabeth Montalbano
https://threatpost.com/apt-lazarus-macos-malware/180426/
Excerpt:
“North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware. The malicious Mac executable used in the campaign targets both Apple and Intel chip-based systems.”
Ransomware Group Claims Access to SCADA in Confusing UK Water Company Hack
Eduard Kovacs
https://www.securityweek.com/ransomware-group-claims-access-scada-confusing-uk-water-company-hack
Excerpt:
“A ransomware group has hit at least one water company in the United Kingdom, but there is some confusion over whose systems were actually breached.”
Dutch authorities arrest 29-year-old dev with suspected ties to Tornado Cash
Jeff Burt
https://www.theregister.com/2022/08/15/tornado_cash_suspect_arrested/
Excerpt:
“Dutch authorities have arrested a software developer suspected of working with Tornado Cash, a cryptocurrency mixing service that only two days earlier was sanctioned by the US government for allegedly laundering money for ransomware operators and other cybercriminals.”
State Department offers $10 million for details on Conti ransomware gang members
AJ Vicens
https://www.cyberscoop.com/conti-state-department-reward/
Excerpt:
“The State Department on Thursday announced a $10 million reward for information related to five specific individuals associated with the Conti ransomware group.”
Cisco has been hacked by a ransomware gang
Zeljka Zorz
https://www.helpnetsecurity.com/2022/08/11/cisco-hacked/
Excerpt:
“U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site.”
Ex-CISA chief Krebs calls for US to get serious on security
Jessica Lyons Hardcastle
https://www.theregister.com/2022/08/10/krebs_black_hat/
Excerpt:
“BLACK HAT It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs.”
Three ransomware gangs consecutively attacked the same network
https://www.helpnetsecurity.com/2022/08/09/ransomware-gangs-attacks/
Excerpt:
“Hive, LockBit and BlackCat, three prominent ransomware gangs, consecutively attacked the same network, according to Sophos. The first two attacks took place within two hours, and the third attack took place two weeks later. Each ransomware gang left its own ransom demand, and some of the files were triple encrypted.”
Slack admits to leaking hashed passwords for five years
Paul Ducklin
https://nakedsecurity.sophos.com/2022/08/08/slack-admits-to-leaking-hashed-passwords-for-three-months/
Excerpt:
“Popular collaboration tool Slack (not to be confused with the nickname of the world’s longest-running Linux distro, Slackware) has just owned up to a long-running cybersecurity SNAFU.”
Chinese scammers target kids with promise of extra gaming hours
Simon Sharwood
https://www.theregister.com/2022/08/09/china_minors_gaming/
Excerpt:
“Fraudsters in China have targeted a child with promises of allowing them to get around the nation's time limits on playing computer games – for a mere $560, according to the nation's cyberspace administration. Yesterday the CAC detailed some of the 12,000 acts of online fraud perpetrated against minors it handled this year.”
Twilio customer data exposed after its staffers got phished
Jessica Lyons Hardcastle
https://www.theregister.com/2022/08/08/twilio_phishing_attack/
Excerpt:
“Twilio confirmed someone breached its security and accessed "a limited number" of customer accounts after successfully phishing some of its employees.”
Cyberattack on Albanian government suggests new Iranian aggression
Lily Hay Newman
https://arstechnica.com/information-technology/2022/08/cyberattack-on-albanian-government-suggests-new-iranian-aggression/
Excerpt:
“In mid-July, a cyberattack on the Albanian government knocked out state websites and public services for hours.”
Cyberattacks on healthcare organizations negatively impact patient care
https://www.helpnetsecurity.com/2022/08/08/cyberattacks-healthcare-impact/
Excerpt:
“Cynerio and the Ponemon Institute have examined the current impact of cyberattacks on healthcare facilities and network-connected IoT and medical devices, and found multiple alarming trends.”
“Huge flaw” threatens US emergency alert system, DHS researcher warns
Dan Goodin
https://arstechnica.com/information-technology/2022/08/huge-flaw-threatens-us-emergency-alert-system-dhs-researcher-warns/
Excerpt:
“The US Department of Homeland Security is warning of vulnerabilities in the nation’s emergency broadcast network that makes it possible for hackers to issue bogus warnings over radio and TV stations.”
Universities are at risk of email-based impersonation attacks
https://www.helpnetsecurity.com/2022/08/04/universities-email-based-impersonation-attacks/
Excerpt:
“Proofpoint released new research which found that the top universities in the United States, the United Kingdom and Australia are lagging on basic cybersecurity measures, subjecting students, staff and stakeholders to higher risks of email-based impersonation attacks.”
A third of organizations experience a ransomware attack once a week
https://www.helpnetsecurity.com/2022/08/04/organizations-experience-ransomware-attack/
Excerpt:
“Ransomware attacks show no sign of slowing. According to new research published by Menlo Security, a third of organizations experience a ransomware attack at least once a week, with one in 10 experiencing them more than once a day.”
Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones
Jessica Lyons Hardcastle
https://www.theregister.com/2022/08/03/tmobile_unlock_prison_phone/
Excerpt:
“A now-former T-Mobile US store stole at least 50 employees' work credentials to run a phone unlocking and unblocking service that prosecutors said netted $25 million.”
Ransomware gangs are hitting roadblocks, but aren’t stopping (yet)
Zeljka Zorz
https://www.helpnetsecurity.com/2022/08/01/ransomware-gangs-are-hitting-roadblocks/
Excerpt:
“In its mid-year 2022 Cyber Threat Report, SonicWall notes that there has been a global 23% drop in ransomware, “as geopolitical forces, volatile cryptocurrency prices, and increased government and law-enforcement focus impacted both who cybercriminals chose to attack and how well they were capable of carrying out those attacks.”
The most impersonated brand in phishing attacks? Microsoft
https://www.helpnetsecurity.com/2022/08/01/microsoft-brand-impersonation-phishing-attacks/
Excerpt:
“Vade announced its H1 2022 Phishers’ Favorites report, a ranking of the top 25 most impersonated brands in phishing attacks. Microsoft came in at #1 on the list, followed by Facebook. Rounding out the top five are Crédit Agricole, WhatsApp, and Orange.”
Spyware developer charged by Australian Police after 14,500 sales
Laura Dobberstein
https://www.theregister.com/2022/08/01/asia_tech_news_roundup/
Excerpt:
“Australia's federal police (AFP) on Friday charged a man with creating and profiting from spyware that allowed total remote control of victims' computers.”