Cybersecurity news provided by NetworkTigers on Monday, 21 February 2022.
SAN MATEO, CA — US government cracking down on crypto crime, WordPress plugin exploit could compromise data, major LInkedIn phishing campaigns target those looking for new employment, huge bot attack stopped by researchers, Emotet trojan now spreading via Excel, Ukraine armed forces and banks hit with cyberattack, Adobe: update Commerce and Magento Open Source, funding site favored by Canadian “Freedom Convoy” hacked, CISA warns of Russian cyberattacks, San Francisco 49ers attacked with ransomware.
US government cracking down on crypto crime
The United States Department of Justice (DOJ) named Eun Young Choi as the first director of the new National Cryptocurrency Enforcement Team (NCET). The department is tasked with investigating the criminal misuse of cryptocurrency and digital assets. The DOJ also announced that the FBI will now have a Virtual Asset Exploitation Unit within the organization designed to assist the FBI with regard to criminal activity involving cryptocurrencies. Read more.
WordPress plugin exploit could compromise data
UpDraft Plus, a popular WordPress plugin used to back up data, has been found to contain a bug that could allow unauthorized users to download backups. Researchers are recommending that anyone who employs UpDraft Plus update immediately. The exploit, if successfully leveraged, could allow a threat actor to completely take over a victim’s account. Read more.
Major LInkedIn phishing campaigns target those looking for new employment
As the “Great Resignation” continues to disrupt the job market, scammers looking to cash in on those in search of greener pastures have been hard at work resulting in a 232% increase in LinkedIn phishing schemes. Using convincing visual templates and language meant to flatter victims, the emails tend to namedrop popular brands and companies and direct readers to click a link that directs them to a site that asks them for their LinkedIn login credentials. Read more.
Huge bot attack stopped by researchers
A bot attack that had been using 400,000 compromised IP addresses has been blocked thanks to researchers at Imperva. The attack had been scraping the data of user profiles on a job listing website. Imperva explains that automated bot attacks, whether used to scrape data or purchase high demand or limited items from commerce sites before human buyers get a chance to, can result in slugging website performance, downtimes, poor SEO ranking and inaccurate analytics. Read more.
Emotet trojan now spreading via Excel
Emotet, beginning its life in 2014 as a banking trojan and continually evolving since, has found a new means by which to spread. Hidden within malicious Excel files and spread via an email campaign. Once opened, the victim’s computer can be leveraged. This campaign appears to have been active since late December, 2021. Read more.
Ukraine armed forces and banks hit with cyberattack
A distributed denial of service (DDoS) attack has been levied against the websites of Ukraine’s Ministry of Defense and two of the country’s major banks, knocking them offline. The bank websites were quickly returned to functional status, while at the time of this writing the armed forces sites were still showing signs of disruption. The source of the attack, the second that the country has sustained within the last month, is currently not known although most speculate that it is part of a continuing campaign of harassment from Russia. Read more.
Adobe: update Commerce and Magento Open Source
Adobe has released security updates for both Commerce and Magento Open Source. The company has classified the vulnerabilities that the patch closes as “critical” and is urging all users to update immediately. Exploits of the vulnerabilities in question have already been reported in the wild and a successful attack could allow an unauthorized user to take control of a victim’s system. Read more.
Funding site favored by Canadian “Freedom Convoy” hacked
GiveSendGo, a fundraising site that has been favored by Canadians participating in protests against COVID requirements at the border, has been hacked leading to a leak of those who have donated money to the so-called “Freedom Convoy.” GiveSendGo suffered a prior security breach two weeks ago. Leaked information has revealed that the majority of the donations made actually originated in the US. Read more.
CISA warns of Russian cyberattacks
Escalating tensions at the border between Russia and Ukraine are causing CISA to once again warn US organizations about the increased possibility of Russian cyberattacks. US government agencies are on alert for Moscow to engage further in hacks and attacks that destabilize, disrupt and confuse victims as pushback and sanctions pertaining to their actions with regard to Ukraine continue to be floated. Read more.
San Francisco 49ers attacked with ransomware
Ransomware gang BlackByte are claiming to have stolen some of the San Francisco 49ers’ financial information after attacking the team’s network. The attack has reportedly only affected the team’s corporate network and has not affected any systems associated with ticket holders. Law enforcement has been notified of the attack. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.