SAN MATEO, CA, December 26, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- Hacker claims to be selling data of 400 million Twitter users
- WordPress gift card plugin exploited by hackers
- LastPass: hackers stole user’s password vaults
- Okta source code stolen in GitHub hack
- Clever “GodFather” Android malware sets its sites on banks and crypto exchanges
- NIST phasing out SHA-1 algorithm
- MacOS bug allows malware to bypass security
- Restaurant CRM SevenRooms breached, data leaked
- New Agenda ransomware variant the latest to be developed in Rust programming language
Hacker claims to be selling data of 400 million Twitter users
A threat actor calling themselves Ryushi is claiming to have stolen the personal data of 400 million Twitter users after allegedly scraping a “vulnerability” to access it. A sample of the data, made up of 1,000 accounts, was submitted as proof of the breach’s validity. The stolen info is purported to have data associated with celebrities, politicians and other high-profile users. Ryushi has posted the files for sale on the dark web and has also suggested to Twitter and Elon Musk that its in their best interest to purchases the data exclusively to avoid the financial burden of lawsuits that may arise as a result of the security lapse. Read more.
WordPress gift card plugin exploited by hackers
YITH WooCommerce Gift Cards Premium WordPress plugin, used on more than 50,000 websites to allow the selling of online gift cards, has been found to harbor a flaw that “allows unauthenticated attackers to upload files to vulnerable sites, including web shells that provide full access to the site.” Disclosed to the public in November, hackers have been exploiting the flaw regularly since in the last two months. Users of the plugin need to update to the latest version to prevent takeover attack and remote code execution. Read more.
LastPass: hackers stole user’s password vaults
Password management platform LastPass has reported that a breach earlier in the year resulted in hackers stealing customers’ password vaults. While the vaults are encrypted, all a hacker would need to view the entirety of their contents is a user’s master password, which could be obtained via brute force, phishing or social engineering tactics. The criminals also took customer information such as names, email addresses and billing data. The breach was executed by a threat actor who used cloud storage keys stolen from a LastPass employee. LastPass customers are urged to change their master passwords and turn on multi factor authentication wherever possible. Read more.
Okta source code stolen in GitHub hack
Security provider Okta has been breached, with hackers reportedly stealing the company’s source code after breaching a GitHub repository. The hackers responsible did not access customer data or services and a statement from Okta said that the stolen code is exclusively related to the Okta Workforce Identity Cloud. The party responsible for the breach has yet to be identified. Okta has suffered a number of attacks over the last year, with the most recent being one in August claimed by the Lapsus$ ransomware gang. Read more.
Clever “GodFather” Android malware sets its sites on banks and crypto exchanges
Over 400 banks and crypto exchange sites have found themselves in the crosshairs of a malware variant called “GodFather.” The malware creates an overlay over a bank or crypto exchanges login page, resulting in users submitting their credentials into a form that is carefully designed to look like a legitimate landing page. GodFather was discovered in 2021, but has undergone significant upgrades since. The malware can generate fake notifications that prompt users to visit its fake landing pages, prevent victims from removing it by abusing Accessibility Service, exfiltrate Google Authenticator OTPs, process commands and steal passwords and PIN numbers. Read more.
NIST phasing out SHA-1 algorithm
The US National Institute of Standards and Technology (NIST) has announced that it will be scrapping the secure hash algorithm (SHA)-1 within federal government systems. SHA-1, developed in 1993, has provided a foundation for a wide range of security applications. The algorithm, however, has fallen behind today’s computing abilities, lessening its security. After December 30th, 2030, all federal government systems will use alternative security measures. NIST is recommending that companies switch to modules employing SHA-2 or SHA-3 as soon as possible to ensure safety and compliance. Read more.
MacOS bug allows malware to bypass security
A researcher at Microsoft discovered a vulnerability within MacOS that allows attackers to “deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions.” Apple’s Lockdown Mode, introduced to provide greater protection for users who may be targeted by cyberattacks, is calibrated to defend against zero-click remote code execution exploits and therefore is unable to defend against this exploit. The security flaw, labeled CVE-2022-42821, has been patched by Apple in updates issued for the Venture, Monterey and Big Sur operating systems. Read more.
Restaurant CRM SevenRooms breached, data leaked
SevenRooms, a restaurant customer relationship management platform used by major chains such as MGM Resorts, Bloomin’ Brands, Mandarin Oriental, Wolfgang Puck and more, has reported that it suffered a data breach. A post on a hacking forum on December 15th contained data samples from the breach, with the poster claiming to have stolen 427GB of customer data from the platform. SevenRooms has reported that the breach took place via a third party vendor, that its internal systems were not affected and that customer identification and payment information was not included in the stolen data. Read more.
New Agenda ransomware variant the latest to be developed in Rust programming language
A ransomware-as-a-service group called Agenda has a new variant, developed in the Rust programming language, that has been observed in the wild. Agenda’s use of Rust, as well as the fact that it employs partial encryption, allows threat actors to encrypt files with less likelihood of detection. Because it is harder to analyze, the language is becoming popular with ransomware purveyors, as it has already been used by BlackCat, Hive, Luna and RansomExx groups. Read more.
More cybersecurity news
- Last week’s news
- All cybersecurity news and articles are brought to you by NetworkTigers.