Cybersecurity news provided by NetworkTigers on Monday, 07 February 2022.
SAN MATEO, CA — Tax season phishing scam impersonates Intuit, News Corp hit with cyberattack, China suspected, NFTs used for money laundering, Cisco routers vulnerable to attack, Blockchain bridge hacked, $320 million stolen, U.S. security researcher targeted by North Korean hacker retaliates by disrupting country’s internet, 29% of outgoing employees take data with them, oil supplier hit with cyberattack, CISA updates catalog to include new vulnerabilities, Apple awards $100.5K for discovery of major bugs, Deadbolt ransomware affects QNAP users, App with banking Trojan removed from Google Play store.
Tax season phishing scam impersonates Intuit
As tax season’s inevitable uptick in phishing scams kicks into high gear, Intuit is warning that a phishing scam that is posing as an official message from the company is in circulation. The scam email threatens to close users’ accounts if they do not click a malicious link within the message. Read more.
News Corp hit with cyberattack, China suspected
News Corp, owner of the Wall Street Journal, has been on the receiving end of a cyberattack that is believed to have been initiated by Chinese spies. The breach, appearing to have been active since at least February 2020, is reported to have exposed emails and Google Drive documents associated with journalists who cover issues related to China. Read more.
NFTs used for money laundering
According to data from Chainanalysis, criminals are using NFTs for “wash trading,” a situation in which a seller is able to misinform others about the perceived value of an NFT and therefore claim it to have a much higher price tag than it does. Additionally, research has determined that in the second half of 2021, NFTs were used to launder money associated with criminal activity totalling to $2.4 million. Read more.
Cisco routers vulnerable to attack
Cisco’s Small Business RV routers have been found to contain severe security bugs that could allow bad actors to gain unauthorized privileges, remote code executions and more. Cisco has provided patches for some of the bugs and has indicated that fixes for the rest are forthcoming. Cisco’s RV products are popular, affordable routers that many businesses have employed to allow workers to access their network remotely via a VPN. Read more.
Blockchain bridge hacked, $320 million stolen
In the second largest hack to be carried out against a crypto exchange platform, Wormhole has seen $320 in Ether stolen by attackers. Wormhole, unable to determine how the hacker was able to perform the theft, has offered them a “whitehat agreement” in the form of $10 million in exchange for an explanation of the attack and a return of the stolen Ether. Read more.
U.S. security researcher targeted by North Korean hacker retaliates by disrupting country’s internet
Independent hacker P4x, frustrated by a lack of government response after North Korean hackers targeted cybersecurity researchers last year, took matters into his own hands by launching automated attacks that took down the country’s government websites. While North Korea only has a limited number of websites and highly restricted access, P4x sees his work as activism and has initiated a new project designed to further infiltrate and disrupt the totalitarian country’s network. Read more.
29% of outgoing employees take data with them
Research firm Tessian has conducted a poll that has revealed that almost a third of outgoing employees exfiltrate data. While most cases are not done with malicious intent, the increasing rate of employee turnaround in the data sector has led to a great deal of potentially harmful information at risk of exposure. Experts feel that the “great resignation” is resulting in a spike with regard to sensitive information leaving secure networks and residing on personal devices that are not well protected. Read more.
Oil supplier hit with cyberattack
Oil companies Oiltanking GmbH Group and Mabanaft Group have had their Germany-based oil supplying and storage operations disrupted by a cyberattack. Neither organization has made a public claim regarding the source of the attack, leaving analysts to wonder if it might have been politically motivated. Germany is a major consumer of Russian oil, and Russia is currently involved in a tense political situation with Ukraine. Read more.
CISA updates catalog to include new vulnerabilities
CISA has added eight new vulnerabilities to its catalog due to sufficient evidence that they are being exploited by bad actors. According to CISA, the new threats are a “frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.” CISA encourages all enterprises to take appropriate measures to prevent the exploitation of all vulnerabilities listed in its catalog. Read more.
Apple awards $100.5K for discovery of major bugs
Apple has paid out $100,500 to researcher Ryan Pickren after he discovered a bug within iCloud that could allow remote access to a victim’s Mac’s webcam, microphone and entire file system. His exploration yielded four bugs as well as a record payout courtesy of Apple’s bug bounty policy. Read more.
Deadbolt ransomware affects QNAP users
Taiwan-based QNAP has been targeted by criminals who are extorting users of their products with a ransomware variant known as Deadbolt. QNAP has advised users to immediately upgrade their devices, as the ransomware takes advantage of a vulnerability that has since been patched. The criminals who have launched the attack have reportedly offered to decrypt all customer data in exchange for 50 BTC, but it does not appear as though QNAP has complied. Read more.
App with banking Trojan removed from Google Play store
An all called 2FA Authenticator has been removed from Google Play after it was discovered that it contained a Trojan known as Vultur, used to steal banking information. 2FA Authenticator was available for download for over two weeks before being taken down, resulting in more than 10,000 downloads. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.