SAN MATEO, CA, August 29, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- DoorDash suffers a data breach.
- LastPass suffers a breach and theft of source code.
- CISA issues warning for users of Palo Alto Networks firewalls
- Hackers circumventing Microsoft’s multi-factor authentication
- A New Attack can read Gmail messages
- Plex compromised, exposing user data
- Hotel and travel companies are proving to be lucrative targets for hackers
- Counterfeit Android phones come pre-hacked
- North Korea launches cyberattack with stolen South Korean police ID.
DoorDash suffers a data breach.
Add DoorDash to the list of companies that have had their data exposed. The food delivery service has reported that a hacker has accessed information related to both workers and customers of the company. While not named specifically, it is clear that DoorDash’s security incident is directly related to the recent phishing attack on the communications platform Twilio. Read more.
LastPass suffers a breach and theft of source code.
LastPass, a leading password management platform, has reported that it suffered a data breach in which part of its source code had been stolen. Using login credentials from a single compromised account, an unauthorized user was able to take LastPass’s proprietary information. The company says no user data or passwords were accessed or compromised in the incident. Read more.
CISA issues warning for users of Palo Alto Networks firewalls
CISA has reported that Palo Alto Networks firewalls are under active attack and is urging users to update their systems immediately. Affected products include a range of devices running the company’s PAN-OS software. The exploit, a URL filtering policy misconfiguration, allows hackers to launch DDoS attacks that appear to originate from Palo Alto Networks’ hardware. Read more.
Hackers circumventing Microsoft’s multi-factor authentication
Russia-based hacking collective Cozy Bear has reportedly bypassed multi-factor authentication (MFA) within Microsoft Azure Active Directory to obtain access to Microsoft 365 and other accounts. By accurately guessing a password, Cozy Bear hackers can apply MFA to a device of their choosing if the account has not already had it set up. Organizations are encouraged to apply location-based restrictions on the MFA enrollment process to prevent foreign entities from gaining access. Read more.
A new attack can read Gmail messages.
An Iranian-aligned hacking group, Charming Kitten, has created a tool that can steal user data from Gmail, Yahoo! and Microsoft Outlook accounts. The tool, called Hyperscape, has seen limited use against targets within Iran and allows hackers to view email content in basic HTML format. Hyperscape lets hackers snoop on email activity without the user knowing that their account has been compromised. Read more.
Plex compromised, exposing user data.
Plex, one of the largest platforms used for streaming video content, has suffered a compromise that may have exposed usernames and email addresses. Plex has stated that user passwords were secured and that payment and credit card data were not stored on the breached server. The company has reportedly closed the exploit, but users are still encouraged to change their login credentials. Read more.
Hotel and travel companies are proving to be lucrative targets for hackers.
As the pandemic fades, the travel industry has been in the crosshairs. Cybercriminals have been baiting hotels with messages purported to originate from tourist agencies and conference organizers looking to make reservations. When workers click a link embedded in the email, they download malware that allows hackers to steal customer credit card data and potentially make the hotel’s website divert reservation payments. Read more.
Counterfeit Android phones come pre-hacked
Researchers have found counterfeit Android phones with backdoor hacks already installed. The phones come pre-loaded with Trojans, giving hackers internal access via WhatsApp and WhatsApp Business apps. The phones also do not feature the OS advertised but instead much older versions that are rife with vulnerabilities. It is recommended that users only purchase smart devices through manufacturers and reputable dealers. Read more.
North Korea launches cyberattack with stolen South Korean police ID.
North Korean hackers have been able to launch a cyberattack using an ID stolen from a South Korean police officer who investigates cybercrime. South Korean security firm ESTsecurity Security Response Center has reported that North Korean hackers are actively looking to steal police officer IDs to gain victims’ trust to hack them or stage cyberattacks on their systems. Read more.