SAN MATEO, CA, July 11, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.
- Comic book app exposes data of 23 million
- Capital One reports large scale data breach
- US Congress website hacked
- California university offline following cyberattack
- Axie Infinity hack initiated via fake employment offer
- Social engineering led to 20GB Marriott data breach
- Cybercriminals moving from Cobalt Strike to Brute Ratel
- Massive leak of Chinese citizen records traced to human error
- New malware creates backdoor in Microsoft Exchange servers
Comic book app exposes data of 23 million
Mangatoon, a platform used by millions of Android and iOS users to read Japanese Manga comics, had data belonging to 23 million account holders exposed. The breach, which took place in May, was undertaken by the hacker known as pompompurin, who gained access to Mangatoon’s information from a server using weak credentials. Read more.
Capital One reports large scale data breach
Capital One Financial has disclosed that a hacker has stolen personal information belonging to around 100 million US individuals and around 6 million living in Canada. At the same time that the breach was reported, a Seattle resident was arrested for the hack. The individual was able to access the information due to a misconfigured firewall. Read more.
US Congress website hacked
Russian hacker gang Killnet has claimed credit for a hack that temporarily disrupted access to Congress.gov. The hackers used a DDoS attack to overwhelm the site, which allows people to view bills, hearings and deliberations. US officials have been readying for increasing cyber meddling from pro-Russia hackers, although thus far no large scale attacks have taken place. Read more.
California university offline following cyberattack
California’s College of the Desert was hit with a cyberattack that took its phone and online services down. The type of attack has not been disclosed, although a spokesperson for the school referred to it as a “malware attack.” College of the Desert is a community college with 12,500 students. This is the second time the school has been targeted by hackers. Read more.
Axie Infinity hack initiated via fake employment offer
The $600 million hack of gaming platform Axie Infinity was initiated with a fake job posting and subsequent interviews, according to a report from The Block. A senior engineer was targeted by someone posing as a recruiter. At the end of what seemed to be a legitimate process, the engineer was provided with a PDF file that contained malicious code. The perpetrator of the hack is believed to be associated with Lazarus, a North Korean hacker gang. Read more.
Social engineering led to 20GB Marriott data breach
Marriott International suffered a 20GB data breach after a threat actor is said to have “socially engineered” an associate at the Marriott at BWI Airport in Baltimore in order to steal data from their computer. The company reported that most of the data stolen was business information and not private. This incident is the latest in a recent string of cybersecurity lapses involving Marriott International. Read more.
Cybercriminals moving from Cobalt Strike to Brute Ratel
In an effort to evade detection, ransomware and other hacker gangs are switching from Cobalt Strike to Brute Ratel post-exploitation toolkits. Brute Ratel is designed to be undetected by antivirus software and other cybersecurity measures, with most not flagging it as malicious. Brute Ratel is only licensed to legitimate businesses, making it not yet apparent how threat actors have been using it. Read more.
Massive leak of Chinese citizen records traced to human error
A recent leak of 23 terabytes of data related to 1 billion Chinese citizens has been blamed on human error. A developer working for the Chinese government accidentally included credentials on a blog post that were then used to access the database where the Shanghai police were storing records. The leak is believed to be not just the biggest recorded in China, but perhaps ever. Read more.
New malware creates backdoor in Microsoft Exchange servers
A newly discovered malware, called Session Manager by researchers at Kaspersky, has been used in the wild since March of 2021 to create a backdoor in Microsoft Exchange. The malware allows hackers to maintain update resistant access to company emails and IT systems. It also allows them to install further instances of malicious code into a target system. Kaspersky believes the exploit was leveraged by threat actors engaging in espionage. Read more.