SAN MATEO, CA, November 7, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- State-sponsored hacks becoming more brazen
- Info-stealing malware dropping from PyPI packages
- Hackers steal $28 million from Deribit crypto exchange
- Dropbox breached due to phishing attack
- Multi-factor authentication guidelines published by CISA to battle phishing
- CISA provides guide to help federal agencies defend against DDoS attacks
- Retailer Bed, Bath & Beyond confirms data breach after phishing attack
- Windows MoTW per-day vulnerability receives an unofficial patch
- Australian military confirms cyberattack on IT provider
State-sponsored hacks becoming more brazen
A report from Microsoft details how cyberattacks launched by nation-states with authoritarian leaders have become increasingly brazen. State-sponsored attacks targeting critical infrastructure have spiked from 20% to 40%. Much of the data stems from Russia’s maneuvers in its “hybrid war” with Ukraine and Moscow’s efforts to interfere with the country’s allies around the world. However, aggressive attacks from Iran, North Korea and China have also increased in both severity and boldness. Read more.
Info-stealing malware dropping from PyPI packages
More than two dozen Python packages on the PyPI registry have been identified by researchers as vectors for info-stealers. Mimicking popular libraries through a tactic known as “typosquatting,” many of the packages inject W4SP malware on infected devices. Others are reported to employ malware allegedly designed for “educational purposes.” The malicious packages, when added up, have been downloaded more than 5,700 times. Read more.
Hackers steal $28 million from Deribit crypto exchange
Deribit has joined the ranks of crypto exchanges to have been hacked, losing $28 million to criminals who pilfered funds from one of the company’s hot wallets. Deribit reports that no client assets or cold wallets were affected by the hack. The company has placed a temporary halt on withdrawals and deposits and has assured customers that regular operations remain unaffected by the incident. No information has yet been shared regarding who may be responsible for the theft or how they managed to hack the company. Read more.
Dropbox breached due to phishing attack
Dropbox has disclosed that it suffered a breach that resulted in threat actors stealing 130 GitHub repositories they accessed using stolen employee credentials. The breach took place after a phishing attack that targeted Dropbox employees with “emails impersonating the CircleCI continuous integration and delivery platform and redirecting them to a phishing landing page where they were asked to enter their GitHub username and password.” Dropbox reports that the attackers never had access to any customer accounts and that its core infrastructure was unaffected. Read more.
Multi-factor authentication guidelines published by CISA to battle phishing
In an effort to battle the ever increasing instances of phishing, CISA has published two fact sheets highlighting the importance of properly implementing multi-factor authentication. The first sheet describes the means by which hackers are able to bypass weak MFA requirements using tactics such as push fatigue and SIM swapping. The second sheet details how organizations can use phishing-resistant MFA protocols to thwart attacks that have been known to sidestep or break through traditional means. Read more.
CISA provides guide to help federal agencies defend against DDoS attacks
In collaboration with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), CISA has published the “Capacity Enhancement Guide.” The guide details steps that federal agencies should proactively take to reduce the likelihood of a DDoS attack from occurring and lessen the impact should one happen and is meant to compliment CISA’s recent “Understanding and Responding to Distributed Denial-of-Service Attacks” document. Before, during and after guidelines are detailed. The “Capacity Enhancement Guide” comes on the heels of more than a dozen US airports having their websites disrupted by DDoS attacks launched by the Russian hacker gang KillNet. Read more.
Retailer Bed, Bath & Beyond confirms data breach after phishing attack
Bed, Bath & Beyond has reported that an unauthorized user gained access to an employee’s hard drive and other drives that they had access to after a successful phishing attempt. The company has not provided details regarding the nature of the data that was accessed but did report that they do not believe any personally identifiable information was accessed or stolen in the breach. When reached for comment by TechCrunch, Bed, Bath & Beyond also did not provide any comment on the phishing attack itself or what protocols are in place to protect customer data from such an intrusion. Read more.
Windows MoTW per-day vulnerability receives an unofficial patch
An actively exploited bug that let hackers bypass Mark-of-the-Web security warnings in Windows 10 and Windows 11 with malformed signatures has received an unofficial patch courtesy of opatch. The fix is meant to remedy the flaw, which has been actively exploited in the wild, until Microsoft pushes an official update to fix it. The patch fix addresses the bug, but opatch cautions that hackers may be able to find a workaround. Read more.
Australian military confirms cyberattack on IT provider
Australia’s cybersecurity woes deepen. On the heels of breaches that have exposed the data of millions of customers belonging to the country’s largest health and telecom organizations, the Australian Defense confirmed that an external IT provider used by Defense department servants and military personnel had been attacked. A spokesperson for the military said that no personal information was compromised and there is no evidence at this point in time that the breach was successful. Read more.
More cybersecurity news
- Last week’s news
- All cybersecurity news and articles are brought to you by NetworkTigers.