Threat Advisories and Alerts
Over $1 Billion Stolen in Cryptocurrency on Decentralized Finance Platforms
The FBI warns investors to heed caution when using decentralized finance (DeFi) platforms. Between January and March 2022, $1.3 billion was stolen in cryptocurrencies, of which nearly 97% occurred on DeFi platforms. Before investing, the FBI recommends investors to research prospective DeFi platforms, smart contracts and protocols. Those who believe their DeFi investments have been stolen should contact the FBI via their local FBI field office or the Internet Crime Complaint Center.
Source: https://www.ic3.gov/Media/Y2022/PSA220829
Atlassian Bitbucket Vulnerability Scores 9.9 Out of 10 for Severity
Australian software company Atlassian has released security updates for a critical command injection vulnerability. The security hole (CVE-2022-36804) affects multiple API endpoints of Bitbucket Server and Data Center, and it scores a 9.9 out of 10 on the Common Vulnerability Scoring System (CVSS). If attackers exploit the vulnerability, they could execute malware and possibly delete or change data in stored repositories. Bitbucket Server and Data Center versions 7.0.0 and later have been affected. Admins and users of these versions are recommended to apply the security updates immediately.
Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-044
Microsoft Finds Account Takeover Bug in Tiktok
Security researchers have discovered a high severity vulnerability in TikTok’s Android app which could allow attackers to remotely hijack user accounts. Microsoft reported CVE-2022-28799 to the social media giant in February 2022, after which TikTok promptly fixed the issue. “The vulnerability allowed the app’s deeplink verification to be bypassed,” explained Microsoft. “Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.”
Source: https://www.infosecurity-magazine.com/news/microsoft-finds-account-takeover/
NCSC Introduces new machine learning security principles
The NCSC has produced a set of security principles for systems containing ML components in an effort to help practitioners address and mitigate for the inherent vulnerabilities – weaknesses that are fundamental to how ML works – present at all stages of the ML lifecycle. The group of attacks that exploit these inherent characteristics in ML systems are known collectively as 'adversarial machine learning,' or AML.
Source: https://www.ncsc.gov.uk/blog-post/introducing-our-new-machine-learning-security-principles
Emerging Threats and Research
Chrome Extensions That Steal Browser Data Installed 1.4 Million Times
Five Google Chrome extensions have been found to steal users’ browsing data. The hidden purpose of these malicious extensions is to modify users’ cookies on e-commerce sites to appear as though they came from a referrer link—this provides the cybercriminals an affiliate commission. The extensions, which have been downloaded more than 1.4 million times, include Netflix Party, Netflix Party 2, Full Page Screenshot Capture, FlipShope and AutoBuy Flash Sales. Though these extensions don’t impact users directly, they are a privacy risk as they monitor users’ browsing activity. Users are recommended to remove the extensions immediately.
Data of 2.5 Million Student Loan Accounts Exposed During Nelnet Servicing Breach
2,501,324 individuals with student loans from EdFinancial and Oklahoma Student Loan Authority (OSLA) had their data exposed earlier this summer. In June, cyberattackers compromised Nelnet Servicing, which is used by EdFinancial and OSLA to provide students online access to their loan accounts. While no payment information or financial account numbers were exposed during the breach, other sensitive information was, including physical addresses, email addresses and social security numbers. Impacted individuals are being notified.
Source Code Stolen in LastPass Breach
A cyberthief has stolen internal source code and documents from the password management service LastPass. The breach occurred a few weeks ago after one of LastPass’s developer accounts was broken into, providing the cybercriminal access to proprietary data. Investigation has shown no evidence of stolen customer data or access to encrypted password vaults—users’ passwords were unaffected and remain private. LastPass’s products and services are operating as normal and users need not take any action.
Source: https://www.theregister.com/2022/08/25/lastpass_security/
Cryptominer Impersonates Popular Software to Infect Over 111,000 Users
A cryptocurrency mining campaign has infected over 111,000 PC users in 11 countries since 2019, according to Check Point Research. The malware, which was created by a Turkish-speaking entity called Nitrokod, disguises itself as Google Translate Desktop and other free software. To evade detection, the malware isn’t dropped till nearly a month after infection. Once executed, the malware enables cybercriminals to leverage stolen computer resources for monetization.
Source: https://thehackernews.com/2022/08/nitrokod-crypto-miner-infected-over.html
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.
The post Latest Cyberthreats and Advisories – September 2, 2022 appeared first on Cybersecurity Insiders.
September 03, 2022 at 09:16PM
0 comments:
Post a Comment