This posting is here to collect cyber security news in May 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in May 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
408 Comments
Tomi Engdahl says:
QNAP alerts NAS customers of new DeadBolt ransomware attacks https://www.bleepingcomputer.com/news/security/qnap-alerts-nas-customers-of-new-deadbolt-ransomware-attacks/
Taiwan-based network-attached storage (NAS) maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads. The company asked users to update their NAS devices to the latest software version and ensure that they’re not exposed to remote access over the Internet.
Tomi Engdahl says:
Microsoft detects massive surge in Linux XorDDoS malware activity
https://www.bleepingcomputer.com/news/security/microsoft-detects-massive-surge-in-linux-xorddos-malware-activity/
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based encryption for its communications.
Tomi Engdahl says:
Bumblebee Malware from TransferXL URLs
https://isc.sans.edu/diary/rss/28664
Today’s diary reviews an infection generated from this activity on Wednesday 2022-05-18.. Last month, Google’s Threat Analysis Group
(TAG) reported on EXOTIC LILY using file transfer services like TransferNow, TransferXL, WeTransfer, or OneDrive to distribute malware. Threat researchers like @k3dg3 occasionally report malware samples from this activity. Based on @k3dg3′s recent tweet, I searched through VirusTotal and found a handful of active TransferXL URLs delivering ISO files for Bumblebee malware
Tomi Engdahl says:
Phishing websites now use chatbots to steal your credentials https://www.bleepingcomputer.com/news/security/phishing-websites-now-use-chatbots-to-steal-your-credentials/
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors. This approach automates the process for attackers and gives a sense of legitimacy to visitors of the malicious sites, as chatbots are commonly found on websites for legitimate brands
Tomi Engdahl says:
New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars https://thehackernews.com/2022/05/new-bluetooth-hack-could-let-attackers.html
A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range.
Tomi Engdahl says:
DOJ Announces It Won’t Prosecute White Hat Security Researchers https://www.vice.com/en/article/v7d9nb/department-of-justice-security-researchers-new-cfaa-policy
On Thursday the Department of Justice announced a policy shift in that it will no longer prosecute good-faith security research that would have violated the country’s federal hacking law the Computer Fraud and Abuse Act (CFAA).
Tomi Engdahl says:
The passwords most used by CEOs are startlingly dumb https://www.pcgamer.com/the-passwords-most-used-by-ceos-are-startlingly-dumb/
A recent cybersecurity report shows how immensely idiotic many CEOs and business owners can be, considering the strength of their chosen account passwords. Imagine entrusting the livelihood of hundreds, even thousands of employees to someone who uses ’123456′ or ‘qwerty’ as a password.
Tomi Engdahl says:
US Recovers $15 Million From Ad Fraud Group
https://www.securityweek.com/us-recovers-15-million-ad-fraud-group
United States authorities announced this week that they have retrieved more than $15 million in illicit proceeds derived from the advertising fraud scheme known as “3ve.”
Consisting of three different sub-operations – the Kovter botnet and two other operations – the 3ve scheme was dismantled in 2018, when authorities announced charges against three involved individuals: Aleksandr Isaev, of Russia, and Sergey Ovsyannikov and Yevgeniy Timchenko, of Kazakhstan.
Tomi Engdahl says:
Phishers Add Chatbot to the Phishing Lure
https://www.securityweek.com/phishers-add-chatbot-phishing-lure
Researchers have discovered a new approach being taken by phishers to increase victim engagement and confidence: the addition of an interactive chatbot. We have all become accustomed to the chatbots used by many of the largest service providers – they are annoying, but something we must navigate.
The phishers hope that this reluctant acceptance of chatbots will help lower the attention of the target victim. The process is described in a new blog post.
Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/interactive-phishing-using-chatbot-like-web-applications-to-harvest-information/
Phishing website links are commonly delivered via email to their respective targets. Once clicked, these websites often show a single webpage that outright asks for sensitive information like account login credentials, credit card details, and other personally identifiable information (PII).
Recently, we have encountered an interesting phishing website containing an interactive component in it: a chatbot. Unlike a lot of phishing websites, this one establishes a conversation first, and bit-by-bit guides the victim to the actual phishing pages.
Although the phishing method is quite unique, it still uses email as the delivery channel. A deeper inspection of the email header shows that the “From” header is missing the email address component, which is a red flag already.
To gain even more confidence and trust from the target, a CAPTCHA is presented right after the victim clicks the “Schedule delivery” button. However, something is odd here – nothing else is clickable except for the confirm and close button.
Tomi Engdahl says:
Researchers Spot Supply Chain Attack Targeting GitLab CI Pipelines
https://www.securityweek.com/researchers-spot-supply-chain-attack-targeting-gitlab-ci-pipelines
Security researchers at SentinelLabs are calling attention to a software chain supply attack targeting Rust developers with malware aimed directly at infecting GitLab Continuous Integration (CI) pipelines.
The campaign, dubbed CrateDepression, combines typosquatting and the impersonation of a known Rust developer to push a malicious ‘crate’ hosted on the Rust dependency community repository. (Editor’s note: A crate is a compilation unit in Rust).
The malicious crate was swiftly flagged and removed but SentinelLabs researchers found a second-stage payload exclusively built to Gitlab CI pipelines, signaling a risk of further larger-scale supply-chain attacks.
“Given the nature of the victims targeted, this attack would serve as an enabler for subsequent supply-chain attacks at a larger-scale relative to the development pipelines infected,” SentinelLabs said in a technical report documenting its findings.
“An infected machine is inspected for the GITLAB_CI environment variable in an attempt to identify Continuous Integration (CI) pipelines for software development. On those systems, the attacker(s) pull a next-stage payload built on the ‘red-teaming’ post-exploitation framework Mythic,” SentinelLabs explained.
Tomi Engdahl says:
Lawrence Abrams / BleepingComputer:
AdvIntel: the Conti ransomware group has taken its infrastructure offline and its leaders have partnered with other smaller ransomware groups to conduct attacks — The notorious Conti ransomware gang has officially shut down their operation, with infrastructure taken offline and team leaders told that the brand is no more.
Conti ransomware shuts down operation, rebrands into smaller units
https://www.bleepingcomputer.com/news/security/conti-ransomware-shuts-down-operation-rebrands-into-smaller-units/
Tomi Engdahl says:
How A Cheap Smart ID Card Reader Sold On Amazon Became A National Security Risk
https://hothardware.com/news/how-cheap-smart-id-card-reader-sold-amazon-became-national-security-risk
Earlier this month, we reported on a phishing attack that stole $23.5 million from the US Department of Defense (DoD). Thankfully, the DoD caught the cybercriminals and recovered the money, but this incident highlights the need for strong cybersecurity practices at the DoD and among its contractors. The DoD is a high value target with an extensive attack surface due to its size and complexity. A recent discovery demonstrates how cyberattacks can be indirect and come from unexpected sources. A government defense contractor relayed this discovery to Brian Krebs of KrebsOnSecurity, who published the details.
DoD employees and contractors, along with military personal, use ID cards known as Common Access Cards (CAC) to access controlled spaces, as well as computer systems and networks. Cardholders don’t just use these cards onsite. Many employees and contractors need to access their email remotely, which requires CAC authentication. However, approved card readers aren’t standard issue devices for cardholders. As a result, government employees and contractors often turn to the internet to find compatible card readers.
Alarmingly, a contractor found that one such device is a vector for malware.
The contractor told KrebsOnSecurity that the distribution of malware by a company selling CAC readers “Seems like a potentially significant national security risk, considering that many end users might have elevated clearance levels who are using PIV cards for secure access.” Saicoo may have been hacked and is distributing the malware unknowingly, but the company doesn’t seem willing to acknowledge the malware’s presence.
Tomi Engdahl says:
https://hackaday.com/2022/05/20/this-week-in-security-iphone-unpowered-python-unsandboxed-and-wizard-spider-unmasked/
As conspiracy theories go, one of the more plausible is that a cell phone could be running malicious firmware on its baseband processor, and be listening and transmitting data even when powered off. Nowadays, this sort of behavior is called a feature, at least if your phone is made by Apple, with their Find My functionality. Even with the phone off, the Bluetooth chip runs happily in a low-power state, making these features work. The problem is that this chip doesn’t do signed firmware. All it takes is root-level access to the phone’s primary OS to load a potentially malicious firmware image to the Bluetooth chip.
Researchers at TU Darmstadt in Germany demonstrated the approach, writing up a great paper on their work (PDF). There are a few really interesting possibilities this research suggests. The simplest is hijacking Apple’s Find My system to track someone with a powered down phone.
Researchers devise iPhone malware that runs even when device is turned off
Research is largely theoretical but exposes an overlooked security issue.
https://arstechnica.com/information-technology/2022/05/researchers-devise-iphone-malware-that-runs-even-when-device-is-turned-off/
Evil Never Sleeps:
When Wireless Malware Stays On After Turning Off iPhone
https://arxiv.org/pdf/2205.06114.pdf
Tomi Engdahl says:
https://hackaday.com/2022/05/20/this-week-in-security-iphone-unpowered-python-unsandboxed-and-wizard-spider-unmasked/
Bluetooth Low Energy
It’s yet another Bluetooth related problem, this time concerning Bluetooth Low Energy (BLE) used as an authentication token. You’ve probably seen this idea in one form or another, like the Android option to remain unlocked whenever connected to your BLE earbuds. It’s used for various vehicles, to unlock once the appropriate phone is within BLE range.
It’s always been sort-of a bad idea to use BLE for this sort of authentication, because BLE is succeptible to in-flight relay attacks. One half of the attack is next to your phone, acting like the car’s BLE chip, and the other is next to the car, spoofing your phone. Connect the two spoofing devices, and the car thinks the authorized phone is right there. To make this “secure”, vendors have added encryption features, as well as signal timing analysis to try to catch spoofing.
New Bluetooth hack can unlock your Tesla—and all kinds of other devices
All it takes to hijack Bluetooth-secured devices is custom code and $100 in hardware.
https://arstechnica.com/information-technology/2022/05/new-bluetooth-hack-can-unlock-your-tesla-and-all-kinds-of-other-devices/
NCC Group Demo Bluetooth Low Energy Link Layer Relay Attack on Tesla Model Y
https://www.youtube.com/watch?v=HF-tAujvckA&t=1s
Tomi Engdahl says:
https://hackaday.com/2022/05/20/this-week-in-security-iphone-unpowered-python-unsandboxed-and-wizard-spider-unmasked/
Python Buffer Blown
This is one of those issues that isn’t a big deal, and yet could be a problem in certain situations. It all started in 2012, when it was observed that the Python memoryview object could crash a program when it pointed to a memory location that is no longer valid.
This is actually a read and write primitive. Snoop around Python’s memory, find the ELF headers, and then figure out where the glibc system dynamic library is sitting in the procedure linkage table. Find it, use the memory corruption bug to jump to the appropriate location in memory, and boom, you’ve popped a shell from Python!
And yes, as an exploit, it’s quite unimpressive. [kn32], our tour guide into this quirk of Python points out that it could be used to escape a Python sandbox, but that is a very niche use-case. Even if we conclude that this isn’t really an exploit, it’s a great learning tool, and some fun hackery.
Exploiting a Use-After-Free for code execution in every version of Python 3
https://pwn.win/2022/05/11/python-buffered-reader.html
Tomi Engdahl says:
Wizard Spider
In-Depth Analysis
https://www.prodaft.com/m/reports/WizardSpider_TLPWHITE_v.1.4.pdf
Tomi Engdahl says:
Microsoft Issues Emergency Windows 10, 11 & Server Security Update
https://www.forbes.com/sites/daveywinder/2022/05/20/microsoft-issues-emergency-windows-10-11–server-security-update/?sh=5007ddb147c4&utm_medium=social&utm_source=ForbesMainFacebook&utm_campaign=socialflowForbesMainFB
Microsoft has finally, a whole week after I predicted that an emergency out-of-band Windows update would be with us before the month was out, pulled the fix trigger. The target being to correct the somewhat disastrous Patch Tuesday security updates that caused multiple authentication failures for many Windows business users. Anyone who this issue has impacted must apply the update as soon as possible: but there’s a catch, which I’ll get to in a moment.
May 2022 Patch Tuesday authentication failures
Those authentication failures were caused by installing the May 2022 Patch Tuesday updates on domain controllers. These included authentication failures on the server or client for services such as Network Policy Server and Extensible Authentication Protocol, to name but two. The issue, according to Microsoft, relates to “how the mapping of certificates to machine accounts is being handled by the domain controller.”
So, what’s the catch?
The out-of-band emergency updates are available for impacted users of Windows 10, Windows 11, and Windows Server 2008, 2012, 2016, 2019, and 2022. Microsoft has published details for all platforms.
Tomi Engdahl says:
Netgear warns that its BR200 And BR500 business routers have multiple vulnerabilities that could be exploited and are unable to be fixed. The company is offering a free or discounted replacement for those who wish to stop using the products.
https://www.forbes.com/sites/marksparrow/2022/05/20/netgear-says-it-cant-fix-multiple-vulnerabilities-on-two-of-its-routers-for-homeworkers/?sh=6dce16344bf2&utm_source=ForbesMainFacebook&utm_campaign=socialflowForbesMainFB&utm_medium=social
Tomi Engdahl says:
https://www.telia.fi/yrityksille/artikkelit/artikkeli/miten-yritysten-kybertietoturvaa-voi-vahvistaa
Tomi Engdahl says:
Majority of Kubernetes API Servers Exposed to the Public Internet
Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.
https://www.darkreading.com/application-security/more-than-eight-in-10-kubernetes-api-servers-exposed-to-the-internet
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/microsoft-detects-massive-surge-in-linux-xorddos-malware-activity/
Tomi Engdahl says:
‘Security researchers’ aka hackers make $800k in prize money for exploiting Windows 11 and Teams
By Jorge Jimenez published 1 day ago
https://www.pcgamer.com/security-researchers-aka-hackers-make-dollar800k-prize-money-for-exploiting-windows-11-and-teams/
Day 1 of the Pwn2own hacking event is already proving very lucrative for its participants.
Tomi Engdahl says:
Microsoft Teams, Windows 11 hacked on first day of Pwn2Own
https://www.bleepingcomputer.com/news/security/microsoft-teams-windows-11-hacked-on-first-day-of-pwn2own/
Tomi Engdahl says:
https://pentestmag.com/prepare-use-docker-web-pentest-junior-carreiro/
Tomi Engdahl says:
Mastercard introduces controversial biometric payments that require a face scan
Dystopian future.
https://reclaimthenet.org/mastercard-introduces-controversial-biometric-payments-that-require-a-face-scan/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cybersecurity-agencies-reveal-top-initial-access-attack-vectors/
Tomi Engdahl says:
https://thehackernews.com/2022/05/hackers-gain-fileless-persistence-on.html
Tomi Engdahl says:
https://www.zdnet.com/article/singapore-firms-see-high-rate-of-security-incidents-but-struggle-to-respond-promptly/
Tomi Engdahl says:
https://krebsonsecurity.com/2022/05/when-your-smart-id-card-reader-comes-with-malware/
Tomi Engdahl says:
https://www.darkreading.com/application-security/critical-vmware-bug-exploits-continue-as-botnet-operators-jump-in
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisa-warns-not-to-install-may-windows-updates-on-domain-controllers/
Tomi Engdahl says:
https://www.thestreet.com/technology/hackers-use-qr-codes-to-steal-your-money
Tomi Engdahl says:
https://gizmodo.com/nsa-no-backdoors-new-encryption-standards-promise-1848924186
Tomi Engdahl says:
https://www.lahitapiola.fi/tietoa-lahitapiolasta/uutishuone/uutiset-ja-tiedotteet/uutiset/uutinen/1509577332658
Tiedusteluasiantuntija: Venäjällä on kykyä toimia verkossa – ”Yritysten on nyt varauduttava hyökkäyksiltä”
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-warn-of-hackers-increasingly-targeting-msps/
Tomi Engdahl says:
Swapped Out: Hackers target social media users with high-tech fake videos
“Deepfake” technology previously focused on celebrities and influencers, now used to scam every day Americans
https://www.webcenterfairbanks.com/2022/05/16/swapped-out-hackers-target-social-media-users-with-high-tech-fake-videos/
Tomi Engdahl says:
https://arstechnica.com/information-technology/2022/05/researchers-devise-iphone-malware-that-runs-even-when-device-is-turned-off/
Tomi Engdahl says:
https://nakedsecurity.sophos.com/2022/05/12/serious-security-learning-from-curls-latest-bug-update/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-bug-in-zyxel-firewalls-and-vpns/
Tomi Engdahl says:
https://www.vice.com/en/article/g5q4vj/malware-can-be-loaded-even-onto-phones-that-are-turned-off-researchers-show
Tomi Engdahl says:
https://www.socinvestigation.com/threat-actors-abuse-microsofts-html-help-file-to-deliver-malware/
Tomi Engdahl says:
Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices
https://www.techrepublic.com/article/vulnerabilities-found-in-bluetooth-low-energy-gives-hackers-access-to-numerous-devices/
Tomi Engdahl says:
https://www.pcgamer.com/it-admin-gets-7-years-for-wiping-his-companys-servers-to-prove-a-point/
Tomi Engdahl says:
Some top 100,000 websites collect everything you type—before you hit submit
A number of websites include keyloggers that covertly snag your keyboard inputs.
https://www.wired.com/story/leaky-forms-keyloggers-meta-tiktok-pixel-study/
Tomi Engdahl says:
Serious Warning Issued For Millions Of Google Gmail Users
https://www.forbes.com/sites/gordonkelly/2022/05/21/google-gmail-security-facebook-oauth-login-warning/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Valerie&sh=6364b3916a3b
Gmail is the world’s most popular email service, it is also known as one of the most secure. But a dangerous exploit might make you rethink how you want to use the service in future.
In an eye-opening blog post, security researcher Youssef Sammouda has revealed that Gmail’s OAuth authentication code enabled him to exploit vulnerabilities in Facebook to hijack Facebook accounts when Gmail credentials are used to sign in to the service. And the wider implications of this are significant.
Speaking to The Daily Swing, Sammouda explained that he was able to exploit redirects in Google OAuth and chain it with elements of Facebook’s logout, checkpoint and sandbox systems to break into accounts. Google OAuth is part of the ‘Open Authorization’ standard used by Amazon, Microsoft, Twitter and others which allows users to link accounts to third-party sites by signing into them with the existing usernames and passwords they have already registered with these tech giants.
Sammouda reports no vulnerabilities using other email accounts.
Facebook account takeover: Researcher scoops $40k bug bounty for chained exploit
https://portswigger.net/daily-swig/facebook-account-takeover-researcher-scoops-40k-bug-bounty-for-chained-exploit
Youssef Sammouda returns with more Facebook hacks – this time leveraging stolen Google authentication tokens to gain access to social media accounts
Tomi Engdahl says:
Wormhole cryptocurrency platform hacked for $325 million after error on GitHub
https://www.theverge.com/2022/2/3/22916111/wormhole-hack-github-error-325-million-theft-ethereum-solana
A security flaw was fixed but seemingly not applied to the live application before it was hacked
On Wednesday, the decentralized finance (DeFi) platform Wormhole became the victim of the largest cryptocurrency theft this year — and among the top five largest crypto hacks of all time — when an attacker exploited a security flaw to make off with close to $325 million.
The attack seems to have resulted from a recent update to the project’s GitHub repository, which revealed a fix to a bug that had not yet been deployed to the project itself.
The attack took place on February 2nd and was noticed when a post from the Wormhole Twitter account announced that the network was being taken “down for maintenance” while a potential exploit was investigated. A later post from Wormhole confirmed the hack and the amount stolen.
Shortly after the attack, the Wormhole team also offered the hacker a $10 million bounty to return the funds
Wormhole provides a service known as a “bridge” between blockchains, essentially an escrow system that allows one type of cryptocurrency to be deposited in order to create assets in another cryptocurrency.
To carry out the attack, the attacker managed to forge a valid signature for a transaction that allowed them to freely mint 120,000 wETH — a “wrapped” Ethereum equivalent on the Solana blockchain, with value equivalent to $325 million at the time of the theft — without first inputting an equivalent amount. This was then exchanged for around $250 million in Ethereum that was sent from Wormhole to the hackers’ account, effectively liquidating a large amount of the platform’s Ethereum funds that were being held as collateral for transactions on the Solana blockchain.
Open-source code commits show that code that would have fixed this vulnerability was written as early as January 13th and uploaded to the Wormhole GitHub repository on the day of the attack. Just hours later, the vulnerability was exploited by the hacker, suggesting that the updates had not yet been applied to the production application.
Another file available through the Wormhole Github page also details a security audit conducted by security research company Neodyme between July and September 2021. It is not clear whether the vulnerability was present during the audit period
Due to the nature of cross-chain applications, the attack temporarily left a huge deficit between the amount of wrapped Ethereum and regular Ethereum held in the Wormhole bridge — as if the collateral asset backing a loan had suddenly disappeared. According to Forbes, the attack caused a 10 percent drop in the value of the Solana cryptocurrency in the aftermath of the hack.
Tomi Engdahl says:
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
PyPI is a repository of open-source packages that developers can use to share their work or benefit from the work of others, downloading the functional libraries required for their projects.
On May 17, 2022, threat actors uploaded a malicious package named ‘pymafka’ onto PyPI. The name is very similar to PyKafka, a widely used Apache Kafka client that counts over four million downloads on the PyPI registry.
Sonatype discovered pymafka and reported it to PyPI, who removed it yesterday. Nevertheless, developers who downloaded it will have to replace it immediately and check their systems for Cobalt Strike beacons and Linux backdoors.
For Linux systems, the Python script connects to a remote URL at 39.107.154.72 and pipes the output to the bash shell. Unfortunately, that host is down at the time of this writing, so it is unclear what commands are executed, but it is believed to open a reverse shell.
For Windows and macOS, the payload is a Cobalt Strike beacon, which provides remote access to the infected device.
Cobalt Strike is a widely abused penetration testing suite that features powerful traits such as command execution, keylogging, file actions, SOCKS proxying, privilege escalation, credential stealing, port scanning, and more.
Its “beacons” are file-less shellcode agents that are hard to detect, giving remote actors stable and reliable access to compromised systems, using it for espionage, lateral movement, or deploying second-stage payloads like ransomware.
“On Windows systems, the Python script attempts to drop the Cobalt Strike beacon at ‘C:\Users\Public\iexplorer.exe’,” details Sonatype’s report.
This attack is intended to provide initial access to the developer’s network, allowing them to spread laterally through the network to steal data, plant further malware, or even conduct ransomware attacks.
How to stay safe
From the software developer’s perspective, several things are done wrong when someone uses an untrustworthy package, but the most common and admittedly easy to happen is mistyping package names during building.
Software developers should scrutinize package names and details and double-check their selection of building blocks when something appears funky.
In this case, the package attempts to masquerade as a renowned project, yet it has no description on the PyPI page,
no homepage link, an extremely short release history, and an inexplicably recent release date.
These are all clear signs that something is wrong, but none of them will be apparent from the terminal, so confirming the package selections is critical.
Tomi Engdahl says:
Varo huijausta viranomaispalvelun nimissä https://www.is.fi/digitoday/tietoturva/art-2000008830559.html
SUOMI.FI varoittaa tietojenkalastelusta. Suomalaisille lähetetään viestejä Suomi.fi:n nimissä, ja viesteissä pyydetään säätämään todennusta. Perusteluna on todennustavan vanhentuminen. Viesteissä on linkki, joka johtaa henkilökohtaisia tietoja kyselevälle verkkosivulle. Älä avaa linkkiä edes huvin vuoksi, äläkä missään nimessä syötä sivulle mitään tietojasi. Jos huijari lähestyy tekstiviestillä, siihen vastaaminen voi teoriassa altistaa sinut kuluille.
Tomi Engdahl says:
Kauniaisten kybermysteeristä uusia tietoja tekijä sai aikaan pahaa tuhoa
https://www.tivi.fi/uutiset/tv/3dcb9794-d580-403c-b9b2-274876286336
Kauniaisten kaupungin sähköpostiliikenne toimii jälleen. Aikavälillä 5. toukokuuta – 12. toukokuuta lähetetyt sähköpostiviestit ja kalenterikutsut eivät kuitenkaan ole saapuneet perille, vaan ne täytyy lähettää uudelleen. Vanhan sähköpostipalvelimen käyttäminen oli turvallisuussyistä mahdotonta, joten kaupunki päätti asentaa kokonaan uuden palvelimen. Epäilykset palvelimen kaappaamisesta heräsivät, kun @kauniainen.fi-sähköpostiosoitteista alkoi levitä kalasteluviestejä.
Sähköpostitilit suljettiin tilanteen vuoksi.
Tomi Engdahl says:
Huawei sai porttikiellon Kanadaan: “Tulemme aina suojelemaan kanadalaisten turvallisuutta”
https://www.tivi.fi/uutiset/tv/5bc7a1b9-9385-4d32-abd2-39b0ca22578d
Kanadan hallitus ilmoittaa kieltävänsä kiinalaisten Huawein ja ZTE:n pääsyn maan 5g-verkkoihin. Oppositiossa oleva konservatiivipuolue ja muut toimijat ovat pitkään kritisoineet Huawein roolia maan 5g-infrastruktuurin rakentamisessa, kirjoittaa Toronto Sun.