Cyber security news August 2022

This posting is here to collect cyber security news in August 2022.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

543 Comments

  1. Tomi Engdahl says:

    What does Tim Hortons think your data is worth? A coffee and donut, apparently
    After Canada’s privacy watchdog accused its app of collecting “vast amounts of location data”
    https://www.theverge.com/2022/8/1/23286824/tim-hortons-location-tracking-proposed-class-action-settlement-data-privacy-coffee-donut

    Reply
  2. Tomi Engdahl says:

    Poliisi aloitti tutkinnan STT:hen kohdistuneesta verkko­hyökkäyksestä https://www.is.fi/digitoday/art-2000008978890.html

    Reply
  3. Tomi Engdahl says:

    https://techcrunch.com/2022/08/02/nomad-chaotic-exploit-crypto/

    Cross-chain messaging protocol Nomad has become the target of crypto’s latest nine-figure attack after hackers abused a “chaotic” security exploit to steal almost $200 million in digital assets.

    Nomad, a token bridge that allows users to send and receive tokens between Avalanche (AVAX), Ethereum (ETH), Evmos (EVMOS), Moonbeam (GLMR) and Milkomeda C1 blockchains, was attacked on Monday, with hackers draining almost all of the protocol’s funds.

    Reply
  4. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-patch-critical-auth-bypass-bug-immediately/

    VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.

    The flaw (CVE-2022-31656) was reported by Petrus Viet of VNG Security, who found that it impacts VMware Workspace ONE Access, Identity Manager, and vRealize Automation.

    Reply
  5. Tomi Engdahl says:

    New ‘ParseThru’ Parameter Smuggling Vulnerability Affects Golang-based Applications
    https://thehackernews.com/2022/08/new-parsethru-parameter-smuggling.html

    Reply
  6. Tomi Engdahl says:

    Post-quantum encryption contender is taken out by single-core PC and 1 hour
    Leave it to mathematicians to muck up what looked like an impressive new algorithm.
    https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/?utm_social-type=owned&utm_source=facebook&utm_medium=social&utm_brand=ars

    Reply
  7. Tomi Engdahl says:

    https://nakedsecurity.sophos.com/2022/08/01/gnutls-patches-memory-mismanagement-bug-update-now/

    The best-known cryptographic library in the open-source world is almost certainly OpenSSL.

    Firstly, it’s one of the most widely-used, to the point that most developers on most platforms have heard of it even if they haven’t used it directly.

    Reply
  8. Tomi Engdahl says:

    Miscreants aim to cause Discord discord with malicious npm packages
    LofyLife campaign comes amid GitHub security lockdown
    https://www.theregister.com/2022/08/02/npm_lofylife_discord_kaspersky/

    Reply
  9. Tomi Engdahl says:

    Bot army risk as 3,000+ apps found spilling Twitter API keys
    Please stop leaving credentials where miscreants can find them
    https://www.theregister.com/2022/08/02/cloudsek_twitter_api/

    Reply
  10. Tomi Engdahl says:

    Thousands of Solana wallets drained in multimillion dollar exploit
    https://techcrunch.com/2022/08/03/solana-wallet-hack/?tpcc=tcplusfacebook

    Solana, an increasingly popular blockchain known for its speedy transactions, has become the target of the crypto sphere’s latest hack after users reported that funds have been drained from internet-connected “hot” wallets.

    Reply
  11. Mark says:

    https://celltrackingapps.com/find-address-with-phone-number/
    This article will tell you the different ways in which you can find someone’s address information using the person’s phone number.

    Reply
  12. Tomi Engdahl says:

    “The goal was not personal profit but to send [Houston leaders] a message about spending 1 million tax dollars on something that has no evidence of any effect on crime,” the man told local news reporters.

    Someone Made $3,000 Selling 3D-Printed Guns at a Gun Buyback Event
    https://www.vice.com/en/article/akee4e/someone-made-dollar3000-selling-3d-printed-guns-at-a-gun-buyback-event?utm_source=vice_facebook&utm_medium=social

    Officials say they’re changing the rules after one man made bank at the ‘no questions asked’ event in Houston.

    Reply
  13. Tomi Engdahl says:

    Hackers Use New Tactics To Spread Malware as Microsoft Blocked Macros by Default

    https://gbhackers.com/hackers-use-new-tactics-as-microsoft-blocked-macros-by-default/

    Reply
  14. Tomi Engdahl says:

    Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk
    To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control.
    https://www.darkreading.com/cloud/capital-one-breach-conviction-exposes-scale-of-cloud-entitlement-risk

    Reply
  15. Tomi Engdahl says:

    “You Wouldn’t Steal A Movie” Advert May Have Led To More People Stealing Movies
    Turns out you would steal a movie.
    https://www.iflscience.com/you-wouldnt-steal-a-movie-advert-may-have-led-to-more-people-stealing-movies-64731

    Reply
  16. Tomi Engdahl says:

    Jason Nelson / Decrypt:
    An unknown attacker has been emptying Solana and USDC wallets; Solscan says over 15,000 wallets have been affected, draining $4.46M, primarily in SOL and USDC — An unknown attacker drained thousands of wallets containing at least $4 million worth of Solana and USDC late Tuesday night.

    Solana, USDC Drained From Wallets in Attack
    More than 5,000 wallets have been drained of millions of dollars. Solana’s price plunged within hours.
    https://decrypt.co/106590/multiple-wallets-including-sol-and-usdc-drained-in-unfolding-attack

    Reply
  17. Tomi Engdahl says:

    Brian Newar / Cointelegraph:
    Hackers drain nearly the entire $190.7M in crypto from the Nomad token bridge, which raised an April 2022 seed from Coinbase, OpenSea, and five other companies
    https://cointelegraph.com/news/nomad-token-bridge-drained-of-190m-in-funds-in-security-exploit

    Reply
  18. Tomi Engdahl says:

    Meta sued for violating patient privacy with data tracking tool
    Lawsuits allege Meta and US hospitals violated HIPAA
    https://www.theverge.com/2022/8/2/23288612/meta-hosptials-sued-patient-privacy-facebook-data-hipaa

    Facebook’s parent company Meta and major US hospitals violated medical privacy laws with a tracking tool that sends health information to Facebook, two proposed class-action lawsuits allege.

    The lawsuits, filed in the Northern District of California in June and July, focus on the Meta Pixel tracking tool. The tool can be installed on websites to provide analytics on Facebook and Instagram ads. It also collects information about how people click around and input information into those websites.

    An investigation by The Markup in early June found that 33 of the top 100 hospitals in the United States use the Meta Pixel on their websites. At seven hospitals, it was installed on password-protected patient portals. The investigation found that the tool was sending information about patient health conditions, doctor appointments, and medication allergies to Facebook.

    Reply
  19. Tomi Engdahl says:

    North Korea-backed hackers have a clever way to read your Gmail
    SHARPEXT has slurped up thousands of emails in the past year and keeps getting better.
    https://arstechnica.com/information-technology/2022/08/north-korea-backed-hackers-have-a-clever-way-to-read-your-gmail/

    Researchers have unearthed never-before-seen malware that hackers from North Korea have been using to surreptitiously read and download email and attachments from infected users’ Gmail and AOL accounts.

    The malware, dubbed SHARPEXT by researchers from security firm Volexity, uses clever means to install a browser extension for the Chrome and Edge browsers, Volexity reported in a blog post. The extension can’t be detected by the email services, and since the browser has already been authenticated using any multifactor authentication protections in place, this increasingly popular security measure plays no role in reining in the account compromise.

    SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT”
    https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/

    Reply
  20. Tomi Engdahl says:

    35,000 code repos not hacked—but clones flood GitHub to serve malware
    https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/

    Thousands of GitHub repositories were copied with their clones altered to include malware, a software engineer discovered today.

    While cloning open source repositories is a common development practice and even encouraged among developers, this case involves threat actors creating copies of legitimate projects but tainting these with malicious code to target unsuspecting developers with their malicious clones.

    GitHub has purged most of the malicious repositories after receiving the engineer’s report.

    Reply
  21. Tomi Engdahl says:

    STT joutui haitta­ohjelmalla tehdyn hyökkäyksen kohteeksi – tekijä esittänyt lunnas­vaatimuksen https://www.is.fi/digitoday/art-2000008984335.html

    Reply
  22. Tomi Engdahl says:

    Akamai: We stopped record DDoS attack in Europe
    A ‘sophisticated, global botnet’ held an Eastern European biz under siege over 30 days
    https://www.theregister.com/2022/08/01/ddos_europe_akamai/

    Reply
  23. Tomi Engdahl says:

    Anonymous iski Kiinaan – ”Taiwan numero yksi!” https://www.is.fi/digitoday/art-2000008984651.html

    Attacks on Taiwan websites likely work of Chinese ‘hacktivists’ – researchers
    https://www.reuters.com/world/attacks-taiwan-websites-likely-work-chinese-hacktivists-researchers-2022-08-02/

    Reply
  24. Tomi Engdahl says:

    Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google
    I got played via the Play store
    https://www.theregister.com/2022/08/04/google_wallet_crypto_lawsuit/

    Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store.

    That was four months before San Francisco-based Phantom Technologies actually released an Android version of its digital wallet. The free Phantom Wallet app that Pearlman downloaded early from Google Play was a fake. And when he connected his actual Phantom wallet to the app, it cost him a small fortune.

    “Less than 24 hours after downloading the fake ‘Phantom Wallet’ app from Google Play, Pearlman’s real Phantom wallet was drained of more than $800,000 worth of virtual currencies, including SAMO, USDC, ORCA, and SOL, as well as four additional NFTs,” his attorneys recount in a lawsuit that seeks to recover the stolen funds from Google rather than from the bogus app’s operator.

    Reply
  25. Tomi Engdahl says:

    STT:n teksti­viesti­palvelun asiakkaiden nimet ja puhelin­numerot ovat voineet vuotaa verkko­hyökkäyksessä https://www.is.fi/digitoday/art-2000008988285.html

    Reply
  26. Tomi Engdahl says:

    EU-viranomaiset ärähtivät lakiehdotuksesta – ”Altistaa lapset sala­kuuntelulle” https://www.is.fi/digitoday/tietoturva/art-2000008986663.html

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*