This posting is here to collect cyber security news in August 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in August 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
543 Comments
Tomi Engdahl says:
What does Tim Hortons think your data is worth? A coffee and donut, apparently
After Canada’s privacy watchdog accused its app of collecting “vast amounts of location data”
https://www.theverge.com/2022/8/1/23286824/tim-hortons-location-tracking-proposed-class-action-settlement-data-privacy-coffee-donut
Tomi Engdahl says:
Poliisi aloitti tutkinnan STT:hen kohdistuneesta verkkohyökkäyksestä https://www.is.fi/digitoday/art-2000008978890.html
Tomi Engdahl says:
https://techcrunch.com/2022/08/02/why-education-is-key-to-halting-hacks-like-the-190m-nomad-exploit/
Tomi Engdahl says:
https://thehackernews.com/2022/08/chinese-hackers-using-new-manjusaka.html
Tomi Engdahl says:
https://techcrunch.com/2022/08/02/nomad-chaotic-exploit-crypto/
Cross-chain messaging protocol Nomad has become the target of crypto’s latest nine-figure attack after hackers abused a “chaotic” security exploit to steal almost $200 million in digital assets.
Nomad, a token bridge that allows users to send and receive tokens between Avalanche (AVAX), Ethereum (ETH), Evmos (EVMOS), Moonbeam (GLMR) and Milkomeda C1 blockchains, was attacked on Monday, with hackers draining almost all of the protocol’s funds.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-patch-critical-auth-bypass-bug-immediately/
VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.
The flaw (CVE-2022-31656) was reported by Petrus Viet of VNG Security, who found that it impacts VMware Workspace ONE Access, Identity Manager, and vRealize Automation.
Tomi Engdahl says:
New ‘ParseThru’ Parameter Smuggling Vulnerability Affects Golang-based Applications
https://thehackernews.com/2022/08/new-parsethru-parameter-smuggling.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/national-bank-hit-by-ransomware-trolls-hackers-with-dick-pics/
Tomi Engdahl says:
Post-quantum encryption contender is taken out by single-core PC and 1 hour
Leave it to mathematicians to muck up what looked like an impressive new algorithm.
https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/?utm_social-type=owned&utm_source=facebook&utm_medium=social&utm_brand=ars
Tomi Engdahl says:
Imran Khan’s Instagram account hacked to promote phoney Elon Musk $100 million crypto giveaway >
https://www.bitdefender.com/blog/hotforsecurity/imran-khans-instagram-account-hacked-to-promote-phoney-elon-musk-100-million-crypto-giveaway/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-now-better-at-blocking-ransomware-on-windows-11/
Tomi Engdahl says:
https://nakedsecurity.sophos.com/2022/08/01/gnutls-patches-memory-mismanagement-bug-update-now/
The best-known cryptographic library in the open-source world is almost certainly OpenSSL.
Firstly, it’s one of the most widely-used, to the point that most developers on most platforms have heard of it even if they haven’t used it directly.
Tomi Engdahl says:
Miscreants aim to cause Discord discord with malicious npm packages
LofyLife campaign comes amid GitHub security lockdown
https://www.theregister.com/2022/08/02/npm_lofylife_discord_kaspersky/
Tomi Engdahl says:
Bot army risk as 3,000+ apps found spilling Twitter API keys
Please stop leaving credentials where miscreants can find them
https://www.theregister.com/2022/08/02/cloudsek_twitter_api/
Tomi Engdahl says:
Thousands of Solana wallets drained in multimillion dollar exploit
https://techcrunch.com/2022/08/03/solana-wallet-hack/?tpcc=tcplusfacebook
Solana, an increasingly popular blockchain known for its speedy transactions, has become the target of the crypto sphere’s latest hack after users reported that funds have been drained from internet-connected “hot” wallets.
Tomi Engdahl says:
https://threatpost.com/malicious-npm-discord/180327/
Tomi Engdahl says:
https://www.schneier.com/blog/archives/2022/08/drone-deliveries-into-prisons.html
Mark says:
https://celltrackingapps.com/find-address-with-phone-number/
This article will tell you the different ways in which you can find someone’s address information using the person’s phone number.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/australia-charges-dev-of-imminent-monitor-rat-used-by-domestic-abusers/
Tomi Engdahl says:
“The goal was not personal profit but to send [Houston leaders] a message about spending 1 million tax dollars on something that has no evidence of any effect on crime,” the man told local news reporters.
Someone Made $3,000 Selling 3D-Printed Guns at a Gun Buyback Event
https://www.vice.com/en/article/akee4e/someone-made-dollar3000-selling-3d-printed-guns-at-a-gun-buyback-event?utm_source=vice_facebook&utm_medium=social
Officials say they’re changing the rules after one man made bank at the ‘no questions asked’ event in Houston.
Tomi Engdahl says:
Hackers Use New Tactics To Spread Malware as Microsoft Blocked Macros by Default
https://gbhackers.com/hackers-use-new-tactics-as-microsoft-blocked-macros-by-default/
Tomi Engdahl says:
Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk
To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control.
https://www.darkreading.com/cloud/capital-one-breach-conviction-exposes-scale-of-cloud-entitlement-risk
Tomi Engdahl says:
https://www.schneier.com/blog/archives/2022/08/surveillance-of-your-car.html
Tomi Engdahl says:
https://pentestmag.com/malware-attack-types-with-kill-chain-methodology-demo-video/
Tomi Engdahl says:
https://digitalinvestigator.blogspot.com/2022/08/pe-forensics-dos-and-pe-headers.html
Tomi Engdahl says:
https://blog.malwarebytes.com/awareness/2022/08/how-to-protect-yourself-and-your-kids-against-device-theft/
Tomi Engdahl says:
https://cybersecuritynews.com/3-cyber-security-mistakes/
Tomi Engdahl says:
https://www.itsecurityguru.org/2022/08/02/north-korean-hackers-use-malicious-extensions-on-chromium-based-web-browsers-to-spy-on-user-accounts/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/huge-network-of-11-000-fake-investment-sites-targets-europe/
Tomi Engdahl says:
https://www.cyberciti.biz/security/dns-settings-to-avoid-email-spoofing-and-phishing-for-unused-domain/
Tomi Engdahl says:
https://www.mitnicksecurity.com/blog/does-kevin-mitnick-still-hack
Tomi Engdahl says:
“You Wouldn’t Steal A Movie” Advert May Have Led To More People Stealing Movies
Turns out you would steal a movie.
https://www.iflscience.com/you-wouldnt-steal-a-movie-advert-may-have-led-to-more-people-stealing-movies-64731
Tomi Engdahl says:
Jason Nelson / Decrypt:
An unknown attacker has been emptying Solana and USDC wallets; Solscan says over 15,000 wallets have been affected, draining $4.46M, primarily in SOL and USDC — An unknown attacker drained thousands of wallets containing at least $4 million worth of Solana and USDC late Tuesday night.
Solana, USDC Drained From Wallets in Attack
More than 5,000 wallets have been drained of millions of dollars. Solana’s price plunged within hours.
https://decrypt.co/106590/multiple-wallets-including-sol-and-usdc-drained-in-unfolding-attack
Tomi Engdahl says:
Brian Newar / Cointelegraph:
Hackers drain nearly the entire $190.7M in crypto from the Nomad token bridge, which raised an April 2022 seed from Coinbase, OpenSea, and five other companies
https://cointelegraph.com/news/nomad-token-bridge-drained-of-190m-in-funds-in-security-exploit
Tomi Engdahl says:
Meta sued for violating patient privacy with data tracking tool
Lawsuits allege Meta and US hospitals violated HIPAA
https://www.theverge.com/2022/8/2/23288612/meta-hosptials-sued-patient-privacy-facebook-data-hipaa
Facebook’s parent company Meta and major US hospitals violated medical privacy laws with a tracking tool that sends health information to Facebook, two proposed class-action lawsuits allege.
The lawsuits, filed in the Northern District of California in June and July, focus on the Meta Pixel tracking tool. The tool can be installed on websites to provide analytics on Facebook and Instagram ads. It also collects information about how people click around and input information into those websites.
An investigation by The Markup in early June found that 33 of the top 100 hospitals in the United States use the Meta Pixel on their websites. At seven hospitals, it was installed on password-protected patient portals. The investigation found that the tool was sending information about patient health conditions, doctor appointments, and medication allergies to Facebook.
Tomi Engdahl says:
North Korea-backed hackers have a clever way to read your Gmail
SHARPEXT has slurped up thousands of emails in the past year and keeps getting better.
https://arstechnica.com/information-technology/2022/08/north-korea-backed-hackers-have-a-clever-way-to-read-your-gmail/
Researchers have unearthed never-before-seen malware that hackers from North Korea have been using to surreptitiously read and download email and attachments from infected users’ Gmail and AOL accounts.
The malware, dubbed SHARPEXT by researchers from security firm Volexity, uses clever means to install a browser extension for the Chrome and Edge browsers, Volexity reported in a blog post. The extension can’t be detected by the email services, and since the browser has already been authenticated using any multifactor authentication protections in place, this increasingly popular security measure plays no role in reining in the account compromise.
SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT”
https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
Tomi Engdahl says:
35,000 code repos not hacked—but clones flood GitHub to serve malware
https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/
Thousands of GitHub repositories were copied with their clones altered to include malware, a software engineer discovered today.
While cloning open source repositories is a common development practice and even encouraged among developers, this case involves threat actors creating copies of legitimate projects but tainting these with malicious code to target unsuspecting developers with their malicious clones.
GitHub has purged most of the malicious repositories after receiving the engineer’s report.
Tomi Engdahl says:
STT joutui haittaohjelmalla tehdyn hyökkäyksen kohteeksi – tekijä esittänyt lunnasvaatimuksen https://www.is.fi/digitoday/art-2000008984335.html
Tomi Engdahl says:
Akamai: We stopped record DDoS attack in Europe
A ‘sophisticated, global botnet’ held an Eastern European biz under siege over 30 days
https://www.theregister.com/2022/08/01/ddos_europe_akamai/
Tomi Engdahl says:
https://betanews.com/2022/07/28/linux-malware-reaches-an-all-time-high/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-linux-malware-brute-forces-ssh-servers-to-breach-networks/
Tomi Engdahl says:
https://krebsonsecurity.com/2022/08/no-socks-no-shoes-no-malware-proxy-services/
Tomi Engdahl says:
https://www.whalebone.io/aura/network-security-threat-landscape-q2-2022?utm_content=buffer76e37&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/facebook-ads-push-android-adware-with-7-million-installs-on-google-play/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/microsoft-accounts-targeted-with-new-mfa-bypassing-phishing-kit/
Tomi Engdahl says:
Anonymous iski Kiinaan – ”Taiwan numero yksi!” https://www.is.fi/digitoday/art-2000008984651.html
Attacks on Taiwan websites likely work of Chinese ‘hacktivists’ – researchers
https://www.reuters.com/world/attacks-taiwan-websites-likely-work-chinese-hacktivists-researchers-2022-08-02/
Tomi Engdahl says:
Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google
I got played via the Play store
https://www.theregister.com/2022/08/04/google_wallet_crypto_lawsuit/
Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store.
That was four months before San Francisco-based Phantom Technologies actually released an Android version of its digital wallet. The free Phantom Wallet app that Pearlman downloaded early from Google Play was a fake. And when he connected his actual Phantom wallet to the app, it cost him a small fortune.
“Less than 24 hours after downloading the fake ‘Phantom Wallet’ app from Google Play, Pearlman’s real Phantom wallet was drained of more than $800,000 worth of virtual currencies, including SAMO, USDC, ORCA, and SOL, as well as four additional NFTs,” his attorneys recount in a lawsuit that seeks to recover the stolen funds from Google rather than from the bogus app’s operator.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-remote-code-execution-bug-in-vpn-routers/
Tomi Engdahl says:
STT:n tekstiviestipalvelun asiakkaiden nimet ja puhelinnumerot ovat voineet vuotaa verkkohyökkäyksessä https://www.is.fi/digitoday/art-2000008988285.html
Tomi Engdahl says:
EU-viranomaiset ärähtivät lakiehdotuksesta – ”Altistaa lapset salakuuntelulle” https://www.is.fi/digitoday/tietoturva/art-2000008986663.html