Websites for more than a dozen US airports were temporarily brought offline by cyberattacks on Monday morning, including LaGuardia airport in New York City. The hack has been attributed to a group known as Killnet, Russian hacktivists who support the Kremlin but are not thought to directly be government actors. The attacks did not affect air traffic control, internal airport communication, or other key operations.
ISBuzz Team
It has been reported that Singtel has confirmed that another Australian business it owns, consulting unit Dialog, has fallen victim to a cyber burglary just weeks after the mammoth data leak at telco Optus was revealed.
It has been reported that in the second $100 million DeFi hack this week, Mango Markets was drained of $100 million in funds due to an exploit. Mango Markets tweeted Tuesday evening that a hacker was able to empty funds from Mango via an oracle price manipulation. Only last Thursday,$100 million was stolen from the Binance Smart Chain, another DeFi protocol. The full story can be found here: https://decrypt.co/111727/solana-defi-trading-platform-mango-markets-loses-100m-in-hack
Just weeks after Optus disclosed that the data of 10 million users had been exposed in a data breach, its parent company, Singtel, is coping with two of its own data intrusions, according to The Guardian. Singtel acknowledged that information taken from Singtel in a 2020 cyber-attack appeared in a post on a data breach forum on Friday. The guy who threatened to publish Optus’s stolen data there last month was a member of the same community. Singtel said that Accellion FTA, a file transfer program it utilized, has a zero-day vulnerability that had been used by hackers in late 2020…
Kaspersky has discovered a new wave of malicious email activity which spreads the dangerous malware Qbot, targeting corporate users and stealing sensitive data from networks. After initially dying down earlier this year the second wave of attacks has taken place and now over 1,500 users have been affected since 28th September – with the number still rising.
The UK Government put forward legislation that would require those that work in the telecoms industry, MSPs included to enhance their security operations. Now that the legislation is active telecoms professionals and those that service these businesses will need to act now to remain compliant.
Hackers have reportedly stolen 2 million Binance Coins (BNB), worth $566 million, from the Binance Bridge. Details are scant at the moment, but the attack appears to have started at 2:30 PM EST today, with the attacker’s wallet receiving two transactions, each consisting of 1,000,000 BNB. Soon after the hacker began spreading some of the funds across a variety of liquidity pools, attempting to transfer the BNB into other assets. Binance acknowledged the security incident at 6:19 PM EST and paused the BNB Smart Chain while they investigated the incident. More information: https://www.bleepingcomputer.com/news/security/hacker-steals-566-million-worth-of-crypto-from-binance-bridge/
Code security company SonarSource has published details on a severe vulnerability impacting Packagist, which could have been abused to mount supply chain attacks targeting the PHP community. Packagist is the default repository for PHP dependency manager Composer, aggregating public PHP packages that can be installed using Composer. Each month, Composer is used to download more than 2 billion packages. According to Sonar’s security researchers, the recently identified vulnerability could have been used to hijack over 100 million requests to distribute malicious dependencies, leading to the potential compromise of millions of servers. More information: https://www.securityweek.com/critical-packagist-vulnerability-could-have-allowed-php-supply-chain-attack
It has been reported that Gardai and government ministers have warned businesses to prepare for potential ransomware attacks, saying that the number of attacks targetting small and medium businesses has increased. The government and Gardai launched a joint awareness campaign on Tuesday for October’s European Cyber Security Month. Along with ransomware, the campaign will be warning vulnerable people such as the elderly to be aware of phishing scams, where a message or a link asks for someone’s personal details. Full story: https://www.waterfordlive.ie/news/national-news/929162/cyber-attacks-move-from-big-targets-to-smes-government-warns.html
A report has found that domains registered for fake promotions have increased by 335% in the past year. Victims are being scammed via phoney youtube streams featuring celebrities that encourage people to invest in fraudulent schemes.