A summary of news and events that happened this week with ransomware, data breaches, the banning of developers’ accounts, etc.
Yellow Pages Canada Alerts of Cyberattack
The Black Basta cyber attack on Yellow Pages Canada shows the continued threat of cyber-attacks and data breaches to businesses and organizations. To combat these dangers, ongoing cybersecurity measures are needed. About 300,000 Yellow Pages Canada subscribers lost personal information, which could lead to identity theft and financial fraud. Yellow Pages Canada swiftly notified authorities, patched the flaw, and added protection to prevent future assaults. The hacker group Black Basta has previously attacked governments, corporations, and other organizations. Law enforcement and cybersecurity experts are monitoring its actions worldwide. Read more.
KuCoin Twitter Account Hacked, Losses $22.6K In Crypto Scam
Hackers broke into KuCoin’s Twitter account and stole money from clients who were deceived into a fake giveaway event. The breach lasted one hour on April 24, 8 AM ET. The attackers posted a fake event on KuCoin’s Twitter account to deceive followers. The exchange promised victims compensation and identified 22 related transactions. KuCoin recommended victims to contact them for support and vowed to improve security to prevent such incidents. Twitter and the exchange are investigating further. Despite the hack, several community members complimented KuCoin for responding fast. Read more.
OTP Codes Synchronized Across Devices
On Monday, Google updated its Authenticator app for (Android and iOS) with an account synchronization feature to back up time-based one-time passwords (TOTPs) to the cloud. The new symbol matches the two-factor authenticator (2FA) app with Apple’s iCloud Keychain and fixes the long-standing criticism that it’s linked to the device it’s installed on, making phone swapping difficult. Google claims they lost access to any service using Authenticator 2FA. Cloud sync is optional in Authenticator. Google accounts can be used to compromise cloud-backed web services. Last week, Swiss privacy company Proton launched Proton Pass, an end-to-end encrypted password manager. Read more.
Exposed Artifacts Seen In Misconfigured Cloud Software Registries
Aqua Nautilus uncovered thousands of poorly configured artifact repositories and container image registries, exposing organizations to major software supply chain attacks. The security business found multiple software artifacts and container images publicly online, jeopardizing Fortune 500 companies and other large worldwide corporations. Artifact management systems and container registries are often connected to the internet and made anonymous for foreign stakeholders to access open-source software. Not generally. Teams “accidentally publish sensitive information to public areas,” and “restricted environments are accidentally shared with anonymous users,” the research said. Read more.
Large 2,200x DDoS Amplification Assault Due To New SLP Flaw
Volumetric denial-of-service attacks may utilize SLP’s high-severity security weakness. Researchers found that compromised instances might launch 2200-time DoS attacks. CVE-2023-29552 (CVSS 8.6) impacts 2,000 global enterprises and 54,000 internet-accessible SLP instances. SLP helps PCs and other devices identify local area network services like printers, file servers, and others. CVE-2023-29552 can be exploited to flood a target server with false traffic from susceptible SLP instances. An attacker only needs to discover an SLP server on UDP port 427, register services until SLP blocks new entries, and frequently spoof requests to that service using a victim’s IP. This attack multiplies DoS attacks by 2,200. Disable SLP on internet-connected systems or block UDP and TCP port 427 traffic to avoid risk. Read more.
VMware Resolves Crucial Pwn2Own Zero-Day Exploit Chain
VMware Workstation and Fusion upgrades have fixed various security holes, including one that might allow a local attacker to execute malware. CVE-2023-20869 (CVSS score: 9.3) is a stack-based buffer overflow issue when virtual machines use host Bluetooth devices. The company stated a hostile actor with local administrative rights on a virtual machine may exploit this flaw to run apps as the host’s VMX process. VMware corrected another out-of-bounds read problem (CVE-2023-20870, CVSS score: 7.1). A local admin-level attacker may have read sensitive hypervisor memory from a virtual machine. Last month, STAR Labs won $80,000 by exploiting both vulnerabilities on the third day of Pwn2Own in Vancouver. Read more.
RCE Attacks Against Thousands Of Apache Superset Servers
Apache Superset’s open-source data visualization maintainers corrected a default setting that might allow remote code execution. Superset instances that changed the SECRET_KEY config default to a cryptographically secure random string are unaffected. An attacker possessing the secret key can fake a session cookie and log in as an administrator to control these systems. 2,124 default keys were identified in 3,176 instances of these four keys in February 2023. Small enterprises, governments, and universities are affected. After a second responsible disclosure to the Apache security team, version 2.1 was made available to prevent the server from starting up with the default SECRET_KEY. Read more.
Google Goes After CryptBot Distributors Stealing Sensitive Data
Google sued the Glupteba botnet, which has infected over one million Windows machines since 2011, in December 2021. Despite the botnet’s resumption, Google’s Threat Analysis Group (TAG) reported a 78% decline in Glupteba infections in November 2022. Google’s lawsuit against CryptBot malware distributors advances cybercrime prevention. Google protects internet users by suing botnet operators and malware distributors. Google said it will continue this mission. Thus, Google protects individuals and businesses from cyberattacks. Users must also protect themselves against malware. Read more.
Microsoft Admits PaperCut Servers Used In LockBit and Cl0p Ransomware
Microsoft acknowledged that LockBit and Cl0p malware attacked PaperCut servers. The attack on popular print management software PaperCut shows that any software can be abused. Microsoft’s analysis revealed PaperCut server flaws, which the attackers exploited. Microsoft customers were likely affected by the hack. Microsoft has mitigated the damage and prevented future assaults. PaperCut recognised the flaw and responded to the attack. The attack’s wider cybersecurity impacts are significant. All parties must implement robust security standards, constantly update software, and support employee cybersecurity training to prevent such attacks. Read more.
CommScope Workers Left In The Dark After A Ransomware Attack
CommScope employees say they haven’t heard from executives in over a week about the company’s response to a ransomware attack that took corporate and employee data. The IT giant, which designs and deploys network infrastructure products for corporations, hospitals, schools, and federal networks, revealed a March 27 ransomware attack after some of its stolen files appeared online. Vice Society, a ransomware organization, claimed responsibility by posting the company’s stolen data to its dark web leak site. Vice Society demands ransom by revealing internal files. Technical drawings, company databases, invoicing, and spending were taken. Read more.
35M Downloads Of Android Minecraft Clones
38 Google Play Minecraft imitation apps infected devices with the Android adware “HiddenAds” to discreetly load ads for profit. Many game publishers have tried to copy Minecraft, a sandbox game with 140 million monthly active users. Adware-laden Minecraft-like games were downloaded by 35 million Android users in the US, Canada, South Korea, and Brazil. Consumers played the games without detecting the hazardous adware activity. Loading many ads may cause overheating, network traffic, and battery consumption, which the game may be blamed for. Adware was identified by the App Defense Alliance’s McAfee Mobile Research Team. Read more.
Google Bans And Deletes 173K Bad Accounts
2022 Google Play Store banned 173,000 developer accounts. Bad Android apps promote malware and fraud. The company’s annual malicious app report confirmed. Google blocked 1.5 million store policy-violating apps. Google’s security team cited investments in machine learning, application assessment, and new security features and policy changes. Google Play Commerce blocked US$2 million (R$ 9.9 million) in “fraudulent and abusive” transactions. To avoid difficulties, the company tightened Play Store developer requirements. Phone and email identification verification. SDKs increase the “privacy posture” of approved Android market apps. Google blocked 1.5 million malicious apps. Google said we must partner with developers to give them the tools, knowledge, and guidance to build secure, trustworthy apps that respect user data privacy. Read more.
50 Crypto Wallets Targeted
Joining MacStealer, threat actors sell Atomic macOS Stealer (AMOS) on Telegram for $1,000 monthly. Cyble researchers revealed that the Atomic macOS Stealer can steal Keychain passwords, system data, desktop and document files, and the macOS password. It collects data from Atomic, Binance, Coinomi, Electrum, and Exodus wallets and online browsers. Threat actors that buy the stealer from the creators get a victim control web panel. Setup.dmg, an unsigned disk image file, encourages victims to input their system password to escalate access and harm. MacStealer uses it. Users may have been tricked into downloading and running the malware. VirusTotal detected the Atomic stealer artifact as “Notion-7.0.6.dmg” on April 24, 2023, indicating it is being spread as the popular note-taking software. Read more.
Severe Flaws In Illumina DNA Sequencing
The Illumina Universal Copy Service (UCS) used for DNA sequencing in hospitals and labs worldwide has two vulnerabilities. FDA and CISA urgent advisory. Yesterday’s CISA warning cautions that an unauthenticated malicious actor could remotely upload and execute operating system code. allowing an attacker to change product settings, configurations, software, or sensitive data. California-based Illumina makes powerful bioanalysis and DNA sequencing equipment. 140 countries use the company’s DNA sequencing equipment. On April 5, 2023, the FDA ordered Illumina to notify affected customers to check their instruments and medical devices for vulnerability exploitation. Read more.
