In edition No. 147 of Internet Security Week , Uber suffers a new data leak, fake ransomware, malware using a Microsoft certificate, a new Google tool that searches for vulnerabilities in open software and much more.
News
Phishing attack uses Facebook posts to bypass email security
A new phishing campaign uses Facebook posts as part of its attack chain to trick users into providing their account credentials and personally identifiable information.
By Bill Toulas in Bleeping Computer
Uber suffers new leak with employee data
The information was published this weekend on a cybercriminal forum on the surface of the web and includes reports, financial data, details of the Information Technology (IT) infrastructure and even records of destroyed documents and source codes related to the transport application and also to Uber Eats, for delivery.
By Felipe Demartini on Canaltech
More than 85% of attacks are hidden in encrypted channels
The vast majority of cyberattacks last year used Transport Layer Security/Secure Sockets Layer (TLS/SSL) encryption to hide from systems and security teams, according to a new report from Zscaler. The cybersecurity systems provider analyzed 24 billion blocked threats during the period from October 2021 to September this year to compile its new report, titled “State of Encrypted Attacks 2022.”
In CISO Advisor
CryWiper: the fake ransomware
The new CryWiper malware irreversibly corrupts files that pose as ransomware. At first glance, this malware looks like ransomware: it modifies files, adds an additional extension to them and saves a README.txt file with a ransom note, which contains the bitcoin wallet address, contact email address of the malware creators and the infection ID.
In Kaspersky Daily
Infinite mint attack: what it is and how it can affect the value of a token
This type of attack occurs when cybercriminals manage to compromise the blockchain, exploiting vulnerabilities that allow a large number of tokens to be minted in order to cause a drop in the price of the affected crypto asset.
At We Live Security
Hackers leak allegedly stolen personal information of 5.7 million Gemini users
Crypto exchange Gemini announced this week that customers were targeted by phishing campaigns after a threat actor collected their personal information from a third-party vendor.
By Ionut Ilascu in Bleeping Computer
Data from 623,000 patients from the second largest hospital network in the USA is exposed
The data of 623,000 patients and companions, who passed through the American network of hospitals and healthcare units CommonSpiritHealth, were accessed by cybercriminals. The exposure is the result of an attack recorded in October this year, which also caused interruptions in electronic service and unavailability in the technology systems of hundreds of network installations.
By Felipe Demartini on Canaltech
Malware hides using Microsoft certificate
A report was published stating that malicious code was found in drivers signed with legitimate digital certificates issued by Microsoft. The discovery began after an attempted ransomware attack in which cybercriminals used a Windows Hardware Compatibility Publisher certified driver.
In CISO Advisor
The antidote to operational technology conservatism
All information about protecting and updating OT infrastructure, with a general summary of why antivirus may be “dead”.
By Eugene Kaspersky in Kaspersky Daily
Fantasy: new wiper from the Agrius group propagated in attack on the supply chain
ESET's research team analyzed a supply chain attack that took advantage of Israeli software to deploy Fantasy, a wiper-type malware that targeted, among other victims, the diamond industry.
By Adam Burgher in We Live Security
Tool
Google launches tool that searches for vulnerabilities in open software
- The OSV Scanner helps identify which elements need updating, as well as those that require attention because they bring weaknesses to your programming.
- Free
Are you not yet subscribed to our newsletter to receive this content weekly by email? Then sign up using the link below:
https://br.lumiun.com/semana-da-seguranca-na-internet
Share the link with your colleagues and friends.
