internet safety week

Internet Security Week – Edition No. 147

In edition No. 147 of Internet Security Week , Uber suffers a new data leak, fake ransomware, malware using a Microsoft certificate, a new Google tool that searches for vulnerabilities in open software and much more.


News

Phishing attack uses Facebook posts to bypass email security

A new phishing campaign uses Facebook posts as part of its attack chain to trick users into providing their account credentials and personally identifiable information.

By Bill Toulas in Bleeping Computer

Uber suffers new leak with employee data

The information was published this weekend on a cybercriminal forum on the surface of the web and includes reports, financial data, details of the Information Technology (IT) infrastructure and even records of destroyed documents and source codes related to the transport application and also to Uber Eats, for delivery.

By Felipe Demartini on Canaltech

More than 85% of attacks are hidden in encrypted channels

The vast majority of cyberattacks last year used Transport Layer Security/Secure Sockets Layer (TLS/SSL) encryption to hide from systems and security teams, according to a new report from Zscaler. The cybersecurity systems provider analyzed 24 billion blocked threats during the period from October 2021 to September this year to compile its new report, titled “State of Encrypted Attacks 2022.”

In CISO Advisor

CryWiper: the fake ransomware

The new CryWiper malware irreversibly corrupts files that pose as ransomware. At first glance, this malware looks like ransomware: it modifies files, adds an additional extension to them and saves a README.txt file with a ransom note, which contains the bitcoin wallet address, contact email address of the malware creators and the infection ID.

In Kaspersky Daily

Infinite mint attack: what it is and how it can affect the value of a token

This type of attack occurs when cybercriminals manage to compromise the blockchain, exploiting vulnerabilities that allow a large number of tokens to be minted in order to cause a drop in the price of the affected crypto asset.

At We Live Security

Hackers leak allegedly stolen personal information of 5.7 million Gemini users

Crypto exchange Gemini announced this week that customers were targeted by phishing campaigns after a threat actor collected their personal information from a third-party vendor.

By Ionut Ilascu in Bleeping Computer

Data from 623,000 patients from the second largest hospital network in the USA is exposed

The data of 623,000 patients and companions, who passed through the American network of hospitals and healthcare units CommonSpiritHealth, were accessed by cybercriminals. The exposure is the result of an attack recorded in October this year, which also caused interruptions in electronic service and unavailability in the technology systems of hundreds of network installations.

By Felipe Demartini on Canaltech

Malware hides using Microsoft certificate

A report was published stating that malicious code was found in drivers signed with legitimate digital certificates issued by Microsoft. The discovery began after an attempted ransomware attack in which cybercriminals used a Windows Hardware Compatibility Publisher certified driver.

In CISO Advisor

The antidote to operational technology conservatism

All information about protecting and updating OT infrastructure, with a general summary of why antivirus may be “dead”.

By Eugene Kaspersky in Kaspersky Daily

Fantasy: new wiper from the Agrius group propagated in attack on the supply chain

ESET's research team analyzed a supply chain attack that took advantage of Israeli software to deploy Fantasy, a wiper-type malware that targeted, among other victims, the diamond industry.

By Adam Burgher in We Live Security


Tool

Google launches tool that searches for vulnerabilities in open software

  • The OSV Scanner helps identify which elements need updating, as well as those that require attention because they bring weaknesses to your programming.
  • Free

Are you not yet subscribed to our newsletter to receive this content weekly by email? Then sign up using the link below:

https://br.lumiun.com/semana-da-seguranca-na-internet

Share the link with your colleagues and friends.

Lumiun DNS Free Trial
Related Posts