Overview of security incidents from 28 August to 3 September 2021
New vulnerabilities in Microsoft Azure and the Bluetooth protocol, cyberattacks on cryptocurrency exchanges Bilaxy and Cream Finance, innovative hacking techniques and data leaks
Microsoft has warned its customers, including the world’s largest companies, about the vulnerability found in the Azure cloud platform. Thanks to it, attackers could view, modify and delete confidential databases.
The problem stems from a series of code errors that allowed an attacker to gain access to the service architecture.
A team of scientists from the Singapore University of Technology and Design has disclosed details of more than a dozen vulnerabilities in the Bluetooth Classic [BR / EDR] protocol that can be used to perform a variety of malicious actions, from initiating device malfunctions to executing arbitrary code and taking control of a vulnerable system.
The vulnerabilities, collectively known as BrakTooth, affect SoCs from a number of manufacturers, including Intel, Qualcomm, Texas Instruments, Infineon (Cypress), and Silicon Labs.
This week, two cryptocurrency platforms were subjected to cyberattacks at once – Bilax and Cream Finance. In the first case, hackers hacked into a number of wallets in which cryptocurrency was stored in the amount of approximately $ 450 million, and in the second, the attacker managed to steal 418 million Flexa Network (AMP) tokens and 1,308 ETH for a total amount of over $ 18 million.
Cryptocurrency exchange Coinbase has caused panic among its customers by accidentally sending 125,000 users erroneous notifications about changes in two-factor authentication settings. As a result, some users rushed to sell cryptocurrency, suspecting a hack.
LockBit ransomware has released more than 200 GB of data allegedly stolen from one of Thailand’s largest airlines, Bangkok Airways after it refused to pay the ransom. The company acknowledged the data breach and said that the stolen information could include personal data of some customers, including names, phone numbers, email addresses and partially credit card information.
Due to an error in the Francetest website for transmitting test results for COVID-19, the personal data of 700 thousand French people were in the public domain. The leaked information also included last names, first names, dates of birth, addresses, phone numbers, social security numbers and email addresses.
Operators of the Phorpiex malware shut down the botnet and put its source code up for sale on one of the cybercriminal forums for $ 9,000.
As indicated in the seller’s message, the reason for the sale is that none of the original authors of the malicious code is participating in the project anymore.
Cybercriminals are tirelessly developing new methods of earning money from malware. In particular, according to the specialists of the Cisco Talos team, a tactic that involves the use of proxyware – legitimate services that allows users to share part of their Internet connection for other devices – has recently become popular on the Internet.
According to experts, proxyware is used for malicious purposes in the same way as legitimate cryptocurrency mining software. Hackers are trying to secretly install software on the victim’s device and hide his presence.
Hackers have developed a method for placing and storing malicious code in the memory of a video card, which makes it possible to avoid its detection by antiviruses. How exactly the exploit works is not yet clear. The hacker who developed it only said that it allows you to put malware in video memory, and then execute the code directly from there. He also added that the exploit only works with Windows operating systems that support the OpenCL framework version 2.0 and higher.
The computer systems of two UK VoIP operators went down due to DDoS attacks. Voip Unlimited reported that the ransomware demanded a “colossal ransom”. According to company representatives, the attack was carried out by the cybercriminal group REvil. The exact amount of the ransom was not disclosed.
Cybersecurity experts warned of an increase in the number of scans and attempts to exploit a recently discovered vulnerability (CVE-2021-26084) on corporate servers with the Atlassian Confluence wiki engine installed. Given the popularity of Confluence software and the ease of use of CVE-2021-26084, experts expect the number of attacks using this problem to increase significantly in the coming days.
A notorious attack on the SolarWinds supply chain, in which hackers spread malware through the SolarWinds Orion platform, also affected 3D design and graphics solutions company Autodesk. Attackers infected one of the Autodesk servers with Sunburst malware (Solorigate). The compromised server was discovered on December 13, 2020, and immediately isolated from the network, according to an Autodesk spokesperson. The analysis showed that the server contained only a backdoor, no other malware was found.
Catch up on more articles here
Follow us on Twitter here