Internet Security Week

Internet Safety Week – Issue No. 147

December 19, 2022

3-minute read

In issue #147 of Internet Security Week , Uber suffers another data breach, fake ransomware, malware using a Microsoft certificate, a new Google tool that searches for vulnerabilities in open-source software, and much more.

News

Phishing attack uses Facebook posts to bypass email security

A new phishing campaign uses Facebook posts as part of its attack chain to trick users into providing their account credentials and personally identifiable information.

By Bill Toulas on Bleeping Computer

Uber suffers another data breach involving employees

The information was published this weekend on a cybercriminal forum on the surface web and includes reports, financial data, details of the Information Technology (IT) infrastructure, and even records of destroyed documents and source codes related to the transportation app and also to Uber Eats, the delivery service.

By Felipe Demartini on Canaltech

Over 85% of attacks remain hidden in encrypted channels

The vast majority of cyberattacks last year used TLS/SSL (Transport Layer Security/Secure Sockets Layer) encryption to hide from security systems and teams, according to a new report from Zscaler. The cybersecurity systems provider analyzed 24 billion blocked threats during the period from October 2021 to September of this year to compile its new report, titled “State of Encrypted Attacks 2022.”.

In CISO Advisor

CryWiper: the fake ransomware

The new CryWiper malware corrupts files, posing as ransomware in an irreversible way. At first glance, this malware looks like ransomware: it modifies files, adds an additional extension to them, and saves a README.txt file with a ransom note, which contains the bitcoin wallet address, the contact email address of the malware creators, and the infection ID.

In Kaspersky Daily

Infinite Mint Attack: What it is and how it can affect the value of a token

This type of attack occurs when cybercriminals manage to compromise the blockchain, exploiting vulnerabilities that allow them to mint a large number of tokens in order to cause a drop in the price of the affected cryptocurrency.

In We Live Security

Hackers leak personal information allegedly stolen from 5.7 million Gemini users

Crypto exchange Gemini announced this week that customers were targeted by phishing campaigns after a threat actor collected their personal information from a third-party provider.

By Ionut Ilascu in Bleeping Computer

Data from 623,000 patients at the second-largest hospital network in the U.S. are exposed

The data of 623,000 patients and their companions who passed through the American network of hospitals and healthcare units CommonSpiritHealth were accessed by cybercriminals. The exposure stems from an attack registered in October of this year, which also caused interruptions in electronic services and unavailability of technology systems in hundreds of network facilities.

By Felipe Demartini on Canaltech

Malware hides itself using a Microsoft certificate

A report has been published stating that malicious code has been found in drivers signed with legitimate digital certificates issued by Microsoft. The discovery began after a ransomware attack attempt in which cybercriminals used a driver with a Windows Hardware Compatibility Publisher certificate.

In CISO Advisor

The antidote to operational technology conservatism

All the information about protecting and updating your OT infrastructure, with a general overview of why your antivirus might be "dead".

By Eugene Kaspersky in Kaspersky Daily

Fantasy: Agrius Group's new wiper spreads in an attack on the supply chain

ESET's research team analyzed a supply chain attack that exploited Israeli software to deploy Fantasy, a wiper-type malware that targeted, among other victims, the diamond industry.

By Adam Burgher in We Live Security