In Edition No. 147 of Internet Security Week , Uber suffers new data leakage, fake ransomware, malware using Microsoft certificate, a new Google tool that seeks vulnerabilities in open software and more.
News
Phishing attack uses Facebook posts to circumvent email security
A new Phishing campaign uses Facebook posts as part of your attack chain to induce users to provide their account credentials and personal identification information.
By Bill Toulas in Bleeping Computer
Uber suffers new leakage with employee data
The information was published this weekend in a cybercriminal forum on the web surface and include reports, financial data, details of the Information Technology (IT) infrastructure and even destroyed document records and transport codes related to the transport application and also Delivery's Uber Eats.
By Felipe Demartini in Canaltech
More than 85% of attacks are hidden in encrypted channels
The vast majority of cyber attacks last year used TLS/SSL (Transport Layer Security/Secure Sockets Layer) encryption to hide from safety systems and teams, according to a new Zscaler report. Cyber security systems supplier analyzed 24 billion threats blocked during October 2021 to September this year to compile its new report, entitled “State of Encrypted Attacks 2022.
In Ciso Advisor
Crywiper: Fake Ransomware
The new Crywiper malware corrupts files that irreversibly appear. At first glance, this malware looks like ransomware: it modifies files, adds an additional extension to them and saves a readme.txt file with a redemption note that contains the Bitcoin wallet address, malware creator contact email and infection ID.
In Kaspersky Daily
Infinite Mint attack: what it is and how it can affect the value of a token
This type of attack occurs when cybercriminals can compromise blockchain, exploring vulnerabilities that allow a large amount of tokens to be coined in order to cause a drop in the price of the affected crypto.
In We Live Security
Hackers leaks personal information allegedly stolen from 5.7 million Gemini users
Exchange Crypto Gemini announced this week that customers were the target of phishing campaigns after a threat agent collected their personal information from an outsourced supplier.
By ionut ilasu in bleeding computer
Data from 623,000 patients from the second largest hospital network in the USA are exposed
Data from 623,000 patients and caregivers, who passed the Hospitals and American Health Units Commonspirithealth, were accessed by cybercriminals. The exhibition is due to an attack recorded in October this year, which also caused interruptions in electronic care and unavailability in the technology systems of hundreds of network facilities.
By Felipe Demartini in Canaltech
Malware hides using Microsoft certificate
A report was published informing that it has located malicious code in drivers signed with legitimate digital certificates issued by Microsoft. The discovery began after an attempted ransomware attack in which cybercriminals used a Windows Hardware Certificate Driver Compatibility Publisher.
In Ciso Advisor
The antidote for the conservatism of operational technology
All information on the protection and updating of OT infrastructure, with a general summary of why antivirus can be "dead".
By Eugene Kaspersky in Kaspersky Daily
Fantasy: New Group Wiper Surveyed in attack on the supply chain
Eset's research team analyzed an attack on the supply chain that took advantage of Israeli software to deploy Fantasy, Wiper -type malware, among other victims, the diamond industry.
By Adam Burgher in We Live Security
Tool
Google launches tool that seeks vulnerabilities in open software
- The Scanner OSV helps identify which elements need update, as well as those who need attention by bringing weaknesses in their programming.
- Free
Are you not yet registered on our newsletter to receive this content weekly in the email? Then subscribe through the link below:
https://br.lumiun.com/semana-da-eguranca-na-internet
Share the link with your colleagues and friends.
