Cybersecurity News
A Cybersecurity briefing on noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news.
Noteworthy Cyber Attacks Reported
McGraw Hill's S3 buckets exposed 100,000 students' grades and personal info. Another example of a Cyber Breach, this one affecting 100,000 students, due to a Cloud network misconfiguration... This is why strict change management, audits and assessments are so important! https://www.theregister.com/2022/12/20/mcgraw_hills_s3_buckets_exposed/
Over the weekend, an infamous hacker known as Jason Brubeck succeeded in stealing approximately 850 ETH ($1+ million) worth of Bored Ape collection, leaving his victim completely devastated. The news was first broken by @serpent, who had been able to trace and identify the suspect’s activity with impressive precision through phishing tactics. Such egregious fraudulence is a stark reminder of how important it is for all users to remain vigilant when trading digital assets online. https://www.cryptopolitan.com/infamous-hacker-steals-14-baycs/
Noteworthy Vulnerabilities / Threats Discovered
The Royal ransomware group was first discovered in early 2022. At the time, it utilized third-party ransomware, such as BlackCat and custom Zeon ransomware. Since September 2022, the group has started to use its own ransomware. In November 2022, Royal ransomware was reported to be the most prolific ransomware in the e-crime landscape, overtaking Lockbit for the first time in more than a year. The ransomware leverages sophisticated encryption techniques to evade detection and defense platforms. https://www.cybereason.com/blog/royal-ransomware-analysis
Researchers spotted a malicious package in the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne. https://securityaffairs.co/wordpress/139831/cyber-crime/malicious-pypi-package-sentinelone-sdk.html
CISA released six Industrial Control Systems (ICS) advisories on December 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. https://www.cisa.gov/uscert/ncas/current-activity/2022/12/20/cisa-releases-six-industrial-control-systems-advisories
Noteworthy InfoSec News
In a strategy to help track repeat offenders that fail to protect customer and employee data, the UK Information Commissioner’s Office (ICO) has taken an unusual step of publishing details of personal data breaches, complaints and civil investigations on its website. The data is published from 2021 onwards, includes the organization’s name and sector, the relevant legislation and the type of issues involved, the date of completion and the outcome. https://www.infosecurity-magazine.com/news/uk-privacy-regulator-names-and/
Check our Twitter and Discord Server for more information:
If you missed the last rundown, check it out here:
