Hackerzhome

hackerzhome-logo-bg

Malicious apps targeting banks and crypto wallets – Top 10 Cybersecurity news 31/10/22

Cyber security news

Introduction

Hey guys, welcome back to the top 10 Cyber Security News. The Hackers are being so cruel with their strategies, they are using malicious apps targeting Banks and Crypto wallets. Data breaches and vulnerabilities are the main focus of this article.

Top 10 Cybersecurity News of the day:

1. Twilio experience a data breach.

  • Twilio, a customer engagement platform experienced a data breach for the second time under the same threat groups. This leads them to unauthorized access to customer information.
  • The hackers use vishing methods to get their credentials. Twilio said that the attack was identified and baffled within 12 hours.
  • This was impacted on August 24 and gained access to 209 customers. Twilio added that there was no evidence that the threat actors accessed authentication tokens, API keys, and, account credentials.

2. Researchers found a new technique that was used by a hacker.

  • Danfaun, a new backdoor has been attached to hacking organizations that would target employees with corporate transactions.
  • A software named Geppei dropper is used to spread this malware. This dropper helps in installing a new backdoor and another tool for reading internet information services.
  • The threat actors behind this are Cranefly, an espionage actor.

3. Google released a patch for a zero-day vulnerability.

  • Google had released an emergency fix to a vulnerability in the chrome web browser. This flaw was named CVE-2022-3723.
  • This is the 7th zero-day vulnerability found this year. On October 5 the internet giant was informed about the vulnerability.

4. Thomson Reuters leaked 3 of its databases.

  • 3 of the Thomson Reuters databases were publicly accessible which leads them to leak more than 3TB of the customer and corporate data.
  • The leaked data contains customers’ sensitive information to date. The data stolen from this company can be used for supply chain attacks.
  • The company fixed the issues as soon as they came to light.  

5. Bed bath & beyond was under data breach.

  • Bed bath& beyond is a retail store that faced a data breach through a phishing scam by accessing the hard drives of one of the employees.
  • The researcher was analyzing whether they got any sensitive data in the hard drive. They believe that no sensitive information was accessed.

6. A new security update in ConnectWise to patch rce vulnerability.

  • ConnectWise, an It company released an update to fix vulnerabilities in ConnectWise Recover andR1Soft neutralization.
  • The analyst said that this vulnerability could cause to execution of code remotely or to access confidential data.
  • The users are advised to update it to the newer version.

7. Aurubis, a copper producer suffers cyber-attacks.

  • German copper producer aurubis said that it was under a cyber-attack that made them shut down its IT infrastructure.  
  • It’s Europe’s largest copper producer and the second largest in the world. They say that they could still able to maintain production.
  • The incoming and outgoing goods are maintained manually.

8. Juniper network had a high-severity vulnerability

  • Juniper network announced that its Junos OS was affected by many vulnerabilities that could lead to unauthorized local file access, path injection, traversal, and cross-site scripting attack.
  • CVE-2022-22241 vulnerability was the most severe one with a CVSS score of 8.1. it is a remote pre-authenticated PHP archive file deserialization vulnerability.

9. Threat groups use clop ransomware to encrypt the network.

  • Researchers said that the vulnerability tracked as DEV-0950 used clop ransomware to encrypt previously infected victims’ networks with Raspberry Robin worm.
  • Threat groups use Raspberry robin on the compromised device to execute the second-stage payload.
  • They found this worm on September 19, 2022, on IcedID and later at other victims.

10.  Malicious Dropper apps targeting banks and crypto wallets.

5 malicious dropper apps were found in the play store targeting Banks and Crypto wallets using trojans like sharkbot and vultur.

Here is the list of malicious dropper apps:

  • Codice Fiscale 2022 
  • File Manager Small, Lite
  • My Finances Tracker 
  • Recover Audio, Images & Videos
  • Zetter Authenticator 

Targets aim for nearly 231 banking and cryptocurrency apps from financial institutions in the U.K, Germany, Italy, Poland, Austria, France, and the Netherlands.  

Conclusion

That’s it, these are the top 10 Cyber Security news you must be aware of. Look at the list of top 10 Cyber Security news and wait for them to get updated daily. Therefore, stay tuned until the next article see you, folks.

Share this post
WhatsApp
Telegram
Facebook
Twitter
LinkedIn
Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.

Leave a Reply

Your email address will not be published. Required fields are marked *

Join Our Community

Table of Contents

weekly trending

SUBSCRIBE VIA EMAIL

Related Articles