Introduction:
Welcome back to the new set of cyber security news! Today’s (06-11-22) top 5 news includes information about phishing attacks on Twitter verified accounts, malicious python packages, etc. Read the news and share your thoughts about today’s cybersecurity news in the comment section.
Top cyber security news:
1. 29 malicious PyPI packages that targeted developers with W4SP Stealer were discovered by researchers.
29 packages that try to infect developers’ computers with malware known as W4SP Stealer have been discovered by cybersecurity experts in Python Package Index (PyPI), the main third-party software repository for the Python programming language.
According to a report released this week by software supply chain security firm Phylum, “the major attack seems to have started about October 12, 2022, slowly gaining up steam to a concerted effort around October 22.”
The following packages are included on the list: shaasigma, typesutil, Iao, pyurllib, typestring, sutiltype, duonet, fatnoob, strinfer, felpesviadinho, pydprotect, incrivelsim, twyne, pyptext , faq, colorwin, requests-httpx, colorsama, stringe, installpy , cypress, pystyte, pyslyte, pystyle, algorithmic, oiu, curlapi, type-color, and pyhints.
More than 5,700 people have downloaded the packages as a whole, with several libraries (such as twyne and colorsama) using typosquatting to deceive unwary users into doing so.
By including a malicious import line in the packages’ “setup.py” script to start a piece of Python code that gets the malware from a remote server, the fraudulent modules repurpose already-existing respectable libraries.
2. Return of the Robin Banks phishing service to steal banking accounts
A Russian internet corporation is hosting the infrastructure for the Robin Banks phishing-as-a-service (PaaS) platform, which offers defense against distributed denial-of-service (DDoS) attacks.
When IronNet researchers revealed Robin Banks’ platform as an extremely dangerous phishing service targeting Citibank, Bank of America, PNC, Wells Fargo, U.S. Bank, Santander, Capital One, Lloyds Bank, and the Commonwealth Bank in July 2022, Robin Banks experienced operational difficulty.
Cybercriminals paying a subscription to use the PaaS platform unexpectedly stopped their ongoing phishing attempts when Cloudflare automatically blacklisted the frontend and backend of the site.
The proprietors of Robin Bank went to DDoS-Guard, a Russian internet service company with a lengthy history of contentious business dealings; among its clients were Hamas, Parler, HKLeaks, and, more recently, Kiwi Farms, to get their service back online.
Did you know? 16700 credit cards were stolen by pos malware, last week
3. Microsoft Issues Warning Regarding Increase in Hackers Using Openly Disclosed Zero-Day Vulnerabilities
Microsoft warns about a rise in the nation-states and criminal actors using publicly known zero-day vulnerabilities more and more to infiltrate target environments.
Additionally, this supports U.S. advice from April 2022. The researcher discovered that malicious actors are “aggressively” pursuing broad targets around the world using recently discovered software defects.
Microsoft stated that while initial zero-day attacks are typically limited in scope, they tend to be quickly adopted by other threat actors, leading to indiscriminate probing events before the patches are installed. After a defect has been made public, an exploit may usually be found in the wild within 14 days.
The Cyberspace Administration of China (CAC) implemented a new vulnerability reporting legislation in September 2021 that mandates that security defects be disclosed to the government before being shared with the product developers, which has made the situation worse.
4. Phishing emails target verified accounts as Twitter introduces an $8 cost.
Elon Musk took control of Twitter earlier this week and revealed ideas for a new authentication system. Twitter initially suggested starting to charge verified users a $20 monthly fee as part of this assessment. Musk later said that the cost would be reduced to $8.
Paid users are anticipated to receive “priority in answers, mentions & search,” fewer advertisements, and the ability to publish longer multimedia material in addition to earning a blue tick after successful verification.
In response to Musk’s remarks, It was noticed that threat actors were now launching novel phishing attempts that targeted verified accounts.
These emails came from the hosts of compromised websites and blogs, which may, for instance, be hosting outdated WordPress versions or using unpatched, vulnerable plugins.
The user is directed to a phishing website after clicking the link, where threat actors are abusing Musk’s announcement of an $8 monthly fee.
These emails, like many phishing ones, present a false feeling of urgency by warning recipients that failure to sign into their Twitter accounts may result in “suspension.”
Must Know: How to report phishing emails
5. Blocking Windows 11 22H2 on Xbox Game Bar Capture-equipped systems
Due to difficulties with the Xbox Game Bar Capture feature, Microsoft has decided to stop offering the Windows 11 2022 Update for select systems. Users who use the Xbox Game Bar app to record gameplay are reporting issues with the audio and video being out of sync on affected devices.
The same underlying Windows libraries or APIs that Xbox Game Bar uses may be used by other apps to capture or manipulate video files.
Only devices that have previously used the capture capability in the Xbox Game Bar app are subject to Microsoft’s new compatibility hold (safeguard ID 41584256).
Although the KB5018496 preview update, which was released on October 25, previously addressed this known issue, this cumulative update is optional and won’t be deployed by default.
Conclusion:
That’s it for today’s article. cyber-criminals are increasing enormously day by day and so does cyber attacks. Only if we are aware of what is happening around us in this tech world, we can prevent ourselves from those cyber attacks so keep yourself updated through our cyber security news and also stay connected by subscribing to our newsletter. Share your thoughts in the comment section and Comeback again for another set of cyber security news. Thank You!