Attacks on cryptocurrency platforms are rewarding cybercriminals with big returns. Recently, THORChain reportedly lost over $16 million in total in a span of two weeks. In other news, WhatsApp’s chief executive revealed that key government officials of U.S. allies were also targeted in Pegasus spyware attacks. Meanwhile, security experts warned of fake Windows 11 installers circulating online with an aim to spread malware. With this, let’s dive into the cybersecurity round from the weekend.
01
DeFi protocol THORChain suffered an ETH router attack that resulted in an $8 million loss in cryptocurrency. It suspects a whitehat researcher behind the incident.
02
WhatsApp CEO WIll Cathcart revealed that national security officials of several U.S. allies were also targeted by NSO Group’s Pegasus. The spyware usage was revealed last week after a collaborative effort between 17 media organizations worldwide.
03
A database containing 3.8 billion phone numbers of Clubhouse users surfaced for sale on the dark web. The audio-based social media app has denied the claim of any data breach.
04
Microsoft and Outflank described an email-based HTML smuggling attack that allows actors to muster malicious files on the victims’ systems.
05
Kaspersky discovered a significant rise in malicious links for bogus Windows 11 installers. The primary purpose of the executable is to download different types of malicious software on the device.
06
The Mobile County Commission, Alabama, detected malicious activities in its network and notified employees of a data breach that may have impacted employee data and other sensitive information.
07
Experts warn of a new ransomware variant called AvosLocker whose activities suggest that the group is actively looking for partnership in the underground markets.
08
Microsoft is warning against patching a new PetitPotam vulnerability in Windows OS that enables attackers to exfiltrate password hashes from remote machines.
09
GitLab rolled out a new open-source tool, dubbed Package Hunter, to help developers identify malicious code in their project dependencies. Right now, it includes support for NodeJS modules and Ruby Gems.
10
Microsoft partnered with AustCyber to launch a new cybersecurity traineeship program to assist 200 members in building a career in cybersecurity in about three years.
