While no two DeFi hacks could ever be the same, yet more and more hackers are pulling off crafty attacks to steal crypto funds. For instance, a spear-phishing attack aimed at a DeFi platform culminated in the loss of $55 million. In other news, a hacking group with ties to China abused flaws in Zoho servers to target at least 370 organizations in the U.S. What more? A ransomware affiliate was spotted taking advantage of unpatched Exchange servers. With this, continue learning for the top cybersecurity highlights from the weekend.
01
Cybercriminals swindled cryptocurrencies worth $55 million from bZx DeFi platform. They obtained two private keys through spear-phishing a developer at the firm.
02
Palo Alto Networks uncovered that Emissary Panda, a hacking group with ties to China, exploited Zoho software flaws in the networks of at least nine organizations in the defense, energy, technology, healthcare, and education sectors.
03
Activist group DDoSecrets dropped 1.8TB of police helicopter footage to its website. The data was allegedly stolen from two police departments that were storing the data in unsecured cloud infrastructure.
04
Nationwide Laboratory Services, Florida, disclosed that it was targeted by ransomware attackers, in May, who exposed the PHI and SSNs of more than 30,000 patients.
05
The FBI issued a warning about ransomware groups hitting native tribal-owned casinos in the U.S. and pinning their system down; top actors include Bitpaymer, Conti, Cuba, REvil, Ryuk, and Snatch.
06
Chinese officials claimed that a foreign spy agency exfiltrated passenger details and other data from the servers of multiple airlines in 2020.
07
Security experts at npm found two popular NPM packages, Coa and rc, being compromised with malicious codes to release new versions laced with password-stealing malware.
08
Hackers impersonated the cybersecurity firm Proofpoint and used mortgage payments as a lure to trick unsuspecting users into revealing their Office 365 and Gmail credentials.
09
Cisco Talos red-flagged a new campaign by Tortilla, one of Babuk’s affiliates, for targeting ProxyShell flaws in Exchange Server in an attempt to breach corporate networks.
10
SCYTHE, an adversarial emulation platform provider, secured $10 million in Series A funding led by Gula Tech Ventures and Paladin Capital Group, including investment from Energy Impact Partners.
