Security News > 2022 > June

In January 2022, the number of business email compromise attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since. These tactics are increasingly dangerous, with one attack stopped by Abnormal requesting $2.1 million for a fake invoice.

The data suggests that large companies are particularly vulnerable to the security risks associated with exposed or unprotected APIs as these mature organizations accelerate digital transformation. The volume of APIs used by businesses is growing rapidly; nearly half of all businesses have between 50-500 deployed, either internally or publicly, while some have over a thousand active APIs.

Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive personal information on customers and employees was accessed in a string of cyber attacks. Late last week, New York's Department of Financial Services announced Carnival had agreed to pay $5 million to the state as a penalty for falling foul of NY's Cybersecurity Regulation.

The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected.

India's Ministry of Electronics and Information Technology and the local Computer Emergency Response Team have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India.

The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512. OpenSSL 3.0.4 "Is susceptible to remote memory corruption which can be triggered trivially by an attacker," according to security researcher Guido Vranken.

The Black Basta ransomware-as-a-service syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window. "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more," Cybereason said in a report.

In September, the bureau said such schemes usually include initial contact through dating apps or other social media sites and, through creating an online relationship with the targeted victim, the scammer pitches a cryptocurrency investment or other trading opportunities promising significant profits. Nicole Hoffman, senior cyberthreat intelligence analyst with cybersecurity vendor Digital Shadows, told The Register that romance scams are among the most common financially motivated cybercrimes, and prey on emotions and rely on social engineering.

The Bank of the West is warning customers that their debit card numbers and PINs have been stolen by skimmers installed on several of the bank's ATMs. The financial institute, which operates over 600 branches in the United States, first detected a wave of suspicious withdrawal attempts in November 2021 and coordinated with law enforcement to conduct an in-depth investigation. "The ATM skimming device that was installed interfered with the normal debit card transaction and allowed the theft of your card number, the PIN number associated with your card, and possibly your name and address," explains the bank's notice to impacted customers.

A new Android banking malware named Revive has been discovered that impersonates a 2FA application required to log into BBVA bank accounts in Spain. The new banking trojan follows a more focused approach targeting the BBVA bank instead of attempting to compromise customers of multiple financial institutes.