Security News > 2022 > July

A Russian-language miscreant claims to have hacked their way into a managed service provider, and has asked for help monetizing what's said to be access to the networks and computers of that MSP's 50-plus US customers. These kinds of service providers typically remotely manage their many clients' IT infrastructure and software, and so infiltrating one MSP can unlock a route into a great number of organizations.

Short article on the evolution of the vampire squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

The Feds have put up a $10 million reward for information about foreign interference in US elections in general, and more specifically a Russian oligarch and close friend of President Vladimir Putin accused of funding an organization that meddled in the 2016 presidential elections. The bounty, offered through the US Department of State's Rewards for Justice program, specifically seeks intel on Russia's Internet Research Agency, businessman Yevgeniy Viktorovich Prigozhin, and any "Linked Russian entities and associates for their engagement in US election interference."

Well, it's much the same with computers, mobile phones and all the other digital devices that we rely on so much, and that we blithely assume will work perfectly tomorrow, on the grounds that they're fine today. Do you try to replace your own drainage pipe / re-render your own ceiling / rebuild the garden wall on your own / cook yourself a crepe / fix your own computer?

Threat groups are increasingly turning to InterPlanetary File System peer-to-peer data sites to host their phishing attacks because the decentralized nature of the sharing system means malicious content is more effective and easier to hide. Threat analysts with cybersecurity vendor Trustwave this week said the InterPlanetary File System is becoming the "New hotbed of phishing" after seeing an increase in the number of phishing emails that contain IPFS URLs.

CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. Today, CISA added the CVE-2022-26138 to its catalog of Known Exploited Vulnerabilities based on evidence of active exploitation.

While the organization needs to adjust to conduct business as usual with 75% of the workforce in place, it is now even more prone to phishing attacks. In the ever-evolving war between hackers and organizations, 3.4 billion phishing attacks are raining on us every day.

The Federal Communications Commission warned Americans of an increasing wave of SMS phishing attacks attempting to steal their personal information and money. "The FCC tracks consumer complaints - rather than call or text volume - and complaints about unwanted text messages have risen steadily in recent years from approximately 5,700 in 2019, 14,000 in 2020, 15,300 in 2021, to 8,500 through June 30, 2022," the US communications watchdog's Robocall Response Team said [PDF].

Another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There's an entire industry devoted to undermining all of our security.

Researchers were monitoring open-source repositories on Tuesday when they noticed suspicious activity in the form of four packages containing "Highly obfuscated malicious Python and JavaScript code" in the npm repository, they wrote in the post. Npm has become an especially attractive target for threat actors as it not only has tens of millions of users, but packages hosted by the repository also have been downloaded billions of times, he said.