Security News > 2022 > August

The community-run organization said this is the first known phishing attack against PyPI users. "The phishing message claims that there is a mandatory 'validation' process being implemented, and invites users to follow a link to validate a package, or otherwise risk the package being removed from PyPI," the organization said via Twitter, adding that it never removes valid projects from the registry, only those violating terms of service.

CVE-2022-38477 covers bugs that affect only Firefox builds based on the code of version 102 and later, which is the codebase used by the main version, now updated to 104.0, and the primary Extended Support Release version, which is now ESR 102.2. CVE-2022-38478 covers additional bugs that exist in the Firefox code going back to version 91, because that's the basis of the secondary Extended Support Release, which now stands at ESR 91.13.

After a recent dip, ransomware attacks are back on the rise. With data gathered by "Actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released," researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks.

Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that attackers could leverage to execute arbitrary code on vulnerable instances. "An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request," explains Atlassian's advisory.

DoorDash has confirmed that "a small percentage" of its customers' data and employees' information, including names, email and delivery addresses, phone numbers, and order and partial credit card details, were revealed as part of a broad phishing campaign dubbed Oktapus. "We can confirm the incident is connected to a wider, sophisticated phishing campaign that has targeted several other companies," a company spokesperson told The Register.

Twilio's investigation into the attack on August 4 reveals that hackers gained access to some Authy user accounts and registered unauthorized devices. Authy is a two-factor authentication service from Twilio that allows users to secure their online accounts where the feature is supported by identifying a second time via a dedicated app after typing in the login credentials.

Cosmetics giant Sephora first to be fined for violating California's Consumer Privacy Act. International cosmetics giant Sephora is the first company to be publicly fined for violating California's Consumer Privacy Act.

Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software. The latest MuddyWater hacking campaign outlined in a Microsoft report yesterday constitutes the first example of leveraging vulnerable SysAid applications to breach corporate networks.

For most of human history, a more complex device was more expensive to build than a simpler device. It is often more cost-effective to take a very complicated device, and make it simulate simplicity, than to make a simpler device.

"An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," the makers of the popular password manager LastPass announced on Thursday, but reassured users that the Master Passwords securing their password vaults are safe. LastPass says that they detected the breach two weeks ago, but that they haven't discovered evidence of the attacker gaining access to customer data in their production environment or encrypted password vaults.