Security News

A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS attacks to potentially breach the accounts of Office 365 users. Wiz researchers found that when creating an application in Azure App Services and Azure Functions, the app can be mistakenly configured to allow users from any Microsoft tenant, including public users, to log in to the application.

A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts. The extension is a copy of the legitimate popular add-on for Chrome named "ChatGPT for Google" that offers ChatGPT integration on search results.

A large darknet marketplace focused on drugs and illegal substances, has been taken over by a smaller competitor named 'Kraken,' who claims to have hacked it on January 13, 2022. The Tor site of Solaris currently redirects to Kraken, while blockchain monitoring experts at Elliptic report no movements in the cryptocurrency addresses associated with the site after January 13, 2022.

Verizon has notified some prepaid customers that their accounts were compromised and their phone numbers potentially hijacked by crooks via SIM swaps. From there, the crooks could access the personal info in an account and perform a SIM swap.

A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website.

Update: A Threat Actor claims to have completely compromised Uber - they have posted screenshots of their AWS instance, HackerOne administration panel, and more. Bug hunter Sam Curry claims to have heard from an Uber employee.

A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam' are among hundreds seen laced with malware after attackers successfully compromised accounts of maintainers who fell for the phishing email.

America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits. According to the SEC complaint, fraudsters in the US, Canada, and the Dominican Republican broke into at least 31 American-owned retail brokerage accounts in late 2017 and early 2018.

Named "Torrents of Truth," the initiative is similar to "Call Russia," a project to help break through Russian propaganda and open people's eyes to what's happening in Ukraine. The initiative creates torrents that contain a text file with a list of credible news sources that Russians can trust and instructions on downloading and installing a VPN to secure anonymity from ISPs.

The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne said in a Monday report.