Here are this week’s highlights in cybersecurity:

  • Harmony Horizon, a cryptocurrency bridge was hacked amounting to the loss of approximately $97M. More
  • Matanbuchus malware loader resurfaces delivering Cobalt Strike beacons via email spam campaigns. More
  • A Chinese-speaking threat actor has hacked into the building automation systems of several Asian organizations to backdoor their networks using ShadowPad and gain access to more secured areas of their networks. More
  • A new Android banking trojan dubbed as Revive, was discovered in the wild by security researchers. It targets Spanish customers of BBVA bank and it can intercept keystrokes, login credentials as well as SMS messages. More
  • FabricScape, a recently patched vulnerability in Microsoft Azure’s Service Fabric (SF) allowed threat actors to escalate privileges to root, gain control of the host node, and compromise the entire Linux cluster. Service Fabric hosts more than 1 million applications and runs millions of cores daily. More
  • YTStealer malware tries to steal YouTube content creators accounts by collecting authentication cookies. The malware also exfiltrates data from YouTube Studio, like name of channel, number of subscribers and if the channel is monetized or not. More
  • OpenSea suffered a cybersecurity incident as an employee of their email vendor downloaded email addresses belonging to OpenSea users and newsletter subscribers. The NFT market is warning customers of potential phishing attacks that might follow the breach. More
  • Three individuals were indicted for having sold over $88 million worth of stolen software licenses belonging to Avaya Direct International. One of the individuals (Pearce) abused his administrator privileges to hijack former employee accounts, generate license keys and sell them to another individual who was an authorized Avaya reseller. Pearce also altered information to conceal the fact that he was generating ADI license keys, preventing Avaya from discovering the fraud scheme for many years. More
  • Jenkins published a security advisory containing dozens of zero-day bugs in multiple plugins, including a few high severity ones. More
  • SessionManager, a IIS backdoor discovered by Kaspersky is deployed to maintain access in campaigns exploiting the ProxyLogon Exchange vulnerability. The malware allows for remote code execution as well as reading and writing files and uses cookies to receive commands from its operators. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.