Here are this week’s highlights in cybersecurity:

  • Microsoft disabled macros by default in Office products but immediately rolled back the decision because of community feedback. More
  • Researchers discovered NPM supply chain attack containing malicious modules designed to steal data entered in forms by users on websites that include them. More
  • The Axie-Infinity $540 million dollar March hack was the consequence of one of its former employees getting hacked via a fraudulent job offer on LinkedIn. After a few rounds of interviews, the engineer was offered a job with an extremely generous compensation package. The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded, allowing spyware to infiltrate Ronin’s systems. More
  • Attackers are abusing the CI/CD tools known as GitHub Actions to run cryptocurrency mining software in Azure Virtual Machines. More
  • Honda cars from the last 10 years are vulnerable to an attack that allows anyone to permanently open the car door or even start the car engine from a long distance, using a SDR such as HackRF. More
  • According to Microsoft, a massive phishing campaign targeted more than 10,000 organizations since September 2021 and used the gained access to victims’ mailboxes in follow-on business email compromise (BEC) attacks. Threat actors used Evilginx2 to proxy requests to Office365 and steal authentication cookies, thus also compromising accounts protected with multi-factor authentication. More
  • Bandai Namco confirmed that its servers have been hacked and confidential information has been acquired by the BlackCat/AlphV ransomware group. More
  • ESET discovered and reported three buffer overflow vulnerabilities in UEFI firmware of several Lenovo notebooks, affecting more than 70 various models. Attackers can obtain arbitrary code execution in the early phases of the platform boot, hijack the OS execution flow and disable important security features. More
  • North Korean ransomware group targets small and midsize businesses with H0lyGh0st ransomware, asking between 1 and 5 bitcoin in ransom. More
  • Latest version of Tor Browser (11.5) introduced a mechanism for automatic censorship detection and circumvention. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.