Here are this week’s highlights in cybersecurity:
- Hackers stole crypto from Bitcoin ATMs by hacking into the web application created to manage the ATMs. The issue was present since late 2020, although the company says it conducted multiple security audits. More
- DirtyCred is a new privilege escalation vulnerability affecting Linux kernel versions 5.8 and later that swaps unprivileged kernel credentials with privileged ones. More
- DEFA, a Greek natural gas operator suffers ransomware-related data breach. Attack was confirmed after data was leaked on Friday by the Ragnar Locker ransomware group. More
- Microsoft published technical details on MagicWeb, a new post-exploitation tool used by Russia-linked cyber espionage group APT29. It has the form of a DLL that allows manipulation of the claims passed in tokens generated by an Active Directory Federated Services server. More
- Hackers are abusing legitimate SaaS platforms like file sharing and hosting sites, form and survey builders, website builders, note-taking and documentation writing platforms, and personal portfolio spaces to create malicious phishing websites that steal login credentials. Data collected by Palo Alto shows a massive increase of 1,100% from June 2021 to June 2022 for this type of activity. More
- Hackers breached LastPass and stole its source code. LastPass says that encrypted vaults weren’t affected by the breach. More
Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.