Cybersecurity Highlights

Europol operation disrupts iSpoof

iSpoof, a tool offered to cybercriminals to enable them to carry out their phishing activity, has been dismantled in a global operation, led by the London Metropolitan Police with the support of...

References:

europol.europa.eu

bleepingcomputer.com

genbeta.com

thehackernews.com

Tags:

Unauthorised access to Dropbox data on GitHub

Dropbox has released a statement acknowledging that it was the victim of a phishing campaign that was exploited to gain access to code stored on GitHub. Specifically, GitHub alerted Dropbox to...

References:

dropbox.tech

bleepingcomputer.com

theregister.com

softzone.es

muycomputerpro.com

Tags:

Hundreds of millions stolen from Binance

Binance, the world's largest cryptocurrency exchange platform, has suffered a theft amounting to €585 million after a potential network exploit was detected through an irregular increase in...

References:

bnbchain.org

nytimes.com

computerhoy.com

diariobitcoin.com

wired.com

Tags:

LastPass security breach

The company's CEO has issued a statement on the LastPass blog that it has suffered a security incident in its password manager. The breach has allowed cybercriminals to access parts of the...

References:

blog.lastpass.com

thehackernews.com

europapress.es

genbeta.com

unaaldia.hispasec.com

Tags:

0day vulnerability exploited in General Bytes

General Bytes, a global provider of Bitcoin ATMs, has been the victim of a cyber-attack that exploited a 0day vulnerability in the CAS (computer algebra system) administrator interface.According to...

References:

generalbytes.atlassian.net

diariobitcoin.com

cointelegraph.com

es.gizmodo.com

businessinsider.es

unaaldia.hispasec.com

Tags:

Mailchimp security breach exposes DigitalOcean customer data

DigitalOcean has reported a recent security incident at MailChimp, which has resulted in some customers' email addresses being leaked, with a small number of them receiving unauthorised password...

References:

mailchimp.com

digitalocean.com

diariobitcoin.com

theregister.com

unaaldia.hispasec.com

Tags:

IconBurst attack offers malicious versions of NPM packages

Researchers at ReversingLabs have reported an attack on the NPM supply chain dating back to December 2021, in which dozens of malicious NPM modules containing obfuscated JavaScript code were used...

References:

bleepingcomputer.com

thehackernews.com

blog.malwarebytes.com

unaaldia.hispasec.com

Tags:

Cybercrime

Malware

Tool

Cryptographic flaw in ECDSA implementation in Java

The Elliptic Curve Digital Signature Algorithm (ECDSA), used in Java and Oracle to digitally sign messages and data to verify the authenticity and integrity of content, is vulnerable due to a...

References:

neilmadden.blog

unaaldia.hispasec.com

media.cert.europa.eu

jfrog.com

blog.ehcgroup.io

nakedsecurity.sophos.com

thehackernews.com

Tags:

Encryption

Tool

Vulnerability

INCONTROLLER/PIPEDREAM malware targeting ICS/SCADA devices

Several government agencies (DOE, CISA, NSA, and FBI) have issued a joint security advisory to warn about an APT threat, called INCONTROLLER/PIPEDREAM, which has been developed to attack industrial...

References:

mandiant.com

dragos.com

wired.com

cisa.gov

computerweekly.com

techtarget.com

securityweek.com

reuters.com

incibe-cert.es

Tags:

APT

Cybercrime

Incident

Industrial Control System

Internet

Malware

Other critical infrastructures

Tool

Windows

BKA and German ZIT shut down Hydra, the most popular Russian black market on the Dark Web

The German Federal Criminal Police Office or Bundeskriminalamt (BKA), together with the Public Prosecutor's Office in Frankfurt am Main and the German Central Office for Combating Cybercrime (ZIT),...

References:

hackread.com

bka.de

eldiario.es

elespanol.com

therecord.media

justice.gov

Tags:

Corporate access

Cybersecurity Highlights

Europol operation disrupts iSpoof

Unauthorised access to Dropbox data on GitHub

Hundreds of millions stolen from Binance

LastPass security breach

0day vulnerability exploited in General Bytes

Mailchimp security breach exposes DigitalOcean customer data

IconBurst attack offers malicious versions of NPM packages

Cryptographic flaw in ECDSA implementation in Java

INCONTROLLER/PIPEDREAM malware targeting ICS/SCADA devices

BKA and German ZIT shut down Hydra, the most popular Russian black market on the Dark Web

Pages