Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet and More - SWN #368
Mar 12, 2024
auto_awesome
Topics include fake crypto wallet app stealing digital assets, cyber vulnerabilities in QNAP NAS, recent cyber attacks by threat actors, ban on cameras in rental properties by Airbnb and VRBO, unconventional ways of making money and empowerment, and exploring malware research and threat intelligence.
Beware of Leather app scam on Apple Store stealing crypto funds.
Update QNAP devices to protect against remote execution vulnerabilities.
CISA breach highlights challenges in mitigating sophisticated cyber attacks.
Deep dives
Beware of Fake Cryptocurrency Wallet App on Apple App Store
A warning has been issued regarding a fake crypto app named Leather on the Apple App Store that steals money by tricking users into providing access to sensitive data. The malicious app targets wallet information and digital assets, leading to financial losses. Leather developers confirmed it as a fake since they do not offer an iOS product and advised users to transfer funds immediately if they have downloaded the app.
Vulnerabilities Discovered in QNAP NAS Products
QNAP, a Taiwan-based company specializing in network attached storage devices, disclosed vulnerabilities in their products that could lead to authentication bypass, command and SQL injections. Of significance, one vulnerability allows remote execution without authentication, increasing the risk for users who expose their devices to the internet without adequate protection. Users are urged to update their QNAP devices and regularly scan for vulnerabilities.
CISA Breached Due to Yvanti Vulnerabilities
Cybersecurity and Infrastructure Security Agency (CISA) suffered a breach due to five vulnerabilities in Yvanti's web and VPN appliances that were exploited by threat groups. The compromised systems included an infrastructure protection gateway and a chemical security assessment tool. Despite measures taken, CISA faced challenges in acknowledging and mitigating the breach, highlighting the persistent threats posed by cyber attackers.
Microsoft Identifies Russian State-Sponsored Threat Actor, Midnight Blizzard
Microsoft reported a Russian state-sponsored threat group, Midnight Blizzard, also known as Cozy Bear or Nibelium, conducting cyber attacks against internal systems and source code repositories. The attacks aimed at accumulating intelligence for targeted threats reveal a sophisticated and coordinated effort. Partners warned of a rising trend in targeting source code, emphasizing the importance of securing dev infrastructures amidst evolving global threat landscapes.
Lazarus Group's Supply Chain Attack via PiPi Repository
Japan disclosed a supply chain attack by the North Korean hacking group, Lazarus, on the PiPi software repository, posing a significant threat to Python applications. The attackers uploaded malicious packages mimicking legitimate ones to infect Windows machines with the come backer Trojan, indicating a growing trend of typo squatting attacks on popular open-source repositories. The incident underscores the imperative for stringent security measures and vetting of open-source packages to counter such supply chain threats.
