 According to researchers, hackers managed to breach two-factor authentication in the DoorDash and Twilio hack. The hackers were able to access 93 individual accounts. More: - Earlier this month, Twilio was the victim of a data breach that affected other companies such as DoorDash.
- Authy, an authentication app used by over 75 million and owned by Twilio, was breached through 0ktapus. The latter is malware deployed through SMS scamming.
- Targets are sent SMS messages and are redirected to a fake log-in page.
- From there, the victims are led to click on infected links that enable the threat actor to take control of the person's account or device.
- The hacker group stole close to 10,000 credentials, including email and home addresses. The hackers also stole 38 phone numbers.
| |
 New ransomware tracked by researchers named Agenda can be customized for each target. The ransomware is targeting healthcare and education organizations in Indonesia, Saudi Arabia, South Africa, and Thailand. More: - Agenda ransomware is being sold on the dark web by a threat actor tracked as Qilin.
- The threat actor is able to tailor the binary payloads for each victim.
- Agenda is able to evade detection, encrypt the file, rename it, and drop the ransom note in.
- The ransomware amount ranges from $50,000 up to $80,000.
- Researchers believe that the methods used in this hacking campaign are similar to the ones used by Black Basta. This hacker group is known for breaching over 75 targets using various ransomware.
Zoom Out: - This is not the first time that customized ransomware has been used by threat actors. In 2019, multiple enterprises were breached through this method. These companies were asked for large amounts of money as ransom.
- Black Basta ransomware is relatively new, having surfaced only in the last few months. The group, however, has managed to breach organizations at a record pace. The group does not target specific industries, breaching across a horizontal range of enterprises.
| |
 A message from QUANTUM Effective and Reliable Data Storage Protection that Scales on Your Terms and Budget Data recovery is possible across the entire lifecycle - and air-gapped protection is both the safest and the lowest TCO. Successful Ransomware attacks can take months to fully recover from - especially when targeted campaigns wipe out clusters of servers. So why not choose a solution that protects and recovers at any point in your data’s lifecycle? With different tiers, you’re able to ensure availability of data without compromise. You’re able to balance cost while maximizing efficiency. No one can stop ransomware or fully prevent it from taking place - but you can make sure you’re protecting your customers and your data by ensuring that there is a fully air-gapped solution. Request A Demo
| |
 A hacking campaign created by a threat actor known as Nitrokod has infected over 11,000 targets. The threat actor is believed to have been created in 2019. More: - Nitrokod's malware impersonates applications dedicated to complementing Google translate.
- The malware is believed to have been created in 2019 and has infected over 11,000 targets in 11 countries. The victims are located in the U.K., the U.S., Sri Lanka, Greece, Israel, Germany, Turkey, Cyprus, Australia, Mongolia, and Poland.
- Once a victim downloads the infected file, the malware is deployed one month later. This tactic is what separates Nitrokod from other malware variants that are usually tracked.
| |
 Iranian hackers are targeting Israeli organizations. The state-backed actors are exploiting a flaw that takes advantage of Log4shell. More: - Microsoft tracked the breach. The company accredited the hacking campaign to a threat actor known as MuddyWater.
- The group is also known as Cobalt Ulster, Mercury, Seedworm, or Static Kitten and is believed to be linked to the Iranian Ministry of Intelligence and Security.
- Log4shell is a well-known flaw that uses web shells to execute commands, enabling the threat actor to conduct cyber espionage, establish persistence, steal credentials, etc.
- The attack reportedly targeted numerous Israeli government institutions.
Zoom Out: - This is not an isolated breaching attempt at Israeli organizations. A cyberespionage campaign aimed at Israeli shipping, government, energy, and healthcare organizations by a threat actor tracked UNC3890 was reported a few days ago.
- Iranian hackers have leaked the data of over 300,000 Israeli citizens in a previous breach where hackers targeted travel agencies.
- Iranian threat actors have previously also taken down the website of an organization that is building Tel Aviv's first subway station.
| |
 A message from SECURITY COMPASS Current approaches to software threat modeling simply don’t work. They are manual, inconsistent, take too long, don’t scale, and don’t give developers what they need. When software security and compliance are considered more as an afterthought, rather than a vital step in the development process, organizations end up trying to remediate security and compliance issues after software has been written, rather than preventing issues in the first place. Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure and compliant software. Empower DevSecOps teams to make software secure and compliant by design through automating threat modeling, generating application security requirements, and providing secure development and compliance best practices. The SD Elements platform is the best solution for organizations who need to scalably model software threats, identify countermeasures, and deliver secure, compliant code quickly. Get the whitepapers
| |
 CISA has added 10 vulnerabilities to its list of known cyber threats. The list includes one high-risk flaw that affects Delta electronics. More: - The issue is tracked as CVE-2021-38406 and has a CVSS score of 7.8.
- This flaw was initially tracked in 2021 and was listed as a security flaw that potentially could've affected the entire automation industry.
- Due to the fact that there is no patch available, the federal civilian executive branch has ordered all federal agencies to update their security protocols by September to avoid possible risks presented by the flaw.
- Other flaws tracked in the list include:
- CVE-2022-26352: dotCMS Unrestricted Upload of File Vulnerability,
- CVE-2022-24706: Apache CouchDB Insecure Default Initialization of Resource Vulnerability,
- CVE-2022-24112: Apache APISIX Authentication Bypass Vulnerability,
- CVE-2022-22963: VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability,
- CVE-2022-2294: WebRTC Heap Buffer Overflow Vulnerability,
- CVE-2021-39226: Grafana Authentication Bypass Vulnerability,
- CVE-2020-36193: PEAR Archive_Tar Improper Link Resolution Vulnerability, and
- CVE-2020-28949: PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability.
Zoom Out: - Due to an increase in cyber activity, CISA has added over 200 flaws to its list of vulnerabilities in 2022 alone.
| |
Quick Hits: - Fix your email overload for as little as $7.00 a month.*
- Credential service provider Atlassian has released a new update to patch a newly-tracked security flaw. The flaw has a CVSS score of 9.9, making it a highly dangerous cyber risk.
- Baker&Taylor, a book distribution company, has been hit by a cyberattack. The company does not know who is responsible for the attack, but it stated that the breach managed to shut down its servers and cause week-long issues that are still being fixed.
- According to the FBI, hackers are using security flaws in DeFi services to steal cryptocurrency. The law authority stated that 97% of the cases in which cryptocurrency was stolen revolved around DeFi security flaws.
- Muninn, a cybersecurity startup based in Copenhagen, has raised $2.5M. The Seed round funding was led by Luminar Ventures.
- Amid the shifting landscape of embedded systems, developers turn to real-time operating systems when "good enough" isn't good enough.*
*This is sponsored content.
| |
Upcoming events at Inside: - August 31 - AMA with Sophia Amoruso (CEO at Business Class) (Register Here)
- September 07 - AMA with Andrew Gazdecki (Founder of MicroAcquire) (Register Here)
- September 09 - AMA with Jay Ryan (U.S. Federal Government Program Manager at Security Compass) (Register Here)
- September 14 - AMA with Brian Dean (Founder of Backlinko) (Register Here)
- September 21 - AMA with Kristen Ruby (Founder of Ruby Media Group) (Register Here)
- September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here)
- October 12 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
With Quantum, we shift the focus from accumulating data to making it work for you. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
