Cyber Round-up

Cyber Round-up for 8th April

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security. 

In this week’s round-up:

Security News

LAPSUS$ Added to FBI’s Most Wanted List

The Federal Bureau of Investigation has put out a public alert to ask for help in uncovering the members of the infamous cybercrime gang LAPSUS$. It has been documented that LAPSUS$ has now stolen data from Microsoft, NVIDIA, Ubisoft, Samsung, Globant and Okta. Although the FBI is seeking help to identify the members in LAPSUS$ no monetary award has been offered.


Mailchimp Data Breach Compromises Hundreds Of Accounts

Mailchimp, an email marketing service, has been the most recent victim of a data breach. The company reported that an unauthorised hacker accessed company data through the use of an “internal tool” used by its customer support and account administration team. It has been reported that around 300 Mailchimp accounts could be compromised, with 102 of these having their audience data stolen. API keys were also stolen in the attack, but Mailchimp has assured customers that these have been disabled and changed, making the stolen keys worthless to the hackers.


The Works Suffers Cyber Attack

The Works, a book, arts & crafts store, has been a victim of a cyber attack. The Works was alerted to the incident due to its security firewall and has disabled access to its systems while a security team investigates the attack. Operations have been reported to be severely impacted, with emails down and internal systems offline, while some stores are closed and others are only accepting cash. The Works has reassured its customers that no bank details have been stolen in the attack, but longer delivery times are to be expected while the investigation takes place.


Isle of Wight Electric Vehicle Chargers Hacked

The Isle of Wight Council has apologised to the users of its electric charging points, after it was discovered that a hacker had managed to gain access and redirect a website link. The chargers are meant to display GeniePoint’s website on a front-facing monitor, however this had been changed so that monitor would show a site hosting obscene sexual material. The problem has since been resolved and the affected charging points are due to be replaced with “new charge points over the next few months”.


Inverse Finance Loses $15 Million In Hack

Inverse Finance, a Decentralised finance platform, has publicly stated that it was a victim of a hack resulting in the theft of $15 million worth of different cryptocurrencies. The hacker was able to manipulate the price of its native token, INV. With this, the hacker could mislead the system and offer themselves huge loans with low collateral. A report by PeckShield has disclosed that the initial deposit of the hacker was $3 million in Ethereum cryptocurrency and that the funds sent and received were to a wallet that had used Tornado Cash to hide its transactions. Inverse Finance has said all customers impacted by the price manipulation will be repaid in full.


Takedown of Kremlin Backed Cyclops Blink Botnet

The US Justice Department has released details of a court authorised takedown of the Cyclops Blink Botnet. The botnet is known to be part of the Sandworm cyber gang that has worked for the Russian Federation’s GRU espionage nerve centre. The task force carrying out the takedown removed malicious code from thousands of firewall devices being used as command-and-control servers. This severed ties between the cyber gang and the compromised machines used for its botnet. With the command-and-control servers down, the task force hasn’t yet aimed its sight into removing Cyclops Blink malware from individual devices being used as bots, they have only recorded the infected devices acting as command-and-control servers.


Vulnerabilities & Updates

Two Zero-Day Vulnerabilities Patched For Apple Devices

A recent update released by Apple has patched two zero-day vulnerabilities discovered by anonymous security researchers. The two vulnerabilities are reportedly being actively exploited in the wild, which has pressured Apple to release a quick patch. The vulnerabilities reported are an out-of-bounds write issue with AppleAVD media decoder allowing for the execution of arbitrary code and an out-of-bounds read issue with Intel graphics driver which may lead to the disclosure of kernel memory. Any users of Mac, iPhone and iPad devices are advised to update to stay protected.


And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.

Stay Safe, Secure and Healthy!

Edition #185 – 8th April 2022

Why not follow us on social media:

Ironshare – Security Simplified