Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Lazarus Group, known for its connections to North Korea, has exploited the Python Package Index (PyPI) by uploading malicious packages targeting developer systems. These packages, designed to mimic popular Python packages, leverage typographical errors made by users when installing. With names like ‘pycryptoenv’, ‘pycryptoconf’, ‘quasarlib’, and ‘swapmempool’, the malicious packages were collectively downloaded over 3,000 times before being removed. This attack highlights the importance of vigilance when downloading and installing software components.
By thehackernews.com
Pepco Group, a European discount retailer, reported significant financial losses amounting to approximately 15 million euros due to a phishing attack on its Hungarian business. This incident demonstrates the financial and operational risks posed by cyberattacks and the importance of robust cybersecurity measures to protect against phishing and other forms of social engineering.
It is believed that no customer, supplier, or staff data has been compromised. Investigations are still underway, and not much more information has been shared by Pepco at this stage.
By reuters.com
In a recent cybersecurity incident, Cutout.Pro, an AI photo and video editing service, experienced a significant data breach impacting 20 million users. A hacker publicized the leak on a well-known forum, releasing user emails, hashed passwords, IP addresses, and names. While Cutout.Pro has yet to comment, the breach's exposure raises serious concerns about user privacy and security. We urge all members to update their passwords and remain vigilant against potential phishing attempts.
By bleepingcomputer.com
The National Cyber Security Centre has issued a warning about the evolving tactics of SVR cyber actors targeting cloud services. These adversaries are refining their methods to breach cloud infrastructure, signalling a heightened threat to cloud security. Organizations are encouraged to bolster their defences and stay updated on the latest cybersecurity practices to counteract these sophisticated techniques.
For more information, please refer to the original article on the NCSC website.
By ncsc.gov.uk
Thyssenkrupp, a German industrial engineering and steel production conglomerate, confirmed a ransomware attack on its automotive unit, disrupting factory production. The attack was part of a trend targeting large corporations, especially in the industrial and manufacturing sectors. Despite the disruption, Thyssenkrupp has stated that the situation is under control and has continued to supply its customers.
By securityweek.com
Iranian hackers, identified as UNC1549, have been conducting cyberattacks against aerospace, aviation, and defence sectors in the Middle East using Microsoft Azure infrastructure. The campaign, active since at least June 2022, involves deploying two unique backdoors, MiniBike and MiniBus, for espionage activities in countries including Israel, the UAE, Albania, India, and Turkey. These activities are suspected to be linked to Iran's Islamic Revolutionary Guard Corps and utilize sophisticated tactics like spear-phishing and fake job offers to distribute malware and gather intelligence.
By securityweek.com
Stay Safe, Secure and Healthy!
Edition #270 – 1st March 2024
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
