Friday is a great day to wrap up some of the biggest news in the cybersecurity world. Top 5 most interesting news and research from the past week.
Hackers Steal $5.4 Million From Crypto Exchange Eterbase
Eterbase cryptocurrency exchange platform this week announced that hackers breached its systems and stole $5.4 million. During the attack, hackers accessed hot wallets from which they stole all funds. All major crypto exchanges were informed and on the incident. On Twitter, Eterbase announced that the investigation into the incident has already revealed that most of the stolen funds ended up on three crypto-exchanges: Binance, Huobi, and HitBTC.
WhatsApp Discloses 6 Bugs via Dedicated Security Site
WhatsApp got a head start on its new commitment to transparency with some disclosures, revealing six bugs that the company recently patched, before any evidence that they were exploited by threat actors. One of these vulnerabilities affects android devices and input-validation issues in some WhatsApp Desktop versions that could have allowed cross-site scripting if a user clicked on a link from a specially-crafted live location message. White hackers reported all these bugs via the bug bounty program. Once again, we see how the bug bounty program helps companies to improve security in its products.
Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign
Apple accidentally approved one of the most popular Mac malware threats – OSX.Shlayer – as part of its security checking process. As we can see, automatic checks cannot guarantee that the check will be correct, and cybercriminals can easily bypass it. Of course, Apple is a leader in software validation before app approval in the AppStore, but even Apple’s mechanisms can be circumvented. So the next big thing for Apple and Google should be an AI-based validation mechanism.
Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Cisco has fixed many critical vulnerabilities in its products. One of the critical vulnerabilities was in the Cisco Jabber client and allowed an attacker to remotely execute malicious code. Therefore, if you are using some Cisco products, please update them before someone tries to break into you and steal your data.
Evilnum hackers targeting financial firms with a new Python-based RAT
Adversary groups targeted for fintech companies at least since 2018 have switched their tactics and developed a new python-based remote access tool, which allows them to gain access to passwords, documents, browser cookies, email credentials, and other sensitive information. This group uses spear-phishing emails and other techniques to deliver malware into a network of fintech companies after that steal money from their accounts; it’s one of the main threats in modern cybersecurity.