Cyber security news February 2023

This posting is here to collect cyber security news in February 2023.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.


  1. Tomi Engdahl says:

    Digital armour. To thwart cyberattacks, enterprises must have visibility of their assets: Sophos CEO
    February 13, 2023 – Updated 10:02 am IST
    Says ‘cybersecurity-as-a-service’ can address the global shortage of cybersecurity professionals

  2. Tomi Engdahl says:

    European police dismantle cybercrime gang behind €38M CEO fraud, GoDaddy reveals a multi-year #security breach, #hackers targeted Asia-based data centers, and other top #cybersecurity and #cybercrime news of the week.

  3. Tomi Engdahl says:

    Cybersnaxattack: Some shops in Texas and New Mexico have been short of salad kits since the beginning of last week. A cyberattack on Dole was the cause of the salad shortage. The ransomware caused Dole to temporarily shut down production plants in North America and halt food shipments to grocery stores.

    Cyberattack on food giant Dole temporarily shuts down North America production, company memo says

    A cyberattack earlier this month forced produce giant Dole to temporarily shut down production plants in North America and halt food shipments to grocery stores, according to a company memo about the incident obtained by CNN.

    The previously unreported hack — which a source familiar with the incident said was ransomware — led some grocery shoppers to complain on Facebook in recent days that store shelves were missing Dole-made salad kits.

    “Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America,” Emanuel Lazopoulos, senior vice president at Dole’s Fresh Vegetables division, said in a February 10 memo to retailers.

    A cyberattack on Dole was the cause of the salad shortage, Adam Wolfe, the store’s manager, told CNN, citing the Dole memo, which he said his store received from its wholesale grocery provider, Affiliated Foods Inc., in Texas.

  4. Tomi Engdahl says:

    RANSOMWARERansomware Attack Forces Produce Giant Dole to Shut Down Plants
    Dole was forced to shut down systems in North America due to a ransomware attack, which has reportedly led to salad shortages in some grocery stores.

  5. Tomi Engdahl says:

    Cyberattack on food giant Dole temporarily shuts down North America production, company memo says

  6. Tomi Engdahl says:

    Mitchell Clark / The Verge:
    A major outage has taken down Dish Network’s websites, apps, and customer support systems; remote employees have been cut off from accessing their work systems — Since Thursday morning, Dish Network has been experiencing a major outage that’s taken down the company’s main websites, apps …

    Dish Network’s internal systems are so broken some employees haven’t worked in over a day

    / The company is blaming an ‘internal system issue’ for the problems.

    Since Thursday morning, Dish Network has been experiencing a major outage that’s taken down the company’s main websites, apps, and customer support systems, and employees tell The Verge it’s not clear what’s going on inside the company. The company’s website is completely blank save for a notice apologizing for “any disruptions you may be having” while promising that “teams are working hard to restore systems as soon as possible.” The Boost Mobile and Boost Infinite sites display a similar message.

    When we called each brand’s customer support lines, there were no humans on the other end — each call automatically hung up after delivering a recorded message about the outage.

    In an ironic twist, the outage started around the time that Dish was set to release its earnings for Q4 and fiscal year 2022. CEO Erik Carlson addressed it during the company’s earnings call, saying the company was experiencing an “internal outage that’s continuing to affect our internal servers and IT telephony.” While Carlson claimed that Dish, Sling, and the company’s wireless networks were operating normally, he admitted that “internal communications, customer care functions, Internet sites” were knocked out.

  7. Tomi Engdahl says:

    Ax Sharma / BleepingComputer:
    Sources: Dish Network has been hit by a cyberattack “by an outside bad actor” and the company is working with an external vendor to resolve the issue — American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours.

    Dish Network goes offline after likely cyberattack, employees cut off

  8. Tomi Engdahl says:

    Molly White:
    The recovery of ~120,000 stolen ether by Jump and Oasis demonstrates the centralization of DeFi enabled by multisig-controlled upgradable smart contracts — Wormhole, Jump Crypto, and Oasis demonstrate the centralization threat introduced by multisig-controlled upgradable smart contracts.

    The Oasis “counter-hack” and the centralization of defi
    Wormhole, Jump Crypto, and Oasis demonstrate the centralization threat introduced by multisig-controlled upgradable smart contracts.
    Molly White
    3 hr ago

    Jon Rice / Blockworks:
    After Oasis complied with a UK high court order and upgraded a DeFi contract, Jump recovers ~120,000 ether, worth $140M, stolen during the 2022 Wormhole exploit

    Jump Crypto Just Counter-Exploited the Wormhole Hacker for $140 Million

    The Chicago trading firm appears to have recovered the 120,000 ether stolen during the 2022 Wormhole exploit

    In what appears to be the result of a coordinated effort between Jump Crypto and Oasis, the exploiter behind the infamous Wormhole attack of February 2022… has become the exploited.

    Just over a year ago, the Wormhole bridge was attacked in one of the largest crypto loss events of 2022. Altogether, around 120,000 ETH was stolen — $325 million at the time.

    Those funds were replaced by Jump Crypto, the Chicago-based crypto arm of Jump Trading, which was involved in the development of the Wormhole protocol. Jump’s motive was “to make community members whole and support Wormhole now as it continues to develop” according to a tweet issued by the company at the time.

    Wormhole offered a $10 million bug bounty and white hat agreement to the hackers in exchange for returning the funds. It appears that never happened.

    Dave Olsen, Jump Trading Group’s president and CIO, told Bloomberg a month later that “We’re working in very close consultation with government resources, with private resources. There is a lot of firepower that is expert at tracking down criminals like this. And we are in this fight permanently. So this is not something that we will become distracted by next month or next year — this is a permanent condition.”

  9. Tomi Engdahl says:

    Trove of L.A. Students’ Mental Health Records Posted to Dark Web After Cyber Hack

    74 investigation reveals systemic data breach of sensitive psychological evaluations following Vice Society ransomware attack

  10. Tomi Engdahl says:

    GoDaddy: Hackers stole source code, installed malware in multi-year breach
    Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack. While GoDaddy discovered the security breach in early December
    2022 following customer reports that their sites were being used to redirect to random domains, the attackers had access to the company’s network for multiple years

  11. Tomi Engdahl says:

    ‘Russian hacktivists’ claim responsibility for DDoSing German airport websites
    In other words, script kiddies up to shenanigans again A series of distributed denial-of-service (DDoS) attacks shut down seven German airports’ websites on Thursday, a day after a major IT glitch at Lufthansa grounded flights

  12. Tomi Engdahl says:

    Norwegian police recover $5.8M crypto from massive Axie Infinity hack
    Norwegian police (Økokrim) have seized 60 million kroner ($5,800,000) worth of cryptocurrency stolen by the North Korean Lazarus hacking group last year from Axie Infinity’s Ronin Bridge. The seized cryptocurrency was stolen from Sky Mavis, the publisher of the blockchain-based game Axie Infinity, which suffered losses of $620 million in March 2022 after an attacker manipulated the game’s Ronin bridge to gain partial control of its validators and perform two unauthorized transactions

  13. Tomi Engdahl says:

    Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only
    Twitter has announced that it’s limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers. “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used and abused by bad actors,” the company said

  14. Tomi Engdahl says:

    Semiconductor industry giant says ransomware attack on supplier will cost it $250 million
    Multibillion-dollar corporation Applied Materials, which provides technology for the semiconductor industry, said during an earnings call this week that a ransomware attack on one of its suppliers would cost it $250 million in the next quarter. The company did not say which supplier it was referencing, but several industry analysts said it was technology and engineering company MKS Instruments

  15. Tomi Engdahl says:

    Poliisi varoittaa vessanpönttöhuijauksesta
    “Itä-Suomen poliisilaitos varoitti lauantai­aamuna viime aikoina havaitusta ilmiöstä, jossa ihmisiltä pyritään huijaamaan rahaa WhatsApp-viesti­sovellusta hyödyntämällä. Itä-Suomen poliisille on tehty useita rikos­ilmoituksia, joissa asian­omaisilta on saatu huijattua isojakin summia rahaa.” — Myös Kyberturvallisuuskeskus on käsitellyt ilmiötä 3/2023-viikkokatsauksessaan:

  16. Tomi Engdahl says:

    Huijarit kutoivat YouTubeen tuhansien videoiden huijaus­verkoston – ja sitten rahat pois!
    Suomalainen WithSecure löysi internetistä tuhansia YouTube-videoita ja vääriä sovelluksia käsittävän verkoston, jossa houkutellaan ihmisiä liittymään sijoitushuijaukseen. Kryptovaluutta Tetheriä eli USDT:tä mainostava huijaus käyttää hyväkseen rikollisia YouTube-kanavia ja
    - -videoita, joihin lisätään automaattisesti katsojakommentteja kopioimalla ja liimaamalla. Tällä tavalla videot näyttävät keränneen kiinnostusta katsojilta, joita ei oikeasti ole olemassa

  17. Tomi Engdahl says:

    How to Unlock Your iPhone With a Security Key
    Apple continues to tighten iOS security, and iOS 16.3 (and iPadOS 16.3, and macOS Ventura 13.2) includes support for physical security keys. In other words, a physical device can verify your Apple ID login in place of a passcode. Its a great way to boost your security, and heres how it works

  18. Tomi Engdahl says:

    Watching a Crypto Investment Scam WhatsApp Group
    If your online accounts are like mine, almost every day I’m “force joined” to a new Telegram group where a crypto investment scammer tries to tell everyone how great their scam investment site is. This week, I started getting added to WhatsApp Crypto Investment Scams. I thought I’d share the experience with you, in case you were curious

  19. Tomi Engdahl says:

    What Is Anonymous Sudan?
    Since January 23, 2023, a threat actor identifying as “Anonymous Sudan” has been conducting denial of service (DDoS) attacks against multiple organizations in Sweden. This group claims to be “hacktivists,” politically motivated hackers from Sudan.. Truesec’s Threat Intelligence unit has investigated the threat actor group to shed light on its activities and help identify its true motives.

  20. Tomi Engdahl says:

    Microsoft Outlook flooded with spam due to broken email filters
    According to reports from an increasing number of Microsoft customers, Outlook inboxes have been flooded with spam emails over the last nine hours because email spam filters are currently broken.. This ongoing issue was confirmed by countless Outlook users who have reported (on social media platforms and the Microsoft Community’s website) that all messages were landing in their inboxes, even those that would have been previously tagged as spam and sent to the junk folder.

  21. Tomi Engdahl says:

    Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers
    Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in this blog.

  22. Tomi Engdahl says:

    Verkkohuijarit varastivat uhriltaan 38 miljoonaa parissa päivässä – näin kiero vedätys tehtiin
    Euroopan unionin poliisijärjestö Europol on napannut ranskalais-israelilaisen huijariryhmän, joka vedätti uhreiltaan kymmeniä miljoonia euroja esiintymällä eri yritysten toimitusjohtajina. Rikolliset käyttivät huijauksissaan sähköpostia ja saivat organisaatiot ohjaamaan varoja heidän omille tileilleen, kirjoittaa Bleeping Computer.

  23. Tomi Engdahl says:

    Chinese security researchers claim to have identified ‘Against The West’ hackers
    Researchers from the Chinese cybersecurity company Qi An Pangu Lab believe they have identified six members of the “Against The West”
    hacking group, according to a report published Sunday by state-controlled media. The report implicitly alleges without evidence that the hackers are connected to or sponsored by Western nation-states.. The six display “a clear pro-US and pro-West slant,”
    the Global Times tabloid newspaper wrote. Members of Against The West
    (ATW) indeed have described themselves as pro-Western and claim to have targeted organizations that are “against the West.”

  24. Tomi Engdahl says:

    Exploit released for critical Fortinet RCE flaws, patch now
    Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability (CVE-2022-39952) in Fortinet’s FortiNAC network access control suite. Fortinet disclosed the security issue on February 16 and calculated a severity score of 9.8. The vendor warned that it could be leveraged by an unauthenticated attacker to write arbitrary files on the system and achieve remote code execution with the highest privileges

  25. Tomi Engdahl says:

    Sensitive US military emails spill online
    A government cloud email server was connected to the internet without a password The exposed server was hosted on Microsofts Azure government cloud for Department of Defense customers, which uses servers that are physically separated from other commercial customers and as such can be used to share sensitive but unclassified government data. The exposed server was part of an internal mailbox system storing about three terabytes of internal military emails, many pertaining to U.S. Special Operations Command, or USSOCOM, the U.S.
    military unit tasked with conducting special military operations

  26. Tomi Engdahl says:

    Irish TV broadcaster says attempted hack will affect programming
    Virgin Media Television, the Irish broadcaster, said on Monday that an attempted hack was going to impact its programming in coming days. The nature of the attack has not been specified, although a spokesperson told The Record it was not a ransomware attack

  27. Tomi Engdahl says:

    Kela varoittaa Kanta- ja Omakanta-palvelujen nimissä liikkeellä olevista huijausviesteistä
    Huijauksiin voi törmätä sähköpostiviestissä, sosiaalisessa mediassa tai hakukoneissa. Kela muistuttaa ettei Kanta-palvelut koskaan kysy henkilötietoja sähköpostitse tai tekstiviestillä

  28. Tomi Engdahl says:

    Coinbase says some employees’ information stolen by hackers
    Crypto exchange Coinbase has confirmed that it was briefly compromised by the same attackers that targeted Twilio, Cloudflare, DoorDash, and more than a hundred other organizations last year

  29. Tomi Engdahl says:

    DNA testing biz vows to improve infosec after criminals break into database it forgot it had
    A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old “legacy” database the company forgot it had

  30. Tomi Engdahl says:

    Clumsy ships, one Chinese, sever submarine cables that connect Taiwanese islands
    In early February, life got a little harder in Matsu when two submarine cables providing internet service were damaged. Last week, the deputy chairman and spokesman of Taiwan’s National Communications Commission Weng Baizong told local media one of the cables was damaged by a Chinese fishing boat, while the other was damaged by an unknown freighter.

  31. Tomi Engdahl says:

    Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS
    The vulnerabilities represent a significant breach of the security model of macOS and iOS which relies on individual applications having fine-grained access to the subset of resources they need and querying higher privileged services to get anything else.. Services that accept NSPredicate arguments and check them with insufficient NSPredicateVisitors allow malicious applications and exploit code to defeat process isolation and directly access far more resources than should be allowed. These issues were addressed with macOS 13.2 and iOS 16.3.

  32. Tomi Engdahl says:

    New Stealc malware-as-a-service targets web browsers, crypto wallets, email clients
    Researchers have identified a popular new information stealer being advertised for purchase on Russian-speaking dark web forums. Stealc is a ready-to-use stealer that can compete with other popular malware families such as Vidar, Raccoon, Mars and Redline, according to a report published by threat intelligence company this week.

  33. Tomi Engdahl says:

    New S1deload Stealer malware hijacks Youtube, Facebook accounts
    An ongoing malware campaign targets YouTube and Facebook users, infecting their computers with a new information stealer that will hijack their social media accounts and use their devices to mine for cryptocurrency.. Security researchers with Bitdefender’s Advanced Threat Control (ATC) team discovered the new malware and dubbed it S1deload Stealer due to its extensive use of DLL sideloading for evading detection.

  34. Tomi Engdahl says:

    Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
    In what’s a continuing assault on the open source ecosystem, over
    15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. “The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another,” Checkmarx researcher Yehuda Gelb said in a Tuesday report.

  35. Tomi Engdahl says:

    Activision confirms data breach exposing employee and game info
    Activision has confirmed that it suffered a data breach in early December 2022 after hackers gained access to the company’s internal systems by tricking an employee with an SMS phishing text. The video game maker says that the incident has not compromised game source code or player details.

  36. Tomi Engdahl says:

    Russia blames hackers as commercial radio stations broadcast fake air strike warnings
    Commercial radio stations across Russia on Wednesday morning broadcast warnings about air raids and missile strikes. The Ministry of Emergency Situations said the broadcasts were the “result of a hacker attack.”

  37. Tomi Engdahl says:

    Scammers Mimic ChatGPT to Steal Business Credentials
    Scammers are capitalizing on the runaway popularity of and interest in ChatGPT, the natural language processing AI impersonating it in order to infect victims with a Trojan malware called Fobo, in order to steal login credentials for business accounts.

  38. Tomi Engdahl says:

    Euroopan komissio kielsi TikTokin käytön
    Euroopan komissio on kieltänyt henkilökuntaansa käyttämästä TikTok-sovellusta virallisissa laitteissa. Kielto perustuu tietosuojaa koskeviin huolenaiheisiin, kertoi komission tiedottaja uutistoimisto AFP:lle torstaina.

  39. Tomi Engdahl says:

    Kela varoittaa huijausviesteistä: rikolliset yrittävät saada haltuunsa suomalaisten henkilötietoja
    Kela varoittaa, että Kanta-palvelujen ja Omakannan nimissä liikkuu nyt paljon huijausviestejä, joiden kautta rikolliset yrittävät saada haltuunsa suomalaisten henkilötietoja. Henkilötietojen lisäksi kalasteluviesteillä saatetaan tavoitella vastaanottajan pankkitunnuksia.

  40. Tomi Engdahl says:

    Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
    Cybersecurity researchers are warning of “imposter packages” mimicking popular libraries available on the Python Package Index (PyPI) repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3.

  41. Tomi Engdahl says:

    Microsoft urges Exchange admins to remove some antivirus exclusions
    Microsoft says admins should remove some previously recommended antivirus exclusions for Exchange servers to boost the servers’
    security. As the company explained, exclusions targeting the Temporary ASP.NET Files and Inetsrv folders and the PowerShell and w3wp processes are not required since they’re no longer affecting stability or performance. However, admins should make a point out of scanning these locations and processes because they’re often abused in attacks to deploy malware

  42. Tomi Engdahl says:

    Royal Mail schools LockBit in leaked negotiation
    The LockBit group has finally given up any prospect of extracting a ransom from Royal Mail and published the files it stole from the company in a recent ransomware attack. The leak brings weeks of negotiations to a close, leaving Royal Mail without a decryptor, and LockBit without a payday

  43. Tomi Engdahl says:

    Dutch Police arrest three ransomware actors extorting 2.5 million
    The Amsterdam cybercrime police team has arrested three men for ransomware activity that generated 2.5 million from extorting small and large organizations in multiple countries. The suspects, all young men aged between 18 and 21, are charged with stealing sensitive data from victim networks and demanding a ransom. It is believed that they attacked thousands of companies. Victims include online shops, software firms, social media companies, and institutions connected to critical infrastructure and services

  44. Tomi Engdahl says:

    Cheaters Will Never Be Welcome in Dota
    Valve has permanently banned over 40,000 accounts that were using third-party software to cheat in Dota over the last few weeks. This software was able to access information used internally by the Dota client that wasn’t visible during normal gameplay, giving the cheater an unfair advantage

  45. Tomi Engdahl says:

    News Corp says state hackers were on its network for two years
    Mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020. This was revealed in data breach notification letters sent to employees affected by the data breach, who had some of their personal and health information accessed, while the threat actors had access to an email and document storage system used by several News Corp businesses.

  46. Tomi Engdahl says:

    Whos Behind the Botnet-Based Service BHProxies?
    A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Heres a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.

  47. Tomi Engdahl says:

    Dish Network goes offline after likely cyberattack, employees cut off
    American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. The widespread outage affects, Dish Anywhere app as well as several websites and networks owned by the corporation. Customers also suggest the company’s call center phone numbers are unreachable. A source in touch with a Dish Network employee told BleepingComputer that the network “has been hit”
    (by a cyber attack) with employees seeing “blank icons” on their Desktopsomething that typically occurs after a ransomware infection encrypts the victim’s files. Hours after publication of this piece, another Dish Network employee contacted BleepingComputer stating that Dish has indeed been “cyber attacked.”

  48. Tomi Engdahl says:

    Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit
    This week, researchers at Horizon3 cybersecurity firm have released a proof-of-concept exploit for a critical-severity vulnerability, tracked as CVE-2022-39952, in Fortinets FortiNAC network access control solution. Unfortunately, the threat actors started exploiting the Fortinet FortiNAC vulnerability CVE-2022-39952 the same day
    Horizon3 released the PoC exploit. The nonprofit cybersecurity organization Shadowserver reported that attackers started targeting its honeypots in an attempt to exploit the flaw.


Leave a Comment

Your email address will not be published. Required fields are marked *