Cyber Bites

A new survey of 450 top finance and risk professionals at UK-listed companies have found that nearly two-thirds of organisations have experienced a data breach or cyber attack in the first year and a half of the pandemic. The research also found that the rise in cyber attacks led to the loss of money and revenue, which has cost UK businesses £374 million during that time. The research discovered that the majority of the attacks...

Qubit Finance revealed last week that attackers exploited a vulnerability in its QBridge deposit function, resulting in a loss of $80m. The hackers stole a large amount of Ethereum by converting it into Binance coins and exploiting the vulnerability to withdraw the Binance tokens without depositing any of the Ethereum. Qubit has addressed the attackers directly on Twitter: “We propose you to negotiate directly with us before taking any further action. The exploit and loss of...

On Thursday 27th of January, the Biden-Harris Administration announced it will extend the Industrial Control Systems (ICS) Cybersecurity Initiative to the water sector. The Water Sector Action plan outlines surge actions that will take place over the next 100 days to improve the cybersecurity of the sector. The action plan was developed in close partnership with the Environmental Protection Agency (EPA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Water Sector Coordinating Council (WSCC)....

Bitdefender's Mobile Threat researchers have warned about some newly discovered Flubot and Teabot campaigns. The researchers claim that since December 2021 they have intercepted over 100,000 malicious SMS messages which were aiming to distribute Flubot malware. The researchers have said that they have observed that the attacks are more active in Germany, Spain, Poland, Australia, Italy and Austria, as well as newer countries in January such as Thailand, the Netherlands and Romania. "We determined it...

Discord has announced that it suffered a 'massive outage', which affected user login and the voice chat features. The outage begun at 2:49 PM EST and came down to an issue with the application programming interface (API) that interrupted the communication between various services. While this issue was quickly resolved, Discord discovered another problem with a database cluster. In a statement Discord explained: "We have identified the underlying issue with the API outage but are...

Yesterday, Elliptic, a blockchain security company, alongside multiple other users, took to Twitter to speak out about a bug found in OpenSea, an NFT marketplace. A flaw in the platform has allowed attackers to buy NFTs for a price much lower than what is listed on the platform. The issue affects Mutant Ape Yacht Club, Bored Ape Yacht Club, Cyberkongz and Cool Cats NFTs. Elliptic said that they have "identified at least three attackers who...

In protest of President Alexander Lukashenko and Russian troop movements through the country, Belarussian hacktivists have launched a ransomware attack against the railway systems. The Cyber-Partisans announced their attack on Twitter on Monday, along with a list of demands in exchange for the encryption keys. The attack has crippled the system and disrupted ticket sales, however automation and security systems were left unaffected in case of emergency situations. The tweets read: "At the command of the...

The Cybersecurity and Infrastructure Security Agency (CISA) this week have added seventeen actively exploited vulnerabilities to the Known Exploited Vulnerabilities Catalog. These latest vulnerabilities bring the catalog up to a total of 341 vulnerabilities, and 10 of the newest 17 must be patched by the first week of February. In the list of 17 vulnerabilities, two are especially interesting: CVE-2021-32648 and CVE-2021-35247. The vulnerability tracked as CVE-2021-32648 must be patched by the first week of...

The government has claimed that its newly introduced Online Safety Bill will make the UK "the safest place in the world to be online", but some have criticised the bill, warning that it doesn't go far enough to combat things like cyber-flashing, child abuse or violence against women and girls.   The BBC reported that MPs said the bill's definition of illegal content must be re-framed, and more should be done to define the risk...

This week, Americans have been warned to watch out for maliciously crafted QR codes aimed at stealing credentials and financial information. The FBI posted this warning on their Internet Crime Complaint Center (IC3) last week. In the statement, the law enforcement agency said: "Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information." Hackers are switching legitimate QR codes posted or advertised by businesses with their own,...