Major BGP leak disrupts thousands of networks globally
www.bleepingcomputer.com/news/security/major-bgp-leak-disrupts-thousands-of-networks-globally/ A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world. Although the BGP routing leak occurred in Vodafone’s autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources.
Combating Sleeper Threats With MTTD
securityintelligence.com/articles/sleeper-threats-mean-time-to-detect/ During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019. Although these early versions did not contain the malicious backdoor (this was added in March 2020), it means attackers were able to remain hidden for a long time.
Biden Races to Shore Up Power Grid Against Hacks
threatpost.com/biden-power-grid-hacks/165428/ A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their cybersecurity protections against hackers in the next 100 days, amid increasing cyberattacks.
Codecov discloses 2.5-month-long supply chain attack
therecord.media/codecov-discloses-2-5-month-long-supply-chain-attack/ Codecov, a software company that provides code testing and code statistics solutions, disclosed on Thursday a major security breach after a threat actor managed to breach its platform and add a credentials harvester to one of its tools. The impacted product is named Bash Uploader and allows Codecov customers to submit code coverage reports to the company’s platform for analysis. Lisäksi:
Google’s Project Zero updates vulnerability disclosure rules to add patch cushion
therecord.media/googles-project-zero-updates-vulnerability-disclosure-rules-to-add-patch-cushion/ The Google Project Zero security team has updated its vulnerability disclosure guidelines today to add a cushion of 30 days to some security bug disclosures, so end-users have enough time to patch software and prevent attackers from weaponizing bugs.
BazarLoader Malware Abuses Slack, BaseCamp Clouds
threatpost.com/bazarloader-malware-slack-basecamp/165455/ Two cyberattack campaigns are making the rounds using unique social-engineering techniques. The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said.
Swinburne University confirms over 5, 000 individuals affected in data breach
www.zdnet.com/article/swinburne-university-confirms-over-5000-individuals-affected-in-data-breach/ Swinburne University of Technology has confirmed personal information on staff, students, and external parties had inadvertently made its way into the wild. It said it was advised last month that information of around 5, 200 Swinburne staff and 100 Swinburne students was available on the internet.
iOS Kids Game Morphs into Underground Crypto Casino
threatpost.com/ios-kids-game-crypto-casino/165450/ A malicious Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality. A kids’ game called “Jungle Run” that, until recently, was available in the Apple App store, was secretly a cryptocurrency-funded casino set up to scam people out of money.