On @ax | This account now legacy.
---------------------------------------
Security Researcher, Editor, Tech Reporter
Bylines & contributions: BleepingComputer, BBC, TechCrunch, WIRED, CSOOnline, Security Report
British Association of Journalists (BAJ),
Canadian Association of Journalists (CAJ)
📍🇬🇧🇮🇳🇨🇦
🦋 Bluesky https://bsky.app/axsharma.com
🌐 axsharma.com
This Friday morning—which is payday for most in the UK, starts with a widespread outage affecting Lloyds Bank, TSB, Bank of Scotland and Halifax customers.
Customers report issues logging in to Internet banking and mobile apps.
https://www.bleepingcomputer.com/news/technology/major-uk-banks-including-lloyds-halifax-tsb-hit-by-outages/
Yellow Pages Canada confirms cyber attack as Black Basta #ransomware gang posts private business, customer and employee data on its data leak site.
TELUS, Canada's second-largest telco, is investigating a potential #databreach after sample sets of company's employee data, payroll records, and private GitHub repos appeared on a data breach forum this week.
https://www.bleepingcomputer.com/news/security/telus-investigating-leak-of-stolen-source-code-employee-data/
Too early to conclude that an incident indeed occurred at TELUS or rule out a third-party vendor breach.
Employee names do check out though and correspond to present-day technical staff, like devs.
Screenshots further show many folders within GitHub repo, with TA claiming to even sell the company's "sim-swap-api," and calling this a "FULL breach."
TELUS says it is investigating and has thus far not seen corporate/retail customers impacted.
Check out today's Metacurity for the latest infosec news you might have missed over the weekend. Lead items via @axsharma @jgreig @kevinvaline @chriskingspain @billtoulas @jagmeetsingh @AmondoZhou 1/2
https://metacurity.substack.com/p/new-ransomware-threat-actor-darkbit
NEW: #Eurostar is forcing 'password reset' for everyone in a mass email sent out this week. But, when you actually try to reset password, 'technical problems' make it impossible, effectively locking passengers out of their accounts.
Observed the problem yesterday and it continues well into today. This has left passengers around the world frustrated with some even mistaking this for a #phishing attempt or worse, a data breach.
Eurostar had last enforced password resets in 2018 following a data breach. Have reached out to them with a set of questions as to what's prompting this. Their advice to clear cookies or 're-register' with the same email does not work.
Pepsi Bottling Ventures, PepsiCo's largest independent U.S. manufacturer and seller of Pepsi-Cola beverages discloses a data breach after an info-stealing malware infection that lasted 27-days.
Reporting by Bill Toulas.
https://bleepingcomputer.com/news/security/pepsi-bottling-ventures-suffers-data-breach-after-malware-attack/
#databreach
New 'DarkBit' #ransomware gang has hit Technion - Israel's Institute of Technology 🇮🇱
From attacking the Israeli "regime" to calling out tech layoff, the gang's motives seem multifaceted.
https://www.bleepingcomputer.com/news/security/ransomware-hits-technion-university-protests-tech-layoffs-and-israel/
The ransom note, that has #DarkBit demanding roughly $1.7 million, implies the group's members were part of university's tech layoffs, with the attack being a way to avenge the firing.
Microsoft's WinGet package manager is failing today after an SSL/TLS certificate used by its CDN expired over the weekend.
Until Microsoft renews the cert, a viable solution identified by developers is to use an alternate WinGet source, such as winget.azureedge[.]net.
Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code.
The #ransomware attack on Royal Mail that had caused heavy disruptions to its international shipping ops has been claimed by #LockBit gang.
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-claims-royal-mail-cyberattack/
LockBit had earlier denied being behind the cyber attack and blamed the mishap on an affiliate. They are now, however, threatening to leak the allegedly stolen data on its leak site. Like earlier, they still haven't explained exactly what data was stolen, if any.
This adds to a series of chaotic developments at Royal Mail—from the ongoing CWU strikes from workers, to multiple IT outages of last year, at least one of which led to Tracking services being unavailable for days.
Bermuda hit by a major island-wide power outage last night that impacted much of the region's internet connectivity. Some customers additionally reported losing phone connection.
https://www.bleepingcomputer.com/news/technology/bermuda-hit-by-widespread-internet-outage-amid-power-cut/
Bermudian government has called the "mass-outage" at BELCO, Bermuda's sole electricity provider, a "serious incident"
Both NetBlocks and Cloudflare Radar confirmed seeing a noticeable dip in the island's internet connectivity following the power cut.
RubyInstaller[.]org's Wikis poisoned since Nov 29th, 2022 with links to malware and IP tracing/logging site, IPlogger.
Malware ZIP: e811cea654c10c0efe2618bf9d20e60c15497e8207cf5d8096aa75bab1e28573
Looks like they just fixed these today. The wiki homepage too.
Nov 29: https://github.com/oneclick/rubyinstaller/wiki/Development-Kit/98598eb2f613aa98c0232aa5f7f4af00d413475f
Dec 1: https://github.com/oneclick/rubyinstaller/wiki/Home/67abb9a2e21279d0bc4b5cc729277aba45be5fca
#opensource
Confirmed: U.S. No Fly List posted publicly on hacking forum last week is the same list discovered recently on CommuteAir's misconfigured AWS server, news of which was first reported by Daily Dot reporter Mikael Thalen!
Catch me with legendary Alexis Conran on Channel 5's "Phone Scams" — hour long episodes run Wednesdays at 8 PM🇬🇧 where we dive into a variety of scams 🙌📸
➡️ TOMORROW, Feb 1 @ 8pm: Ep 2
➡️ Next week, Feb 8: Ep 3
Playing catch up? Just log in with your (free) Channel 5 account from within the UK.
https://www.channel5.com/show/phone-scams-don-t-get-caught-out/season-1/episode-3
Don't miss today's packed Metacurity for the latest infosec developments you need to know. Lead items via @josephmenn @jesseahamilton @lawrenceabrams @serghei @axsharma @IonutArghire 1/2 https://metacurity.substack.com/p/fbi-confirms-north-koreas-lazarus
Threat actors are abusing Google Ads to deliver bogus email invites enticing users to visit sex and adult dating websites.
The feature is otherwise used by Google Ads account administrators to add new users to admin interface.
Reporting the email as spam would likely block legitimate emails from Google as well 😬
No way to fix the issue just yet. Still waiting to hear back from Google.
Ever since the publication of this piece, "noindex" has magically disappeared from ALL versions of Slack's 31st December security update -- US, UK, Spain, Australia, what have you 🙂 with the entry now clearly visible on the company's (international) news blogs too.
JUST IN: In a statement, the creator of counterfeit PyTorch dependency (''torchtriton') has apologized and stressed that their intent wasn't malicious.
They claim collecting sensitive data, including keys and secrets—which they call a "wrong decision," was to better identify victims.
Either way, the end result is just that - those targeted will need to rotate their secrets/keys and treat this like any other intrusion. A lesson in ethical hacking and where to stop.
PyTorch reveals malicious dependency chain compromise between Dec 25th & 30th.
The counterfeit 'torchtriton' stole SSH keys, first 1000 files in $HOME, .gitconfig and other secrets. But the attacker claims they are only collecting "metadata," and wrongly implying that this is ethical research.
2,300+ downloads seen so far on PyPI.
Uninstall now 👇👇👇
https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/
#opensource
