TMX Data Breach Affects Millions
TMX, a consumer lending company, recently reported a data breach that affected over 4.8 million customers. The breach, which began in December 2022 and was discovered in February 2023, potentially exposed personal and financial information. TMX responded by resetting employee passwords, adding endpoint monitoring, and offering credit monitoring to impacted customers.
The Hidden Dangers of Remote Work
A recent report by security firm Lookout highlights the increased risks associated with remote and hybrid work. The study found that a majority of remote workers use personal devices and unapproved apps, leading to corporate data being accessed through insecure means. Additionally, the report revealed that many remote workers use the same password for work and personal accounts, further increasing the risk of data breaches.
Western Digital Confirms Network Compromise
Western Digital, a leading storage solutions provider, confirmed a network breach that disrupted its business operations and affected its My Cloud services. The company is working to resolve the issue and restore access to users’ cloud-hosted data.
Mullvad and Tor Network Collaborate on Privacy Browser
Mullvad VPN has partnered with the Tor onion network to create a new privacy-focused browser. Based on a forked version of Firefox, the Mullvad browser aims to reduce the metadata revealed to advertisers and enhance user privacy without directly connecting to the Tor network.
Pinduoduo Addresses Malware Concerns
Following the discovery of malware in its Android app, Pinduoduo updated the app to remove the malicious code and disbanded the team responsible for its development. The company has since shifted most of the affected staff to work on its popular ecommerce app, Temu.
OneNote Implements File Extension Blocking
Microsoft has begun blocking potentially dangerous file extensions in OneNote to improve security. This move comes after a surge in campaigns targeting the app following a researcher’s disclosure about Mark-of-the-Web protections not being applied to OneNote attachments.
Hack the Pentagon: DoD Expands Bug Bounty Program
The US Department of Defense has launched a new Hack the Pentagon website, expanding its existing bug bounty program to facilitate continuous testing of its systems by vetted security researchers. The website aims to streamline the onboarding process for new researchers and improve overall cybersecurity.
Arid Viper Hacking Group Upgrades Malware Arsenal
The Arid Viper hacking group, also known as Mantis, APT-C-23, and Desert Falcon, has updated its malware toolkit for cyber attacks against Palestinian entities. Security firm Symantec has been tracking the group’s activity and reports that the attackers are working diligently to maintain a presence within targeted networks.
Cryptocurrency Companies Targeted in 3CX Supply Chain Attack
A recent supply chain attack on 3CX, a communications software provider, has been linked to a second-stage imposter attack on several cryptocurrency companies. The versatile backdoor malware Gopuram, which has connections to North Korea, was observed in increased infections during the same period as the 3CX attack. Gopuram’s primary function is to connect to a command-and-control (C2) server and await further instructions. The ultimate goal of the campaign appears to be the infection of targets with the modular backdoor, although it remains unclear whether any sensitive data or cryptocurrency has been stolen.
The initial phase of the operation took place between late summer and early fall 2022, targeting sectors such as healthcare and finance. The attackers compromised 3CX’s development environment and delivered trojanized versions of the legitimate app to the company’s downstream customers, in a similar fashion to the SolarWinds or Kaseya-like supply chain attacks. A notable component of the infection, “d3dcompiler_47.dll,” exploited an old Windows flaw (CVE-2013-3900) to incorporate encrypted shellcode without invalidating its Microsoft-issued signature.
That wraps up todays cybersecurity brief. As always stay safe, stay vigilant and we’ll see you again tomorrow with another update!