It takes as less as $25 to create customized hacking tools for compromising systems. Threat actors around the world are adapting newer and fool-proof ways, making email security a bigger concern.
Welcome to August’s second email security breach news. From an invitation to hack Starlink satellites to CISCO being breached and from blockchain bridges having massive troubles to Twilio hack, this week’s cybersecurity news stories competed to get into our recap.
We chose two of them. Read more below.
Researchers have found a ‘never-seen-before’ malware used by North Korean hackers for secretly reading and downloading emails and attachments. They’re infecting Gmail and AOL accounts by fooling users into installing a browser extension in Chrome and Edge browsers. The email services aren’t able to trace the extension, and since the browser has already passed multi-factor authentication tests, it’s failing to prevent the account compromise.
Also, the extension isn’t openly available on any sources like Google Chrome’s Web Store or Microsoft’s add-on page, making it challenging for the Gmail team to combat it.
As per Volexity, the malware, which is dubbed SHAPREXT by researchers, has been in use for over the years and has been created by a hacking group named SharpTongue. It’s sponsored by the North Korean government and overlaps with another hacking group named Kimsuky.
SHAPREXT has the US, Europe, and South Korea-based organizations under its radar as they deem risky to South Korea’s national security to them.
As per the research, the malware is installed using spear phishing and social engineering techniques where targets are manipulated into the opening and downloading malicious attachments. It’s more dangerous as it gets installed without the users’ consent and knowledge. Although it’s currently infecting Windows users, Steven Adair, CEO and founder of Volexity, warned of its possibility of attacking macOS and Linux users as well.
The cybercriminals behind this operation have been careful about how Chrome’s security system prevents cyberattacks by making changes to sensitive user settings. So, every time there’s a change, the browser takes a cryptographic hash of the code for verification. If they don’t match, it requests restoration of previously chosen settings.
A Twitter vulnerability lets bad actors steal account names and email addresses of over 5 million Twitter accounts, including celebrities, companies, and other users. The officials stated that there’s nothing that users can do from their end to stop or undo this. However, turning on multi-factor authentication can be a preventive step.
At the start of this year, Twitter received a report regarding a vulnerability which stated that if a user enters an email address or phone number to Twitter, its system would tell who it is associated with.
In July 2022, Twitter found that over 5.4 million accounts were sold on a hacker form for $30,000. The officials have claimed to inform the owners of compromised accounts directly.
This week’s email security breach news has given more support to the fact that the cyberworld isn’t safe. You should be careful while using the internet, as anyone can come under the radar of hackers.
We will be coming with more email security news next week. Till then and browse safely!
The post Weekly Email Security News Recap #2 [August 2022] appeared first on EasyDMARC.
*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by Hasmik Khachunts. Read the original post at: https://easydmarc.com/blog/weekly-email-security-news-recap-2-august-2022/