security news

Festive Cyber Attacks: Top Cybersecurity News from the Week of Christmas 2022

The holiday season might be upon us, but cybercriminals are far from taking a break. In fact, reports have shown that cyberattack attempts increase by an average of 70% during the last two weeks of December. But why? As previous years have shown, companies often become less responsive during the holiday season, and their workforce is also stretched. 

Unfortunately, this year is no different. As we prepare for a joyful Christmas and new year, threat actors are exploiting the holiday distractions to launch a barrage of new threats. Here are some of the most notable cybersecurity news from the week:


Okta GitHub breach 

Okta, a market leader in identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized user. 

“There is no impact to any customers, including any HIPAA, FedRAMP, or DoD customers,” the company said in a public statement. The breach started by threat actors gaining access to Okta’s Workforce Identity Cloud (WIC) code repositories hosted on GitHub. The access was subsequently abused to copy the source code. The company stated that the incident was reported to them by GitHub in early December. 


Microsoft fined €60 million for breaching user privacy 

France’s privacy watchdog has imposed a €60 million fine against Microsoft’s Ireland subsidiary for dropping advertising cookies in users’ computers without their explicit consent in violation of data protection laws in the European Union.

The Commission nationale de l’informatique et des libertés (CNIL) noted that users visiting the home page of its Bing search engine did not have a “mechanism to refuse cookies as easily as accepting them.” The authority, which carried out an online audit between September 2020 and May 2021 following a complaint it received in February 2020, stated the tech giant deposited cookies with the aim to serve ads and fight advertising fraud without getting a user’s permission beforehand, as is required by law.


Android banking trojan is targeting over 400 banking and crypto apps

An Android banking trojan known as GodFather is being used to target users of more than 400 banking and cryptocurrency apps across 16 different countries. 

This includes 215 banks, 94 crypto wallet providers, and 110 crypto exchange platforms serving users in the U.S., Turkey, Spain, Italy, Canada, and Canada. 

The malware, like many financial trojans targeting the Android ecosystem, attempts to steal user credentials by generating convincing overlay screens (web fakes) that are served atop target applications.

security news

Figure: Targets of the GodFather Trojan (source: Bleeping Computer)


Facebook Cracks Down on Spyware Vendors

Meta Platforms disclosed that it took down no less than 200 covert influence operations since 2017 spanning roughly 70 countries across 42 languages.

The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia, Israel, the U.S. and India, that targeted individuals in about 200 countries.

“The global surveillance-for-hire industry continues to grow and indiscriminately target people – including journalists, activists, litigants, and political opposition – to collect intelligence, manipulate and compromise their devices and accounts across the internet,” the company noted in a report published last week.


Critical vulnerability reported in a major enterprise password management system

Several high-severity security flaws have been disclosed in the “Passwordstate” password management solution. These vulnerabilities can be potentially exploited by an unauthenticated remote adversary to obtain a user’s plaintext passwords.

“Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within the application,” Swiss cybersecurity firm modzero AG said in a report published this week.

“Some of the individual vulnerabilities can be chained to gain a shell on the Passwordstate host system and dump all stored passwords in cleartext, starting with nothing more than a valid username.”

Passwordstate currently has over 29,000 customers and is used by more than 370,000 IT professionals. This potential vulnerability can expose this large number of users to unprecedented threats. 

For more latest cybersecurity news and insights into the world of cybersecurity, follow Code Red on Twitter and LinkedIn.




Back to Knowledge Hub