October 2021 - Page 2 of 7 - Cyber Security Minute

Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API

Issued by: Security Week

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this. Specifically, the manner in which the offending add-ons interacted with the API prevented users from accessing updated blocklists, from downloading updates, and from updating content remotely configured. According to Mozilla, a…

Application Security

Facebook Sues Ukrainian for Scraping, Selling Data of 178 Million Users

Issued by: Security Week

The defendant is Alexander Alexandrovich Solonchenko, whom Facebook says used the online monikers “Solomame” and “barak_obama” on the RaidForums hacker forum, where he allegedly sold illegally obtained information. According to the social media giant, Solonchenko, who worked as a freelance computer programmer, abused its Contact Importer tool to scrape the user IDs and phone numbers…

Vulnerabilities

Researcher Earns $2 Million for Critical Vulnerability in Polygon

Issued by: Security Week

Specifically, a user could deposit a specific amount to the Polygon Plasma Bridge, withdraw the entire sum, and then submit the same withdrawal transaction an additional 223 times, each time receiving the full amount. Basically, one could deposit $1 million and withdraw $224 million. With the DepositManager for the Plasma Bridge holding roughly $850 million…

Application Security, Cloud Security, Network Security

Cybersecurity M&A Roundup for October 11-24, 2021

Issued by: Security Week

A total of 15 cybersecurity-related acquisitions were announced October 11-24, 2021. Ampa acquires CSS Assure Legal and professional services company Ampa has acquired cybersecurity firm CSS Assure, which specializes in data protection and risk management. Both companies are based in the UK. The CSS Assure brand will remain. Cellebrite acquires Digital Intelligence Israel-based digital intelligence…

Application Security

Snap’s Stock Drops as iPhone Privacy Controls Pinch Ad Sales

Issued by: Security Week

The revelation in Snap Inc.’s third-quarter earnings report sparked a sell-off in after-hours trading that could foreshadow one of the biggest one-day drops in the company’s stock since it went public in 2017. Snap’s shares plunged by nearly 22% in Thursday’s extended trading. If that decrease is mirrored in Friday’s regular trading session, it will…

Vulnerabilities

Facebook Introduces New Tool for Finding SSRF Vulnerabilities

Issued by: Security Week

According to the definition provided by OWASP, a SSRF attack enables an attacker to abuse a server’s functionality to read or update internal resources. “The attacker can supply or modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be…

Network Security

Organizations Can Now Try Out End-to-End Encrypted Microsoft Teams Calls

Issued by: Security Week

First announced at the tech giant’s Ignite event in March, end-to-end encryption (E2EE) for one-to-one Teams calls is now rolling out to public preview. Organizations can take advantage of the new capability, but IT admins and users will have to manually enable it. When E2EE is used, conversations are encrypted in a way that prevents…

Malware & Threats

Two Bulletproof Hosting Administrators Sentenced to Prison in U.S.

Issued by: Security Week

Between 2009 and 2015, the two individuals – Aleksandr Skorodumov, 33, of Lithuania, and Pavel Stassi, 30, of Estonia – served as administrators for an organization that offered bulletproof hosting to malware families such as Citadel, SpyEye, Zeus, and the Blackhole exploit kit. The organization, which was founded and led by Russian nationals Aleksandr Grichishkin…

Malware & Threats

Former Execs of Cybersecurity Firm GigaTrust Charged With Financial Fraud

Issued by: Security Week

The charges, announced on Wednesday by the U.S. Justice Department, target Robert Bernardi, the Virginia-based company’s founder and CEO, Nihat Cardak, the firm’s chief financial officer, and Sunil Chandra, former VP of business development. Founded in 2001, GigaTrust provided endpoint email security and document in-use protection solutions to enterprises and government organizations. The company filed…

Malware & Threats

US to Curb Hacking Tool Exports to Russia, China

Issued by: Security Week

The rules, which are set to go into force in 90 days, would prevent the sale of certain software or devices to a list of countries unless approved by a bureau of the Commerce Department. “The United States opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these…