SolarWinds reports $3.5 million in expenses from supply-chain attack
By
SolarWinds has reported expenses of $3.5 million from last year s supply-chain attack, including costs related to incident investigation and remediation.
Further expenses were recorded by SolarWinds after paying for legal, consulting, and other professional services related to the December hack and provided to customers for free.
Additional costs expected
While $3.5 million doesn t seem too much compared to the aftermath of the SolarWinds supply-chain attack, the incurred expenses reported so far were recorded through December 2020, with significant additional costs being expected throughout the next financial periods. Costs related to the Cyber Incident that will be incurred in future periods will include increased expenses associated with ongoing and any new claims, investigations and inquiries, as well as increased expenses and capital investments related to our Secure By Design initiatives, increase
Cash App phishing kit deployed in the wild, courtesy of 16Shop
By
03:29 AM
The developer of the 16Shop phishing platform has added a new component that targets users of the popular Cash App mobile payment service.
Deployment of the new 16Shop product started as soon as it became available, luring potential victims into providing sensitive details that would give fraudsters access to the account and the associated payment information.
16Shop is a complex phishing kit from a developer known as DevilScream, who set up a protection mechanism against unlicensed use and research activity.
The kit is commercially available and localized in multiple languages. Until recently, it provided code and templates to steal login credentials and payment card details for PayPal, Amazon, Apple, and American Express.
Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average.
Malicious NPM packages target Amazon, Slack with new dependency attacks
By
12:14 AM
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new Dependency Confusion vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers.
Last month, BleepingComputer reported that security researcher Alex Birsan earned bug bounties from 35 companies by utilizing a new flaw in open-source development tools.
This flaw works by attackers creating packages utilizing the same names as a company s internal repositories or components. When hosted on public repositories, including npm, PyPI, and RubyGems, dependency managers would use the packages on the public repo rather than the company s internal packages when building the application.
American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks.