By AMSAT April 2,2020
A Brief Weekly Review of Top Stories that Dominated the Cyberworld
The cyberworld saw its fair share of events in the outgoing week: from a bug in ‘netmask’ npm package that affected hundreds of thousands of projects to several ransomware gangs targeting vulnerable exchange servers, and so on. But the development that stood out in the entire week was the event where German lawmakers were targeted by Russian threat actors.
Here’s a brief review of what took place in the past week.
German MPs Again Targeted by Russian Threat Actors: Report
As per local media, many German lawmakers fell victim to a cyber-attack, with security experts conjecturing Russian hackers might be behind the incident.
Der Spiegel weekly said that cybercriminals used phishing emails to gain access to the computers of at least seven federal MPs and 31 lawmakers in regional parliaments.
The magazine added that it was not clear whether any sensitive information was accessed.
280,000 Projects Affected by Vulnerability in ‘Netmask’ npm Package
Security expects suspected that a flaw in the netmask npm package could expose private networks and lead to a wide range of attacks, including malware delivery.
Tracked as CVE-2021-28918, the newly identified issue resided in the fact that the package would erroneously read octal encoding, essentially resulting in the misapprehension of supplied IP addresses.
Due to this bug, netmask would consider private IP addresses as external IP addresses and the other way around, thus opening the door to a variety of attacks, depending on the manner in which the package is used.
Vulnerable Exchange Servers Targeted by More Ransomware
The Black Kingdom/Pydomer ransomware operators joined the ranks of cybercriminals targeting the Exchange Server bugs that Microsoft revealed in early March.
The four zero-day flaws had been targeted in live attacks well before patches were released for them on March 2. The number of unpatched Exchange installations plummeted drastically, going from roughly 80,000 on March 14 to fewer than 30,000 on March 22.
Ready to Get Started?
Our specialists are ready to tailor our security service solutions to fit the needs of your organization.