[ad_1]
2021 is over, and we are able to look ahead to a hopefully more healthy, safer, and extra regular 2022.
Nonetheless, it was an enormous 12 months for expertise and cybersecurity with huge cyberattacks and knowledge breaches, modern phishing assaults, privateness considerations, and naturally, zero-day vulnerabilities.
Some tales, although, have been extra in style to our readers than others.
Under we record the ten hottest tales at BleepingComputer throughout 2021, with a abstract of every.
10. Fired NY credit score union worker nukes 21GB of knowledge in revenge
A former New York credit score union worker pleaded responsible to hacking into the monetary establishment’s laptop techniques with out authorization and destroying over 21 gigabytes of knowledge in revenge after being fired.
As a part of the revenge assault, the defendant deleted over 20,000 recordsdata and round 3,500 directories throughout that point, totaling roughly 21.3 gigabytes of knowledge saved on the financial institution’s share drive.
9. 533 million Fb customers’ cellphone numbers leaked on a hacker discussion board
After first attempting to promote the info, a menace actor leaked the cell phone numbers and different private info for roughly 533 million Fb customers worldwide on a hacking discussion board without spending a dime.
What made this leak stand out was that it contained member info that was scraped from public profiles in addition to non-public cell numbers related to accounts.
The information included 533,313,128 Fb customers, together with a member’s cell quantity, Fb ID, identify, gender, location, relationship standing, occupation, date of delivery, and e-mail addresses.
Whereas Fb mentioned that the info was scraped utilizing a bug mounted in 2019, it nonetheless contained a treasure trove of non-public info that might be used for focused phishing or to breach different accounts.
Pattern of scraped cellphone numbers from the 917 space code
8. New phishing assault makes use of Morse code to cover malicious URLs
A phishing marketing campaign was found to be utilizing a novel obfuscation strategy of utilizing Morse code to cover malicious URLs in an e-mail attachment.
As phishing emails generally get caught by safety software program and safe e-mail gateways, the menace actors tried a intelligent tactic of changing the malicious URLs and touchdown pages into Morse code to evade detection.
This extra code would then be decrypted by embedded JavaScript within the HTML attachment when it was opened.
Phishing attachment utilizing Morse code
7. New zero-day exploit for Log4j Java library is an enterprise nightmare
Whereas this story is available in because the seventh most learn article, it in all probability deserves to be #1 resulting from its worldwide influence and use by menace actors.
Final month, exploits have been launched for a vital zero-day vulnerability within the Apache Log4j Java-based logging library that allowed menace actors to remotely execute nearly any command they wished on weak servers.
As many different purposes use Log4j, menace actors shortly used the “Log4Shell” vulnerability in cyberattacks to deploy ransomware, set up the Dridex banking trojan, or unfold laterally to VMware vCenter servers.
6. Grownup content material from a whole bunch of OnlyFans creators leaked on-line
A shared Google Drive folder was shared on-line, exposing the non-public movies and pictures from a whole bunch of OnlyFans accounts, main a researcher to create a device permitting content material creators to test if they’re a part of the leak.
Whereas it isn’t unusual for individuals to share non-public OnlyFans content material, this leak stood out because of the many creators impacted by the leak.
BackChannel founder Aaron DeVera informed BleepingComputer that the Google Drive folder initially contained folders for 279 OnlyFans creators, with one of many folders having over 10GB of movies and pictures.
5. repair the Home windows 0x0000011b community printing error
2021 has been an entire mess for Home windows printing, with safety replace after safety replace inflicting extra points for Home windows admins than we now have seen in a very long time.
This began after a Home windows Printer Spool vulnerability often called PrintNightmare was by accident disclosed. This disclosure led to a collection of public exploits being launched, which menace actors shortly utilized in assaults.
To repair the vulnerabilities, Microsoft launched quite a few safety updates that restricted Home windows printing performance and brought on quite a few errors when trying to carry out community printing.
One challenge that occurred resulting from these fixes was a Home windows 0x0000011b error stopping customers from printing, inflicting an enormous headache for Home windows admins worldwide.
Fortunately a repair was found that allowed Home windows admins to repair the Home windows 0x0000011b community printing errors.
4. Canon sued for disabling scanner when printers run out of ink
Canon USA was sued for not permitting sure printers to scan or fax in the event that they run out of ink, which isn’t used for these features.
A buyer of Canon filed the category motion lawsuit alleging misleading advertising and marketing and unjust enrichment by the printer producer.
Since a minimum of 2016, clients who contacted Canon about this challenge have been informed by help brokers that ink cartridges should be put in and include ink to make use of the printer’s options, as proven by the agent’s response beneath.
Canon help message about needing ink
3. Over 9 million Android units contaminated by info-stealing trojan
A big-scale malware marketing campaign on Huawei’s AppGallery led to roughly 9.3 million installs of Android malware that impersonated over 190 totally different apps.
The menace actors hid their malware in Android apps pretending to be simulators, platformers, arcades, RTS technique, and capturing video games for Russian-speaking, Chinese language, or worldwide (English) customers.
The performance of this trojan allowed menace actors to carry out numerous malicious actions, together with spying on SMS texts and downloading and putting in different malware.
2. Researcher hacks over 35 tech companies in novel provide chain assault
Utilizing a brand new dependency confusion assault, a researcher breached over 35 main corporations’ inside techniques, together with Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber.
The assault comprised importing malware to open supply repositories together with PyPI, npm, and RubyGems, which then received distributed downstream mechanically into the corporate’s inside purposes.
In contrast to conventional typosquatting assaults that depend on social engineering techniques, this explicit provide chain assault wanted no motion by the sufferer, who mechanically obtained the malicious packages.
Dependency confusion proof-of-concept bundle
1. Home windows 10 bug corrupts your arduous drive on seeing this file’s icon
This 12 months, our hottest story was a zero-day Home windows 10 vulnerability that triggered corruption warnings and subsequent chkdsk on NTFS formatted arduous drives.
To do that, the assaults may enter a singly one-line command that makes an attempt to entry a particular Home windows NTFS Index Attribute, as proven beneath.
Whereas the corruption warnings are pretend, and for most individuals, no points occurred, it could result in Blue Display screen of Dying crashes in a few of our assessments, as seen within the video beneath.
[ad_2]