Cybersecurity Weekly: Fake NFT scam, Atlassian flaw, security analyst interview questions
An NFT collector was tricked into buying fake Banksy. An Atlassian Confluence flaw is being actively exploited to install cryptominers. 8 must-ask security analyst interview questions. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. NFT collector tricked into buying fake Banksy
An attacker was apparently able to breach the site for famed street artist Banksy and sell a fake non-fungible token of the artist’s work for more than $336,000. The fraudster has since returned the stolen cash, less a transaction fee, but the incident delivered an invaluable lesson on a whole new emerging cybersecurity threat: NFTs.
2. Atlassian Confluence flaw actively exploited to install cryptominers
On August 25th, Atlassian issued a security advisory for a Confluence remote code execution vulnerability, allowing an unauthenticated attacker to remotely execute commands on a vulnerable server. All versions of Confluence Server and Data Center prior to the fixed versions listed above are affected by this vulnerability.
3. 8 must-ask security analyst interview questions
Demand for the security analyst role is higher than ever, a trend that is likely to continue, with the US Bureau of Labor Statistics projecting that employment for security analysts will grow 31% from 2019-2029. Here are 8 interview questions to master before landing your security analyst position.
4. WhatsApp photo filter bug could have exposed data to remote attackers
A now-patched high-severity security vulnerability in WhatApp's image filter feature could have been abused to send a malicious image over the messaging app to read sensitive information from the app's memory. WhatsApp said it has no reason to believe users would have been impacted by this bug.
5. E-Learning platforms: The new academy for business training and education
Education for businesses, just like education in general, has undergone a dramatic transformation in the last year toward e-learning. The advantages of fast and cost-effective knowledge transfer, to and from anywhere in the world, make good business sense.
6. Cisco issues patch for critical enterprise NFVIS flaw
Cisco patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software that could be exploited by an attacker to take control of an affected system. The company is aware of a publicly available proof-of-concept exploit code targeting the vulnerability, but added it's not detected any successful attacks in the wild.
7. FIN7 hackers using Windows 11 themed documents to drop JavaScript backdoor
A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale service provider located in the U.S. The attacks have been attributed with moderate confidence to a financially motivated threat actor dubbed FIN7.
8. FBI warns of ransomware attacks targeting food and agriculture sector
The FBI sent out a notice warning companies in the the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains. The FBI note said ransomware groups are seeking to disrupt operations, cause financial loss and negatively impact the food supply chain.
9. Bluetooth BrakTooth bugs could affect billions of devices
Vulnerabilities collectively referred to as BrakTooth are affecting Bluetooth stacks implemented on system-on-a-chip circuits from over a dozen vendors. The set of issues impact a wide variety of devices, from consumer electronics to industrial equipment. The associated risk ranges from denial-of-service and deadlocked condition of the device to arbitrary code execution.
10. Gift card gang extracts cash from 100,000 inboxes daily
A new cybercrime group has been uncovered that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online.