July 2022 Highlights | What happened in the Cybersecurity World?

    Moving into the second half of the year, one must keep a constant eye on the recent hacking news. This past July 2022 was an interesting month in the world of cybersecurity. A few mentionable events occurred that business leaders should be aware of. Here’s what happened.

    July was a busy month for cyber security professionals, with several high-profile incidents making headlines. Read Bugbounter’s recap of July 2022 cybersecurity highlights to know more about the latest hack news.

    T-Mobile to pay $350 mn in a data breach affecting 77 million users

    T-Mobile has agreed to pay $350 million to federal and state regulators following an investigation into a data breach that affected nearly three-quarters of its customers. The mobile carrier admitted that it had failed to adequately protect the personal data of its users, including names, addresses, and birthdates. Hackers accessed this information by taking advantage of the vulnerabilities in T-Mobile’s website. The company has since taken steps to improve its security, but the incident highlights the importance of data security for all businesses. This case also serves as a reminder that consumers need to be vigilant about their own data safety, as well.

    Several Android Apps on Google Play Store Caught Dropping Banking Malware

    The malware, known as Anubis, is designed to steal users’ financial information and login credentials. Once installed, the Anubis malware will display fake login screens for popular banking and financial apps. When victims enter their financial information into these fake login screens, the Anubis malware will send the data to a remote server. The attackers behind the Anubis malware can then use this information to commit fraud and steal money from victims’ bank accounts. This malware is designed to steal personal and financial information from users, including login credentials and credit card numbers. In some cases, the infected apps also created vulnerabilities by gaining access to users’ contacts, text messages, and location data.

    Spanish Police Arrest Two Nuclear Power Workers for Cyber Attacking the Radiation Alert System

    The Spanish National Police have announced the arrest of two workers at the country’s nuclear power plants for allegedly carrying out cyberattacks on the radiation alert system. The arrests came after an investigation when authorities discovered that someone had tried to disable the alert system several times. The two suspects, who have not been identified, are thought to have used their positions at the plants to gain access to the alert system and carry out the attacks. The arrests come as Spain prepares to close its last nuclear power plant in 2025 and shift to renewable energy sources.

    Google Delays Blocking 3rd-Party Cookies in Chrome Browser Until 2024

    Google announced that it is delaying blocking third-party cookies in its Chrome browser until 2024. The plan was to phase out the use of cookies by 2022. However, it said it needs more time to develop alternatives that will “advance privacy and security for users” while supporting publishers and advertisers. Cookies are used to track the visitor’s behavior and serve targeted ads. Google’s proposed solution, dubbed the Privacy Sandbox, is designed to allow publishers and advertisers to continue using cookies while protecting user privacy. However, the company has faced criticism from some who argue that the solution does not go far enough in protecting users’ data.

    The U.S. Offers $10 Million Reward for Information on North Korean Hackers

    The United States Department of State has announced a $10 million reward for information regarding the identification or location of any individual who works with or for the North Korean government for global cybercrime. North Korea has recently been implicated in several high-profile cyber attacks, including the Sony Pictures hack, the WannaCry ransomware attack, and the 2014 hack of JPMorgan Chase. The State Department hopes the reward will encourage anyone with information about North Korean hackers to come forward. The information they provide could help to prevent future attacks and put the guilty behind bars.

    Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection

    Cryptocurrency mining malware is on the rise, and hackers are increasingly turning to WebAssembly as a way to evade detection. WebAssembly is a compact bytecode format designed for safe execution in web browsers. However, it can also be used to execute malicious code, and cryptocurrency miners are a prime target for attackers. Cryptocurrency miners generate new coins, which can be very profitable for attackers. However, they consume excessive resources, slowing down or even crashing a victim’s computer. By coding their miners using WebAssembly, hackers can ensure that their miners run efficiently and avoid detection. Unfortunately, this trend will likely continue as cryptocurrency prices rise. As a result, users must be vigilant about malicious activity on their computers and ensure that their security software is up-to-date.

    The Twitter Accounts of Major Corporations and Celebrities were Hacked in a Synchronized Attack

    In what appears to be a coordinated attack, the Twitter accounts of several major corporations and celebrities were hacked in July 2022. The compromised accounts have all posted tweets containing profanity, and the attacks seem to have originated from a third-party website that provides services for managing Twitter accounts. However, Twitter is currently investigating the matter and has taken steps to secure all affected accounts. This incident highlights the importance of proper security measures for all online accounts, especially those with many followers.

    Bug Bounty Programs to Stay Safe and Secure

    Organizations of all sizes face an increasing number of cyber security threats. Bugbounter offers a comprehensive suite of services assisting organizations safeguard their data and systems. Our team of 2000+ cybersecurity experts provides cost-effective manual penetration testing services. They are available 24/7 to conduct penetration tests and provide guidance on mitigating risks. We offer scoping flexibility to ensure that our services meet each organization’s unique needs, and our prices are highly competitive. Connect with us to know more about how we can help you secure your data and systems. Increase security and discover vulnerabilities by going beyond traditional assessments.