A daily look at the relevant information security news from overnight - 30 June, 2022

Episode 255 - 30 June 2022

OpenSea Makes Waves- https://techcrunch.com/2022/06/30/nft-opensea-data-breach/

XFiles XPands -
https://www.bleepingcomputer.com/news/security/xfiles-info-stealing-malware-adds-support-for-follina-delivery/

8220 Miner Upgrade- https://www.zdnet.com/article/microsoft-warning-this-malware-that-targets-linux-just-got-a-big-update/

Brocade Broken -
https://www.securityweek.com/brocade-vulnerabilities-could-impact-storage-solutions-several-major-companies

AstraLocker Attack -
https://www.bleepingcomputer.com/news/security/astralocker-20-infects-users-directly-from-word-attachments/

Dangling Chromium -
https://portswigger.net/daily-swig/chromium-browsers-vulnerable-to-dangling-markup-injection

Hi, I’m Paul Torgersen. It’s Thursday June 30th 2022, happy birthday Jayden, and this is a look at the information security news from overnight.

From TechCrunch.com
NFT marketplace OpenSea, has suffered a massive data breach. It seems a staffer at their vendor Customer.io shared the entire email database with a third party. If you have shared your email with OpenSea at any time in the past, you should assume you were impacted. Be on the lookout for targeted phishing emails coming your way.

From BleepingComputer.com:
These next two are quick hits on malware strains upgrading their exploits. The XFiles info-stealer has added a delivery module that exploits the Windows Follina vulnerability. On a side note, XFiles has also recruited new members recently and is launching new products. Details in the article.

From ZDNet.com:
Along those same lines, Microsoft is warning about notable updates to malware targeting Linux servers to install cryptominers and IRC bots. The 8220 gang has added new functionality to exploit the recent Confluence vulnerability, as well as an old 2019 WebLogic bug. Details in the article.

From SecurityWeek.com:
Broadcom revealed that the Brocade SANnav storage area network is affected by nine vulnerabilities, some of which could impact the products of their partner companies, such as HPE, NetApp, Oracle, Dell, Fujitsu, IBM, Lenovo and others. There is no evidence as of yet that these have been exploited in the wild, but get your patch on kids.

From BleepingComputer.com
The ransomware strain called AstraLocker has recently released its second major version that drops its payload directly from email attachments. Specifically Word docs. Obviously this smash and grab type of attack is looking for quick payouts and not trying for persistence or lateral movement. Full write up in the article.

And last today, from PortSwigger.net
A recently-patched security hole in Chromium browsers allowed attackers to bypass safeguards against dangling markup injection, and extract sensitive information from webpages. While dangling markup injection is well-known and -addressed in Chrome, the new attack took advantage of an unaddressed case in how the browser upgrades unsafe HTTP connections. You know where to find the details.

That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.