CyberSec Roundup
A synopsis of the Latest Cybersecurity News
$610 Million Crypto Heist
Poly Network was the victim of the biggest heist in decentralized finance history. Poly Network facilitates token transfers between the Binance, Ethereum and Polygon blockchains using smart contracts. There was a vulnerability in one of these smart contracts where the hackers modified the smart contract instructions and diverted the tokens to three crypto wallets controlled by the hackers. The hackers have since returned almost all of the funds, and claimed they weren’t interested in the money, but wanted to expose the bug before someone else exploited it.
Accenture hit by Lockbit
The Fortune Global 500 company was hacked by the Lockbit ransomware group. Accenture confirmed the attack last week and has since restored their systems from backups. The company’s operations and the clients have been largely unaffected by the attack because of security measures and controls they had in place. Lockbit is demanding a $50 million ransom for the 6 TB of stolen information and is willing to sell it on the dark web otherwise.
Another Windows Print Spooler Vulnerability
Microsoft confirmed another zero-day print spooler bug, tracked as CVE-2021-36958. Attackers can exploit this vulnerability to run arbitrary code with SYSTEM privileges and effectively take control of the system. The company has released security updates to fix the issue and recommends that they are applied immediately.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)