Recently, the Internet has attacked Ubisoft, Rockstar, 2K Games and many other game companies. The main purpose of hackers is not to steal player account information, or to lock unlisted game development data for profit; DDoS attacks are relatively rare. Recently, Blizzard Entertainment’s new game “Double Attack 2” was officially launched. Due to a DDoS attack on the server, players were complaining about not being able to log into the game.
Hackers use YouTube channels to distribute malware. Many of them used to target players trying to crack the game, but now there are country-specific attacks — some in the name of allowing Chinese users to access the web dark.. Distributing Tor Browser with malware.
It can be said that the recent attacks on developers are quite frequent. Most of the hackers start targeting the packages they use, but if the package manager is the target of the attack, the effect is likely to be more serious. The researchers disclosed the vulnerability found in PHP Suite Manager, stating that attackers could use it to plant malware once exploited.
【Attack and Threat】
Video game company Blizzard Entertainment’s newly launched video game “Battle Strike 2” experienced a login failure due to the company’s servers being hit by a DDoS attack
Video game company Blizzard Entertainment’s new game “Overwatch 2” was officially launched on October 4, but players were reported to be facing long waits when logging in. The company’s CEO, Mike Ybarra, said that the reason was a massive DDoS attack on their servers, resulting in many connection breaks or instability, and that the company’s team is working on it.
And this incident is not the first time that the company has been affected by a DDoS attack on a new game. For example, it was reported on the “World of Warcraft Classic” launched at the end of August 2019 on September 8 that the US server was DDoS attacks, while many players face severe disconnection and lag.
Hackers are distributing a malicious Tor Browser installer to Chinese users via a YouTube channel
Kaspersky, an information security company, revealed the OnionPoison attack. Hackers were targeting users in China. Since January 9 this year, they have been distributing Tor browsers with malware through Chinese YouTube channels. Once users click on the URL provided by the hackers, it will download a 74 MB executable file. Once installed, the computer will be implanted with the weapon library freebl3.dll These hackers try to collect the victim’s browsing history, social network accounts, wireless Internet SSID and other information to mine true the identity of the victim. Researchers began detecting computer infections in March this year.
But why do hackers use this method to launch attacks? The reason is probably that the Tor browser website is blocked in China, and Chinese users must access it through other channels.
US government warns defense agencies targeted by hackers, stealing secrets via CovalentStealer malware
The US Cybersecurity and Infrastructure Security Agency (CISA) warned on October 4 that from January 2021, state-sponsored hackers, using the malware CovalentStealer and the penetration testing tool Impacket, will try to hack from the defense industrial base the country .
It is suspected that the attacker invaded the Exchange server through the ProxyLogon vulnerability, and then searched the contents of the email mailbox. After more than a month, he used the Shell for reconnaissance. The network environment of the victim organization establishes persistence and lateral movement. Hackers use Impacket to achieve their goals. Finally, they transfer the stolen data to the OneDrive file sharing service through CovalentStealer.
【Weaknesses and Patches】
A major flaw in Packagist, part of PHP’s serial manager, could be used for supply chain attacks
SonarSource, an information security company, pointed out that in April of this year, they discovered Packagist, a core component of Composer’s PHP series dependency manager, has CVE-2022-24828, which is highly vulnerable, with a risk score of CVSS of 8.8 Once. attackers take advantage of this vulnerability, he will have full control over Packagist, which in turn influences the dependent suites acquired by the development environment and deploys malware on the victim’s computer.
The researchers noted that because it is common for PHP developers to use Composer to manage their suites, the vulnerability is likely to be widespread, estimating that at least one million serial update requests could be hijacked. The development team has released versions 1.10.26, 2.2.12, and 2.3.5 for Composer to be patched after being reported.
Carlo Gavazzi’s car park management system has major flaws, attackers can gain full access
Claroty, an information security company, found a total of 11 vulnerabilities in the CPY parking lot management server system and UWP 3.0 monitoring portal owned by Italian industrial automation system manufacturer Carlo Gavazzi, 6 of which have a CVSS risk score of 9.8 . These vulnerabilities include hard-coded account passwords, lack of authentication, directory traversal (Path Traversal) vulnerabilities, and SQL injection vulnerabilities, which could allow attackers to gain full control of the target system. Carlo Gavazzi released patched versions of UWP 3.0 and CPY in April and June this year.
【Other information security news】
Australian telco Optus confirms 2.1 million customer identification numbers have been stolen
Chrome app mode used in phishing attacks
Hacker group Water Labbu hacked into scam sites, took away cryptocurrency wallets of victims
Daily Update Information Security
[Hydref 4, 2022]Microsoft’s proposed mitigations for Exchange zero-day vulnerability can be easily bypassed, US defense contractor hit by BlackCat ransomware
[Hydref 3, 2022]Hackers set up fake LinkedIn accounts of Fortune 500 information security chiefs, and former IT staff tampered with the company’s domain configuration and were sued
[Medi 30, 2022]Hackers have locked down a no-other-day vulnerability in the Microsoft Exchange server, and the form of LNK-based malware distribution is increasing
