On September 11th, 2022, Snyk published a vulnerability report for the popular CSRF token management csurf npm package. The vulnerability impacts all known versions, which are currently yielding more than 400,000 downloads per week. The vulnerability report is based on the public disclosure by security consultant Adrian Tiron and their write-up on the Fortbridge blog.

It was the worst-case scenario for Uber, the popular ride-sharing app, when the company suffered a major data breach in early September. While the extent of the damage, and the data potentially stolen, is still being uncovered, the attack — and the methods used to execute it — can be examined and used to teach other organizations what (and what not) to do.

Ransomware and other malicious threats have become commonplace around the globe. But the reality is, whether it be encrypted records, stolen email credentials, or exfiltrated financial statements, these incidents generally involve a limited number of individuals or groups. Before your feathers are completely ruffled, understand that by no means am I minimizing the impact cybercriminals can have on a business. But have you considered attacks of greater scale? Perhaps those that affect the populus?

Imagine a burglar. They’ve spent large amounts of time researching their target — your house. They’ve perfected their infiltration techniques, found your weak points, learned your schedule, and know the best time to strike. They’ve shown up when you least expect it and jimmied open the lock on the back door. And now, rather than head inside and steal your valuables, they hold the door open for someone else.

On Thursday evening, around 6:25 PM, Uber announced that it was responding to a cybersecurity incident. While Uber hasn’t gone into details about what happened, the purported threat actor has openly corresponded with several security professionals, including Sam Curry at Yuga Labs, Corben Leo at Zellic.io and The New York Times. According to both Curry and Leo, multiple systems were impacted.

At the beginning of the Russia-Ukraine conflict, KillNet - a Russian cybergang - began actively collecting open-source intelligence (OSINT), which drew interest from various threat actor groups. Heightened interest in the OSINT data led to additional actors joining , growing its membership to include not only Russian cyber criminals, but uniting other cyber gangs sympathetic to Russia.

On August 9, 2022, we released a blog post about a phishing campaign where attackers were abusing Google Sites and Microsoft Azure Web Apps to steal cryptocurrency wallets and accounts from different targets, namely Coinbase, MetaMask, Kraken, and Gemini. The attackers were abusing SEO techniques to spread the pages and using advanced techniques to steal data, such as using live chats to interact with victims.

IHG Hotels & Resorts, the hotel group that owns the Holiday Inn and Intercontinental brands, experienced a cyber attack in the first week of September. The attack has impacted the central hotel’s booking system and mobile apps, causing a service outage for several days. Loyalty program members could not log in or create new bookings during this time.

Read also: Microsoft fixes a Windows zero-day, the US sanctions Iranian hackers linked to ransomware attacks, and more.