Crypto exchanges are being targeted left, right, and center. A South Korean cryptocurrency exchange experienced a major attack that culminated in the loss of nearly $13 million (23% of total custodial assets) to the firm. In malware threats, JFrog laid bare a sophisticated typosquatting campaign distributing over a dozen NuGet packages infected with Impala Stealer, a cryptocurrency stealer malware. The malware used a much rare obfuscation technique that makes it stealthier than other threats that rely on off-the-shelf obfuscators.

The motto behind attacks on HR portals is not hard to guess. A well-known HR and payroll firm was targeted in a cyberattack. The firm has confirmed it isn’t a ransomware attack, however, it is concerned about the data at risk.

Top Breaches Reported in the Last 24 Hours

Yum! Brands confirms PII theft

Yum! Brands, the parent company of KFC, Pizza Hut, and Taco Bell, confirmed the leak of individuals’ PII in a ransomware incident from January. The attacks reportedly affected data like names, ID numbers, driver's license numbers, and other types of personal identifiers. It also noted that there was no evidence of identity theft or fraud.

Crypto exchange loses millions

The GDAC cryptocurrency exchange in South Korea lost $13 million after hackers transferred crypto holdings from a hot wallet to an untraceable wallet. According to officials, the stolen funds accounted for nearly 23% of its crypto assets. Hackers swindled 61 BTC, 350.5 ETH, 10 million WEMIC tokens, and 220,000 USDT.

**Operations disrupted at HR and payroll firm **

Belgian HR and payroll giant SD Worx shut down its HR services in the U.K and Ireland in the wake of a cyberattack. The firm is apprehensive about the attack affecting employee and job-seekers' data. The data at risk include tax-related information, government ID numbers, full names, addresses, phone numbers, bank account numbers, and more.

Minnesota schools under attack

Rochester Public Schools, Minnesota, informed staff and students about a network intrusion due to which it has shut down district-wide internet connection to address the issue. The attack impacted emails and phone systems at 42 schools. Around a month ago, a ransomware organization published information from Minneapolis Public Schools (MPS) to the dark web.

Top Malware Reported in the Last 24 Hours

NuGet packages drop Impala Stealer

Cybersecurity researchers at JFrog shed light on a cryptocurrency attack campaign involving a persistent backdoor called Impala Stealer. Criminals leveraged 13 malicious NuGet packages to import the malware into the systems of .NET developers as a part of their supply chain attack. They used typosquatting techniques to lure potential victims and used a rare obfuscation technique called .NET AoT compilation.

Top Vulnerabilities Reported in the Last 24 Hours

Flawed shared key authorization

According to cybersecurity firm Orca Security, it found a critical exploitation path utilizing Microsoft Azure Shared Key authorization. As per the report, the key in the wrong hands, obtained either via a leak or the AD role, can allow an attacker to move laterally within the environment, run remote code, and even gain complete access to accounts and crucial company assets. Meanwhile, Microsoft has stated that it is not a vulnerability, but rather a “by-design flaw.”