The United States took action in federal court today to protect and ultimately return more than $154 million in funds that were allegedly stolen from a subsidiary of Tokyo-based Sony Group Corporation and then seized by law enforcement during the FBI’s investigation of the theft.

The United States filed a civil forfeiture complaint in the Southern District of California to protect Sony’s interest in the property, which an employee allegedly embezzled in May 2021 and converted to more than 3,879 Bitcoins valued today at more than $180 million. Those funds were seized by law enforcement on December 1, 2021, based on the FBI’s investigation.

This phishing scheme involved the creation of more than 39,000 websites impersonating the login pages of Facebook, Messenger, Instagram and WhatsApp. On these websites, people were prompted to enter their usernames and passwords, which Defendants collected.  

The Wiz Research Team detected an insecure default behavior in the Azure App Service that exposed the source code of customer applications written in PHP, Python, Ruby, or Node, that were deployed using “Local Git”. The vulnerability, which we dubbed as “NotLegit”, has existed since September 2017 and has probably been exploited in the wild.

Wiz reported this security flaw to Microsoft on October 7th, 2021, and by now it has been mitigated. Small groups of customers are still potentially exposed and should take certain user actions to protect their applications, as detailed in several email alerts Microsoft issued between the 7th - 15th of December, 2021.

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an application configured to serve static content, makes it possible for others to download files not intended to be public. We have notified the limited subset of customers that we believe are at risk due to this and we will continue to work with our customers on securing their applications.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) are releasing this joint Cybersecurity Advisory (CSA) to provide mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.

We stumbled upon 4 vulnerabilities in Microsoft Team’s link preview feature

The vulnerabilities allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address and DoS'ing their Teams app/channels

We reported the issues to Microsoft in March 2021, who has only remediated one so far