Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Ukraine thwarting a cyberattack by Russia, Adobe addressing security flaws in its significant products, Schneider Electric and Siemens addressing multiple weaknesses, SAP issuing patches for Spring4Shell flaw, Cisco addressing critical vulnerabilities in wireless LAN controller, and much more.
- Malicious hackers from Russia conducted a malware strike in Ukraine to disconnect and decommission industrial equipment that manages high-voltage electrical substations. However, the cyberattack was foiled by Ukraine.
- Adobe patched at least 78 known security flaws in Adobe Acrobat and Reader, Adobe After Effects, Adobe Photoshop, and Adobe Commerce. Some fixed vulnerabilities were severe enough to expose business clients to remote code execution threats.
- Schneider Electric and Siemens patched over two dozen vulnerabilities, including weaknesses with a “critical” severity rating.
- The German software company SAP stated that their April 2022 Security Patch Day included more than 30 new and updated security notes, including ones addressing the Spring4Shell vulnerability.
- Cisco published patches for its Wireless LAN Controller (WLC) software, addressing a significant vulnerability (CVE-2022-20695) that might allow an attacker to circumvent authentication.
The Bad News
This week’s bad news includes Snap-on admitting to a data breach by the Conti ransomware gang, California’s SuperCare Health data breach affecting more than 300,000 people, Illinois-based Christie Clinic notifying about a data breach, fashion brand Zegna confirming to be targeted by a ransomware gang, Chinese malware Tarrask attacking Windows devices, Wind turbine maker Nordex being attacked by Conti, and much more.
- The American automotive equipment manufacturer Snap-on announced a data breach by the Conti ransomware group. The cybercrime exposed associate and franchisee data in March.
- A malspam campaign revealed the new META malware, a new info-stealer, is becoming popular among hackers. It is being exploited to steal passwords and cryptocurrency wallets stored in Chrome, Firefox, and Edge.
- The California-based respiratory care company SuperCare Health disclosed it suffered a data breach between July 23 and July 27, 2021. The incident affected more than 300,000 individuals.
- Illinois-based Christie Business Holdings Company (Christie Clinic) notified around 500,000 people that their personal information had been exposed in a data breach.
- Octo, an Android banking trojan uncovered by Threat Fabric security experts, allows its operators to execute on-device fraud (ODF). In this kind of fraud, the victim’s transactions are initiated from the same device he or she uses daily.
- The high-end fashion house from Italy, Ermenegildo Zegna, confirmed being a ransomware attack victim in August 2021. The incident resulted in extensive IT system failures.
- The Qbot botnet is now spreading malware payloads through phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages.
- The multinational law enforcement operation TOURNIQUET, managed by Europol’s European Cybercrime Centre, shut down the illicit dark web marketplace RaidForums and confiscated its infrastructure.
- Tarrask, a new Chinese malware designed to keep compromised Windows PCs alive, targeted firms in the telecommunications, internet service provider, and data services sectors from August 2021 to February 2022.
- A newly-discovered malware, Fodcha, infected about 62,000 devices between March 29 and April 10. It hijacked routers, DVRs, and servers all across the Internet to perform DDoS attacks on over 100 victims every day.
- A new DDoS botnet, Enemybot, is taking a toll on routers, IoT devices, and various server architectures. It incorporates modules from both the Mirai and Gafgyt botnets’ source code.
- Cisco Talos discovered “ZingoStealer,” a new information stealer offered for free by Haskers Gang. This malware uses telegram chat features to enable the transmission of malicious executable builds and data exfiltration.
- A cyberattack by the Conti ransomware gang forced the wind turbine manufacturer Nordex to shut down IT systems and remote access to controlled turbines earlier this month.
- Threat hunters at Symantec found North Korea’s Lazarus APT group is attacking chemical companies in a long-running cyber-espionage campaign, including fraudulent job offers and sophisticated social engineering.
