CyberIntelMag's Threat report

Weekly Cyber Threat Report, April 12-16

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week, the U.S. has rolled out sanctions against Russia for involvement in SolarWinds attacks, Google and Reddit made exciting announcements, while Brave blocked Google’s FLoC, and find more positive stories below.

  • The U.S. and U.K. on Thursday formally attributed the SolarWinds attacks with “high confidence” to hackers working for Russia’s Foreign Intelligence Service. Following the accusation, the U.S. Department of the Treasury has imposed sanctions against Russia expelling 10 diplomats and banned six Russian companies and organizations.
  • Brave, a privacy-oriented browser, has removed FLoC, Google’s new controversial alternative to third-party cookies that tracks online users as they visit websites. FLoC has just been released by Google for Chrome and has already received opposition from Brave and Vivaldi browsers. 
  • Adobe on Tuesday announced patches for vulnerabilities in four of its products, Photoshop, Bridge, RoboHelp, and Digital Editions e-book reader. Adobe says none of these vulnerabilities has been exploited in the wild.
  • Reddit announced Wednesday that it is taking its bug bounty program public after its private program with HackerOne has been running for the past three years.
  • The leaders of the US intelligence agencies joined bipartisan members of the Senate Intelligence Committee in pushing for mandatory breach notification law. Under it, the private sector would have to report security breaches.
  • SAP addressed multiple critical vulnerabilities, the most serious one with the highest severity score affects its Business Client. Other critical bugs related to Commerce and NetWeaver products.
  • Google’s Android Team backed efforts to add Rust as a second programming language to the Linux kernel to bolster security.

From the bad news:

This week brought more attacks on educational institutions, malicious apps faking Celsius and Clubhouse, news about thousands of Google phishing sites, breaches at LogicGate and ParkMobile, among other news that our readers might find disturbing.

  • Account information of 21 million users of ParkMobile, a popular mobile parking app, has been put up online for sale after a data breach. The incident stemmed from a vulnerability in third-party software. No sensitive data or Payment Card Information, which we encrypted, had been affected, according to the company.
  • The Swinburne University of Technology has confirmed personal information on around 5,200 staff, students, and external parties had leaked and was available on the internet. Almost simultaneously, The University of Hertfordshire suffered a cyberattack that knocked out all of its IT systems – Office 365, Teams and Zoom, local networks, Wi-Fi, email, data storage, and VPN. The university had to cancel all online classes on Thursday and Friday.
  • LogicGate confirmed customer data breach. Attackers obtained credentials to the company’s AWS storage and accessed customer backup files for its risk management platform Risk Cloud.
  • Palo Alto’s Unit 42 reported a flaw in one of the Go libraries leading to DoS. Cybercriminals could compromise any infrastructure that relies on the vulnerable container engines, including Kubernetes and OpenShift.
  • eSentire’s Threat Response Unit discovered 100,000+ Google Sites distributing infected business templates. Threat actors use SEO tactics to target victims on search engines and lure them to fake sites that drop RATs.
  • Celsius Network, a popular cryptocurrency lending platform, confirmed a data breach. It stemmed from a compromised third-party server used for email marketing. With the stolen customer data, attackers conducted phishing attacks stealing cryptocurrency.
  • Trading app Upstox has been breached customer contact data and know-your-customer details (KYC) details have been stolen. Attackers published a portion of the leaked data on the dark web.
  • Forescout warned about the vulnerabilities in millions of IoT devices that could allow attackers to remotely execute code, perform DoS attacks, take control of IoT devices, propagate on the network, and knock IoT devices offline.
  • While a PC version of the Clubhouse app is not available yet, fake Facebook ads delivered a fake one. The malicious app deployed ransomware on victims’ devices. The fake Clubhouse websites were hosted in Russia.
  • Dr.Web reported ten apps on AppGallery, Huawei’s official Android app store, infected with Joker malware. About 500,000 users downloaded the apps. Joker subscribed users to premium phone services in a tactic known as WAP fraud.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.