Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes the Department of Health and Human Services providing free worker training and updating cybersecurity best practices, Google addressing the second 0-day flaw of 2023, Oracle releasing 433 new security fixes, Cisco addressing severe flaws in Industrial Network Director and Modelling Labs, and much more.
- The Health Industry Cybersecurity Practices (HICP) was updated with two new volumes and accompanying resources for mitigation.
- Another zero-day vulnerability in the Chrome browser was patched by Google. The security flaw, identified as CVE-2023-2136, is defined as a high-severity integer overflow problem in Skia.
- As part of its quarterly batch of security updates, Oracle announced the release of 433 new patches, including over 70 fixes for issues of high severity.
- Critical vulnerabilities affecting Cisco’s Industrial Network Director and Modeling Labs offerings were patched by Cisco on Wednesday.
- VMware issued a warning about the possibility of pre-authentication remote root exploits and urgent updates to address severe security flaws in the VMware Aria Operations for Logs (formerly vRealize Log Insight) product line.
The Bad News
This week’s bad news includes NCR’s Aloha POS being destroyed during a BlackCat ransomware attack, hackers releasing private employee information stolen during the CommScope ransomware assault, business emails being stolen in the new QBot Banking Trojan campaign’s theft for distributing malware, Pakistani hackers attacking Indian government organizations via Linux malware Poseidon, YouTube videos disseminating Aurora Stealer malware, Microsoft SQL servers being hacked to spread the Trigona ransomware, Linux malware being spread by Lazarus hackers via bogus job offers, Kubernetes RBAC being exploited, and much more.
- The BlackCat/ALPHV gang claimed responsibility for the ransomware attack that caused problems with NCR’s Aloha point-of-sale system.
- ThreatLabz Phishing Report revealed that the number of phishing efforts globally increased by about 50% in 2022 compared to 2021, in part due to the availability of new AI technologies and phishing kits to threat actors.
- Data stolen from American network infrastructure business CommScope, including the Social Security numbers and bank account information of thousands of employees, was exposed by hackers.
- Recent Kaspersky research indicated that a new QBot malware operation lured uninformed victims into downloading the malware by leveraging compromised business communications.
- The well-established practice of using valid remote administration tools to seize control of targeted systems was pursued by the Iranian threat actor known as MuddyWater.
- Transparent Tribe, an advanced persistent threat (APT) actor headquartered in Pakistan, pretended to be an Indian government organization to deliver the Poseidon Linux backdoor.
- Cybersecurity experts disclosed the inner workings of the evasive loader, “in2al5d p3in4er” (read: invalid printer), used to disseminate the Aurora information-stealing malware through YouTube videos.
- Security firm Censys disclosed that misconfigured web servers continue to be a serious concern, with thousands still exposed online and ready for hackers to steal vital data left unprotected.
- A critical security flaw in ChatGPT that allows attackers to quickly exploit it and take total control of any ChatGPT user’s account was discovered by an independent security expert and bug hunter.
- Trigona ransomware payloads were being installed on Microsoft SQL (MS-SQL) servers by attackers, who then encrypt all data. These servers are open to the Internet and not sufficiently secured.
- A data breach was revealed by the 2014-launched Rentomojo, which is run by Edunetwork Pvt. Ltd. It is anticipated to have an impact on its 1.5 lakh subscribers.
- The American Bar Association (ABA) experienced a data breach due to hackers infiltrating its network and gaining access to 1,466,000 members’ outdated login passwords.
- Linux users were discovered to be the target of a new Lazarus campaign that is thought to be a part of “Operation DreamJob.”
- Role-Based Access Control (RBAC) in Kubernetes (K8s) was exploited in a large-scale assault effort to operate cryptocurrency miners and build backdoors.