Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes QNAP advising customers to disable UPnP port forwarding on their routers to prevent cyberattacks, Google fixing Chrome’s 0-day flaw, Oracle releasing 520 security patches in April, Cisco addressing a severe weakness in Cisco Umbrella Virtual Appliance, and much more.
- In an attempt to prevent exposing network-attached storage (NAS) devices to cyberattacks, QNAP recommended customers to disable Universal Plug and Play (UPnP) port forwarding on their routers.
- Google patched two Chrome security vulnerabilities, one of which was a high-severity 0-day flaw exploited in the wild.
- The April 2022 Critical Patch Update (CPU) of Oracle included 520 security patches, including over 300 for weaknesses that may be abused remotely without authentication.
- Atlassian fixed a critical authentication bypass flaw in Seraph, the company’s web application security framework.
- Cisco released security updates to fix a severe flaw in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to access admin credentials remotely.
The Bad News
This week’s bad news includes hackers abusing stolen OAuth access tokens to breach entities, Beanstalk DeFi system losing $182 million, Users being duped into installing fake Windows 11, orders at Funky Pigeon being halted because of a security incident, LinkedIn becoming the most imitated brand, open-source web-based email client RainLoop having a high-severity weakness, and much more.
- GitHub discovered evidence of an unknown adversary unlawfully extracting sensitive data from numerous entities using stolen OAuth user credentials. The access tokens associated with the impacted applications have since been removed.
- The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) alerted that T-Mobile customers are targeted by a phishing attempt that sends malicious URLs via unblockable texts delivered over SMS group conversations.
- Beanstalk DeFi system stated that it had suffered a security breach incident, resulting in $182 million in losses. The attacker made off with $80 million worth of cryptocurrency.
- British organization WH Smith stated that Funky Pigeon, its online greetings card and gift division, has suspended any future orders following a “security incident.”
- Officials with Contra Costa County sent letters to potential victims of a computer hack that happened between July and August of last year, allowing illegal access to select county employee email accounts.
- Hackers are duping users into installing a fake version of Windows 11 having spyware that captures browser data and cryptocurrency wallets. The active operation poisons search results to direct people to a website appearing like Microsoft’s Windows 11 advertising page.
- A new zero-click iMessage flaw discovered by Citizen Lab’s digital threat specialists was exploited to install NSO Group malware on the iPhones of Catalan politicians, journalists, and activists.
- The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security issue in the Windows Print Spooler component, which Microsoft fixed in February, is being actively abused in the wild.
- Cybersecurity experts revealed that LinkedIn had become the most mimicked brand in phishing attacks, accounting for more than 52% of all such incidents worldwide.
- The Emotet malware is gaining popularity, and it will almost certainly move to new payloads that are identified by fewer antivirus engines. Security experts tracking the botnet recently saw a tenfold increase in emails carrying harmful payloads.
- RainLoop, an open-source web-based email client, has an unpatched high-severity security flaw that might be exploited to collect emails from users’ inboxes.
- A gang of pro-Iranian hackers launched a DDoS attack that momentarily brought down the Israel Airports Authority’s website. It caused the Airports Authority website servers to be flooded with near-simultaneous connections requests.
- False resumes were used as an infection vector in a new set of phishing attempts containing the more_eggs malware that targeted corporate recruiting managers. v