Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes CISA and Cyber Command working together to stop harmful cyberattacks, Google Authenticator App getting a TOTP Code Cloud Backup feature, critical updates from VMware being released for Workstation and Fusion software, PrestaShop resolving issues where any backend user may destroy databases, Ukrainian man being detained for selling the Russians information on 300 million individuals, and much more.
- Information exchange between U.S. Cyber Command and the Department of Homeland Security’s CISA prevented many potentially devastating cyberattacks, including a possible Iranian strike on American elections.
- The 12-year-old Authenticator app for Android and iOS received a significant update from search giant Google, which includes an account synchronization feature that enables users to back up their time-based one-time passwords (TOTPs) to the cloud.
- Multiple security holes affecting VMware’s Workstation and Fusion software were fixed via upgrades, the most severe of which might grant code execution to a local attacker.
- PrestaShop, an open-source e-commerce platform, published a new version that fixes a significant vulnerability, allowing any back-office user to write, edit, or delete SQL databases regardless of their rights.
- Google claimed to have blocked 173,000 developer accounts in 2022 to stop malware operations and fraud rings from infecting Android customers’ smartphones with fake apps.
- The Ukrainian cyber police stated that a 36-year-old resident of Ukraine was detained for allegedly selling the personal information of over 300 million individuals to Russia.
The Bad News
This week’s bad news includes data on used corporate routers that might be used by cybercriminals to breach networks, Twitter account for KuCoin being hacked to spread cryptocurrency scam, Yellow Pages Canada confirming a cyberattack after a data leak from Black Basta, Cisco revealing XSS 0-day weakness in server management tool, Iranian cybercriminals using PowerLess backdoor for attacking Israel, targeted cyberattacks by Chinese cybercriminals were seen using Linux PingPull variant, outages affecting major UK banks, and much more.
- Enterprise-level network hardware available for sale on the black market hides crucial information that hackers may use to breach corporate networks or steal customer data.
- According to cybersecurity company Jamf, BlueNoroff hackers with ties to North Korea were seen deploying a new macOS malware family in recent attacks.
- A fake giveaway fraud that resulted in the theft of more than $22.6K in cryptocurrency was promoted by attackers after their access to KuCoin’s Twitter account was compromised.
- The Canadian directory publisher, Yellow Pages Group, confirmed that it was the target of a cyberattack. Confidential documents and data were made public, and the ransomware and extortion group Black Basta took responsibility for the attack.
- Charles Carmakal, chief technology officer of Mandiant Consulting, said the most common threat actors nowadays are a group of teens and adults in their 20s from the United States and the United Kingdom.
- Cisco revealed that cross-site scripting attacks might be used by exploiting a zero-day vulnerability in Cisco’s Prime Collaboration Deployment (PCD) software.
- PowerLess is a backdoor that has been updated, and an Iranian nation-state threat actor was blamed for a new wave of phishing attacks that target Israel.
- A new macOS information-stealing malware called “Atomic” (also known as “AMOS”) is being marketed to online criminals for a subscription price of $1,000 per month via secret Telegram channels.
- A data breach expert claims that hackers stole email addresses, direct messages, and other personal information from members of two dating websites.
- The Chinese nation-state organization Alloy Taurus was found using a new undocumented tool with the codename Sword2033 and a Linux backdoor variant known as PingPull.
- An elusive information-stealing malware known as ViperSoftX impacted a large number of victims in the consumer and corporate sectors situated across Australia, Japan, the U.S., and India.
- Customers were found unable to access their account balances and information on the websites and mobile applications of Lloyds Bank, Halifax, TSB Bank, and Bank of Scotland due to web and mobile app outages.