Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes IBM database updates addressing critical flaws, Cloudflare stopping a record DDoS attack, Microsoft fixing a cross-tenant bug in Azure PostgreSQL, Cisco patching 11 high-severity flaws, and much more.
- In order to safeguard customers against a pair of significant flaws in previous versions of Expat, a third-party library, IBM upgraded its data management platform Db2. Both flaws had a CVSS score of 9.8.
- Cloudflare made efforts to mitigate a 15.3 million request per second (RPS) distributed denial-of-service (DDoS) attack. It’s one of the most massive HTTPS DDoS attacks ever seen.
- Microsoft corrected an Azure PostgreSQL security flaw that might have been used to execute malicious code. Microsoft Azure is a hybrid cloud service used by thousands of businesses.
- Cisco’s April 2022 bundle of security advisories for Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) was released. It was revealed that the company addressed 11 high-severity flaws in security products.
The Bad News
This week’s bad news includes T-Mobile acknowledging the hack by Lapsus$, computer systems of the Costa Rica government being targeted by cybercriminals, North Dakota-based healthcare billing services provider being hacked, new Prynt stealer malware being made available for sale, a new malware being used by North Korean hackers to attack journalists, Coca-Cola investigating a cyberattack incident, Chinese hackers using upgraded PlugX malware to attack Russian army officers, and much more.
- In March, T-Mobile confirmed that it became the victim of a security breach when the LAPSUS$ mercenary gang obtained access to its Internal Tools and Source Code. The company was infiltrated multiple times by this gang during this period.
- Quantum ransomware was identified to carry out fast-moving attacks (aka rapid network attacks) that leave defenders with little time to react. It was first discovered in August 2021.
- Computer systems of the Costa Rica government were targeted by ransomware, and the administration refused to pay a ransom as it hurried to create solutions and defend itself as cybercriminals began releasing stolen data. The Conti gang claimed responsibility for the attack.
- A cyber-attack on a North Dakota-based firm that offers software and billing services for doctors and healthcare professionals reportedly harmed more than 500,000 clients.
- A new info-stealer malware, Prynt Stealer, was found to be available for sale. It is sold for a monthly, quarterly, or annual subscription of $100, $200, or $700, and a lifetime license can be purchased for $900.It comes with a robust set of features, as well as keylogger and clipper modules.
- BotenaGo, a new form of an IoT botnet, has been discovered in the wild, explicitly targeting Lilin security camera DVR equipment and infiltrating them with Mirai malware.
- APT37, a gang of North Korean hackers, has been found to target journalists covering the DPRK with a new malware strain. A phishing effort is used to disseminate the malware.
- The American Dental Association (ADA) was affected by a cyberattack, forcing them to lock down parts of their network while they investigated.
- It was found that the Emotet malware phishing campaign resumed even after the threat actors fixed a flaw that stopped victims from being infected when they opened malicious email attachments.
- A China-linked threat actor was observed targeting Russian speakers with an improved form of the remote access malware PlugX. The possibilities of Russian officials being targeted during this attack are high.
- Advanced hackers actively exploited CVE-2022-22954, a critical remote code execution (RCE) weakness in VMware Workspace ONE Access (previously known as VMware Identity Manager). The purpose was to install backdoors.
- A US healthcare company with branches in Arkansas, Kentucky, and Mississippi, ARcare, disclosed a data breach that might affect 345,000 people.
- It was alerted that parts of the German wind turbine maker Deutsche Windtechnik’s IT systems were compromised in a targeted professional cyber-attack. However, wind turbines didn’t suffer any damage and were out of danger.
- Coca-Cola admitted that it is investigating data breach allegations after a ransomware group claimed to have stolen its documents.
- QNAP asked its customers to avoid using the AFP file service protocol on their network-attached storage (NAS) devices until significant Netatalk issues are fixed.