Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Sophos patching a severe vulnerability in Sophos Firewall, Google issuing security updates, Western Digital fixing a flaw in NAS devices, Apple patching another two 0-days, and much more.
- Sophos fixed an authentication bypass vulnerability, CVE-2022-1040, in Sophos Firewall. This flaw in Sophos Firewall’s User Portal and Webadmin sections allowed remote code execution (RCE).
- Google issued a security-themed Chrome browser update that addresses 28 flaws, some of which are serious enough to result in code execution attacks.
- Western Digital corrected a critical flaw, dubbed CVE-2021-44142, that enabled attackers to take control of unpatched My Cloud OS 5 devices and remotely execute malware with root privileges.
- Rapid7’s on-premises vulnerability management product, Nexpose, has been updated to fix a severe SQL injection issue. The problem emerged due to the lack of definition of appropriate search operators.
- Apple issued emergency patches for two 0-day flaws in its mobile and desktop operating systems. The vulnerabilities have been fixed in iOS 15.4.1, iPadOS 15.4.1, tvOS 15.4.1, watchOS 8.5.1, and macOS Monterey 12.3.1.
- Trend Micro released fixes for Apex Central’s high-severity arbitrary file upload flaw, which has already been exploited in targeted attacks.
The Bad News
This week’s bad news includes malware attacks from ‘Purple Fox’ hackers containing a new FatalRAT variant, remote keyless system of Honda vehicles being hacked, remote ‘Brokenwire’ hack halting the charging of EVs, Ukrainian network provider being attacked, Modem wiper malware being discovered, Deep Panda using exploiting Log4Shell vulnerabilities, and much more.
- The makers of the ‘Purple Fox’ malware updated their inventory with a new version of FatalRAT, a remote access trojan, as well as evasion tactics to get around security software.
- Hackers infected WordPress websites with malicious scripts that exploit users’ browsers to execute DDoS attacks on Ukrainian websites. The targeted sites belong to Ukrainian government entities, think tanks, banks, etc.
- Suncrypt’s ransomware attack affected the Oklahoma City Indian Clinic. Suncrypt claims to have obtained 350GB or more of data, including electronic health record databases and financial papers.
- A researcher proved how an attacker could remotely unlock the doors and start the engine of a Honda vehicle. This remote keyless system issue (CVE-2022-27254) impacts all Honda Civic (EX, EX-L, LX, Touring, Type R, and Si) cars made between 2016 and 2020.
- The LAPSUS$ data extortion gang announced their comeback by breaching data from software services provider Globant. The gang also shared screenshots of data and credentials related to the company’s DevOps infrastructure.
- Ukrtelecom, Ukraine’s largest fixed-line telecommunications firm, got hacked. It has been described as the most severe hack since the Russian invasion began in February, and it has brought the company’s services across the nation to a halt.
- A new way for remotely disrupting the charging of electric cars has been developed by researchers from the University of Oxford in the United Kingdom and the Swiss federal agency Armasuisse. This attack strategy is given the name Brokenwire.
- Ransomware infected 85,000 Law Enforcement Officers, the members of Law Enforcement Health Benefits (LEHB). It is a health and welfare fund for Philadelphia police officers, county detectives, and sheriffs. Hackers began encrypting data on September 14, 2021.
- MashOil and RostProekt got hacked by Anonymous as part of Operation OpRussia. The gang took a large amount of their data and made it available for download on the internet.
- Wiper malware attacking modems and routers was discovered by cybersecurity researchers. This malware, AcidRain, is suspected to be part of a more extensive supply chain operation aimed at undermining Viasat’s satellite internet business.
- Deep Panda, a Chinese advanced persistent threat (APT) hacking gang, has started new intrusions using Log4Shell to spread the new Fire Chili rootkit.