Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes US authorities seizing $112 million from cryptocurrency fraudsters, an international law enforcement effort resulting in the closure of the notorious Genesis Market cybercrime forum, Spain’s police detaining one of the country’s most dangerous hackers, April 2023 updates from Android fixing severe remote code execution weaknesses, and much more.
- Six virtual currency accounts totaling over $112 million US dollars stolen in cryptocurrency investment scams were confiscated by the US Department of Justice.
- Over a dozen law enforcement agencies from across the world shut down the Genesis Market, a renowned online black market where stolen passwords and biometric data were sold to cybercriminals so they could launch attacks or steal identities.
- The police in Spain detained José Luis Huertas (also known as “Alcaseca,” “Mango,” or “chimichuri”), who is considered one of the nation’s most dangerous hackers.
- Google released the April 2023 security updates for Android devices, containing fixes for over 65 vulnerabilities and two severe issues that might result in remote code execution (RCE).
- Cisco released updates for a number of flaws affecting several products, including Secure Network Analytics and Identity Services Engine (ISE) products with high-severity weaknesses.
- The Flipper Zero portable multi-tool for pen testers was no longer allowed for sale on Amazon because it was classified as a card-skimming device.
The Bad News
This week’s bad news includes million-dollar ransoms being asked by Money Message ransomware, a new data breach emerged involving Uber drivers, fraudulent VPN service being used by crypto-stealing OpcJacker malware to target users, experts alerting on the emergence of Rorschach ransomware, Log4j being used by cybercriminals in cloud attacks through proxyjacking, Telegram becoming the latest preferred platform for phishing tool and service sales, garage door openers being vulnerable to hijacking, and much more.
- A novel ransomware organization “Money Message” appeared, assaulting victims everywhere and requesting $1 million in ransom payments to stop data breaches and the distribution of a decryptor.
- Some victims of the 3CX supply chain assault also had Gopuram malware backdoored into their systems since threat actors targeted cryptocurrency firms, especially with this additional harmful payload.
- The personal information of Uber’s drivers was stolen by hackers through the IT infrastructure of the law firm Genova Burns.
- A new information-stealing malware OpcJacker appeared in the wild in the second half of 2022 as a consequence of a malvertising campaign.
- The Mantis cyberespionage gang, aka Arid Viper, Desert Falcon, and APT-C-23, carried out more cyberattacks while employing a new toolkit and making tremendous efforts to maintain a lasting presence on the networks they were targeting.
- An extremely smart and fast ransomware outbreak known as Rorschach was revealed by cybersecurity researchers. It was deployed against a US company.
- Threat actors found a lucrative new attack technique (proxyjacking) that makes use of legitimate proxyware services that allow users to resell some of their Internet bandwidth to third parties.
- vpnMentor revealed that a data breach exposed hundreds of thousands of personal details on a website where users may trade discounted online accounts, license keys, and malware.
- Telegram has become the platform of choice for developers of phishing kits and bots trying to expand their customer base or find unpaid laborers.
- Nexx’s garage door controllers, smart plugs, and smart alarms have cybersecurity weaknesses that might allow cyber criminals to open garage doors, take control of smart plugs, and remotely control smart alarms.
- OCR Labs exposed confidential credentials using a digital identification technology offered to well-known banks and government organizations, placing customers at serious risk.
- Styx Marketplace, a new financial fraud marketplace on the Dark Web, gives cybercriminals the tools they need to commit their nefarious deeds, including SIM cards, fake identification documents, credit card information, and other stuff.
