Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes GitHub automatically blocking commits, Microsoft succeeding in preventing cyberattacks on Ukrainian targets, WhiteSource releasing a tool to identify Spring4Shell infections, VMware issuing security patches to resolve eight critical flaws, and much more.
- Secret scanning capabilities on GitHub’s code hosting infrastructure have been upgraded for GitHub Advanced Security customers, allowing them to automatically block secret breaches.
- WhiteSource came up with WhiteSource Spring4Shell Detect, an accessible command-line interface (CLI) tool that instantly detects projects for CVE-2022-22965, also known as Spring4Shell, vulnerabilities.
- Microsoft was successful in preventing cyberattacks on Ukrainian targets orchestrated by the Russian APT28 hacker gang after shutting seven domains used as attack infrastructure.
- VMware issued security upgrades to address eight vulnerabilities across its products, some of which may be used to carry out remote code execution attacks.
- Dell released fixes for its PowerScale OneFS filesystem, which address six security flaws. Except for one problem, there are no non-patch mitigations. However, patched software is available for all versions.
The Bad News
This week’s bad news includes deadly RAT Borat entering darknet markets, more Routers being enslaved by the Beastmode DDoS Botnet, a new WhatsApp phishing attempt being discovered, Cash App notifying customers of a data breach, fake Android shopping apps stealing bank credentials, and much more.
- A deadly RAT (Remote Access Trojan) Borat has entered darknet markets. With simple DDoS, UAC bypass, and ransomware deployment abilities, it lets remote threat actors control the victim’s keyboard and mouse, access data, alter network points, and hide their presence.
- In order to steal bitcoin wallets and their assets, a compromised Trezor hardware wallet mailing list has been used to send out false data breach warnings.
- Statistics from a cybersecurity firm revealed that about one out of every six firms affected by the Spring4Shell zero-day vulnerability has already been targeted by threat actors.
- A variant of the Mirai botnet known as Beastmode has been spotted exploiting newly-discovered vulnerabilities in TOTOLINK routers. It’s used to infect devices that haven’t been patched, potentially extending its reach.
- At least three different advanced persistent threat (APT) groups from around the world started spear-phishing campaigns to steal sensitive data and transmit malware using the Russian-Ukrainian crisis.
- The cybersecurity team at ESET released a new study detailing three different applications that target customers of eight Malaysian banks. Malicious Android apps masquerading as genuine shopping apps steal the financial information of bank customers.
- A WhatsApp phishing attempt was discovered, which pretended to be WhatsApp’s voice message function and attempted to send malware to at least 27,655 email addresses.
- Ukraine’s Computer Emergency Response Team (CERT-UA) uncovered new phishing attempts by the Russian gang Armageddon (Gamaredon). They send malicious emails aiming to trick users into downloading espionage-focused malware.
- A data security incident affecting around 1.8 million persons was announced by the Texas Department of Insurance.
- Cash App notified 8.2 million existing and previous customers from the United States of a data breach after a former employee accessed their account info.
- A cyberattack forced The Works, a toy, book, and stationery retailer in the United Kingdom, to close some locations and temporarily suspend replenishment deliveries.
- The website of Gazprom Neft, the oil branch of Russian state gas corporation Gazprom, went down on Wednesday following an alleged attack, in what looks to be the latest hack of a government-related site in the aftermath of Russia’s invasion of Ukraine.
- FFDroider, an information-stealing malware that steals passwords and cookies kept in browsers to hijack users’ social media accounts, was discovered. Threat actors use hacked social media accounts for a variety of illicit actions, including bitcoin fraud and malware dissemination.
