Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes GitLab addressing a severe flaw in its community and enterprise software, Ukraine and Poland signing an MoU on cybersecurity, IBM addressing severe weaknesses in MQ Messaging Middleware, Mozilla addressing weaknesses in Firefox and Thunderbird, and much more.
- The DevOps platform GitLab released fixes to fix a severe security hole that could have allowed arbitrary code execution on vulnerable servers.
- A memorandum of understanding in the area of cyber security was signed by the Chancellery of the Polish Prime Minister, the State Service of Special Communications, and the Ukrainian Ministry of Digital Transformation.
- Patches were released for IBM MQ critical vulnerabilities, preventing attackers from bypassing security restrictions and accessing sensitive data.
- Mozilla fixed a number of severe flaws in its Firefox and Thunderbird programs. If unpatched, hackers could have abused them for cyberattacks like phishing, etc.
- Cisco issued fixes for two flaws (CVE-2022-20823 and CVE-2022-20824) impacting the NX-OS software that runs its Nexus-series business switches.
The Bad News
This week’s bad news includes hackers targeting hotels and tourist firms with bogus reservations, a cyberattack causing QuickLaunch authentication service outages, over 80k Hikvision cameras with weaknesses being exposed, a security company revealing particulars of an issue with a CrowdStrike product, Quantum ransomware disrupting a government agency of the Dominican Republic, new Golang ransomware Agenda customizing attacks, and much more.
- A hacker known as TA558 has intensified its actions this year, conducting phishing attacks against a number of hotels and companies in the hospitality and tourism sectors.
- An Israeli researcher discovered that the LED indicators on network cards might be used to steal data from air-gapped computers. The technique, known as “ETHERLED,” converts the flickering lights into decipherable Morse code communications.
- The single sign-on platform of QuickLaunch continued to endure sporadic failures throughout much of Monday and Tuesday, leaving institutions scurrying to set up other sign-in procedures and reestablish access to critical services.
- Threat actors are increasingly employing trusted software-as-a-service (SaaS) platforms such as website builders and personal branding spaces to establish malicious phishing websites that capture login credentials.
- Security experts revealed that more than 80,000 Hikvision cameras had been found to be susceptible to a severe command injection issue, which may be promptly exploited by sending precisely crafted messages to the vulnerable web server.
- California prisons authorities stated there may have been a possible exposure of medical information for staff and visitors tested for the coronavirus. However, they have not discovered any inappropriate usage despite the data leak.
- Following what it referred to as a “ridiculous vulnerability disclosure procedure,” a security company revealed the specifics of a problem with a CrowdStrike product. CrowdStrike clarified a few things following the revelation.
- CBS News disclosed that the Texas-based Methodist McKinney Hospital received a threat from the Karakurt hacking organization about 360GB of data stolen from its systems.
- Numerous services and workstations were encrypted by the Quantum ransomware attack that hit the Instituto Agrario Dominicano in the Dominican Republic.
- Researchers found several ongoing malware distribution efforts targeting internet users seeking pirated software downloads. They use SEO poisoning and malvertising to push rogue shareware sites up in Google Search results.
- Technology company Accelya, which offers services to numerous airlines, including American Airlines, Delta, British Airways, JetBlue, United, Virgin Atlantic, and others, revealed that company data had been uploaded on a ransomware leak site.
- Enterprises in Asia and Africa have been targeted by new ransomware created in the Go programming language. The ransomware is called Agenda, and it is victim-specific.
- Hackers continue to target applications with the Log4j vulnerability, as seen by the Iranian threat actor “MuddyWater,” who was discovered concentrating his efforts on Israeli firms employing the SysAid software.
