Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes National Cybersecurity Alliance launching a career training program at HBCU, Chrome 105 fixing high-severity flaws, Ukrainian cops busting fraudulent cryptocurrency call centers, WordPress releasing fixes for three security weaknesses, and much more.
- A new educational initiative was started by the National Cybersecurity Alliance (NCA) with the objective of enhancing cybersecurity professional training at Historically Black Colleges and Universities (HBCUs).
- The first stable version of Chrome 105, which includes fixes for 24 security flaws, including 13 use-after-free and memory buffer overflow problems, was released by Google.
- Authorities in Ukraine busted a network of call centers involved in financial fraud against locals and EU citizens. The criminal organization’s staff reportedly employed software to spoof phone numbers and appear to be phoning from reliable banks.
- The WordPress team released Version 6.0.2 of the content management system (CMS), which includes fixes for three security flaws, including a severe SQL injection vulnerability.
- Apple backported security patches to earlier models of the iPhone, iPad, and iPod touch to fix a severe security weakness that has been actively exploited in the wild.
The Bad News
This week’s bad news includes the Twilio breach exposing Okta’s one-time MFA credentials, ScanBox malware by Chinese hackers targeting the Australian government, hackers employing ModernLoader to infect systems, Nelnet servicing breach exposing data of student loan accounts, Chinese database with faces and vehicle license plates being exposed online, cybercriminals releasing Mini Stealer’s builder and panel for free, malware being implanted in pictures captured by James Webb Space Telescope, hard-coded AWS credentials being compromised, and much more.
- The threat actor behind the Twilio attack used temporary codes sent through SMS over Twilio to view the mobile phone numbers and OTPs of Okta users.
- PureCrypter, a MaaS (malware-as-a-service) type loader that has been highly active this year, is spreading more than ten malicious malware families and exploiting thousands of C2s.
- Baker & Taylor, which claims itself as the largest supplier of books to libraries worldwide, acknowledged that it is still attempting to restore systems following a ransomware attack.
- Chinese threat actors have been directing some individuals to a fake site posing as an Australian news outlet to attack Australian government agencies and wind turbine fleets in the South China Sea. Victims were lured through phishing emails and the ScanBox malware.
- Between March and June 2022, three different but connected operations have been discovered to spread malware, such as ModernLoader, RedLine Stealer, and cryptocurrency miners, onto victim systems.
- Five Google Chrome extensions that stealthily track users’ browsing activities have been discovered by threat specialists at McAfee. Over 1.4 million downloads of the extensions have been made overall.
- Over 2.5 million people with student loans from the Oklahoma Student Loan Authority (OSLA) and EdFinancial had their data exposed after hackers accessed the systems of technology services provider Nelnet Servicing.
- Millions of faces and car license plates were stored in a sizable Chinese database that was publicly accessible for months before being silently removed in August.
- The builder and panel for MiniStealer have been made available on a cybercrime forum for free by a threat actor. Using such tools, threat actors may produce malicious payloads.
- A persistent Golang-based malware campaign known as GO#WEBBFUSCATOR used the deep field data collected by NASA’s James Webb Space Telescope (JWST) as bait to install malicious payloads on targeted devices.
- With hundreds of millions of users potentially at risk, a flaw in the TikTok app for Android might have allowed attackers to take control of any account that clicked on a malicious link.
- Researchers discovered a successful phishing scam in which the fraudster poses as American Express, a well-known charge card firm, and instructs cardholders to open an attachment and call the card company right away about the cardholder’s account.
There is a significant security risk due to 1,859 Android and iOS apps having hard-coded Amazon Web Services (AWS) credentials.
