Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
From the good news:
This week, we’ve learned about an English translation of the leaked Conti playbook, a new method for near-perfect randomness, a new security feature from Twitter, and more.
- The leaked internal materials of the Conti gang got translated into English. Security experts can now get a better understanding of how these groups operate and the tools they tend to leverage in attacks.
- An AWS researcher has come up with a way to create near-perfect randomness by combining the power of two quantum processors. Experts say it can improve modern cryptography protocols.
- WhatsApp acknowledged released a security fix for an “Out-Of-Bounds read-write vulnerability” related to WhatsApp’s image filter functionality. The flaw was fixed in app version 188.8.131.52.
- Twitter has introduced a new feature that blocks online harassment and reduces disruptive interactions on the platform. It’s called Safety Mode; once enabled it will automatically and block users for seven days for using harmful language in replies, quote tweets, and mentions.
From the bad news:
This week has brought news about new attacks, another large crypto heist, the rise of “proxyware,” code execution in GPU, data breaches at Fujitsu, Bangkok Airways, and Puma.
- Sixteen new security flaws have been discovered, allowing an attacker to execute arbitrary code and launch denial-of-service (DoS) attacks to crash commercial Bluetooth devices. The weaknesses were dubbed as “BrakTooth.”
- ESET’s cybersecurity researcher has found a flaw in Quebec’s vaccine-proofing apps VaxiCode and VaxiCode Verif that can be forced to recognize fake QR codes as valid. He found the flaw in the iOS version of the app, but the Android version likely has it too.
- Cream Finance was hacked out of over $34 million in crypto after a hacker exploited a flaw in its market system. Cream stated if the attacker can keep 10% of it, if he returns the stolen money, and do so without any consequences.
- Cisco Talos said the use of “proxyware” is becoming more popular, as cyber attackers are stealing the internet bandwidth of their victims to silently generate revenue.
- LockBit 2.0 ransomware gang leaked more than 200 Gb of sensitive data belonging to the Bangkok Airways airlines on its leak site. The gang also said they managed to steal enough credentials “that would enable them to go after company customers.”
- Cybercriminals can soon start to use malware that can execute code from a compromised system’s graphics processing unit (GPU). A PoC for the method was sold on a hacker forum this month that can allow malicious code to evade detection by security solutions scanning RAM.
- Fortress S03 Wi-Fi Home Security System is subject to several security issues that could allow an attacker to gain access to the system and disarm the alarm devices without the user’s knowledge and potentially gain access to the house.
- A now-fixed security issue is affecting the unpatched Microsoft Exchange Server. The flaw could allow an attacker to modify the server’s configurations and expose sensitive information (PII).
- CISA has added single-factor authentication to the list of “exceptionally risky” cybersecurity practices, noting that the traditional login-password combo could compromise private businesses, critical infrastructure, and government agencies.
- Phorpiex malware authors have reportedly shut down their botnet and are selling its source code on a dark web forum. Experts confirmed the code is probably genuine.
- Data from Fujitsu was put up for sale on the Dark Web. The company confirmed the theft of 4 GB of its data but claimed the information was related to customers and not to their own systems. Experts, however, say a sample of the stolen data leaked on the gang’s website is legitimate.
- Data belonging to Puma was put up for sale on the dark web marketplace Marketo. A threat actor claimed to have stolen 1 Gb of data from the company.
- LockBit ransomware group claimed responsibility for a data breach at Bangkok Airways that compromised passport information and other personal data of passengers.
- A bug in the WhatsApp’s image filter could have allowed an attacker to send to a victim a maliciously-craftted image that could be used to read sensitive information from the app’s memory.
- Attackers exploit an OGNL injection vulnerability in Atlassian’s Confluence app to install crypto miners.
- Conti ransomware gang is attacking Microsoft Exchange servers and breaching corporate networks by exploiting recently disclosed vulnerabilities dubbed as ProxyShell.
- Russian state hackers targeted Autodesk during the SolarWinds Orion attack. No customer operations or Autodesk products were disrupted as a result of this attack.