Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Meta stopping cyberespionage efforts in South Asia, Saudi Arabia enhancing the cybersecurity sector, IMB addressing severe flaws in the cloud, security, and voice products, Cisco patching a serious vulnerability, and much more.
- Two cross-platform cyberespionage operations that relied on a number of websites for malware distribution were stopped by Facebook’s parent company, Meta.
- Saudi Press Agency revealed that the National Cybersecurity Authority of Saudi Arabia had inaugurated the “CyberIC” program to grow the country’s cybersecurity sector. It will localize cybersecurity technologies via training and boost national cybersecurity capabilities.
- IBM patched several high-severity flaws affecting products, including Netezza for Cloud Pak for Data, Voice Gateway, and SiteProtector.
- Cisco fixed a severe flaw in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). An unauthenticated, remote attacker might exploit this vulnerability to get an RSA private key by activating it on devices running Cisco ASA and FTD software.
- Palo Alto Networks fixed a reflected amplification denial-of-service (DoS) weakness that affects PAN-OS, the platform supporting its next-generation firewalls.
- CISA launched an election security toolkit that will assist state and local election authorities with access to several free tools and resources to protect their voting systems ahead of the next midterm elections.
The Bad News
This week’s bad news includes North Korean hackers attacking cryptocurrency experts, Twilio experiencing a data breach, Ski-Doo producer BRP being hit by cyberattack, North Korean hackers using Maui ransomware, 7-Eleven in Denmark being forced to close stores, PlatformQ exposing data of US healthcare workers, Realtek SDK flaw making routers vulnerable to remote attacks, and much more.
- The famous North Korean hacking group Lazarus discovered a new social engineering scheme in which hackers act as Coinbase to recruit cryptocurrency experts. They do it frequently and via LinkedIn.
- Chinese cyberspace administration revealed that fraudsters in China lured a youngster with promises of enabling them to circumvent the country’s time restrictions on playing computer games in exchange for just $560.
- The security research group at VPNOverview discovered a data leak that might have exposed about 100,000 healthcare professionals working at significant hospitals across the US.
- New Windows malware was used in a widespread series of cyberattacks that were discovered in January to backdoor government agencies and businesses in the military sector from various Eastern European nations.
- Twilio, the customer engagement platform, suffered a data breach. It disclosed that a sophisticated threat actor gained illegal access to some accounts via an SMS-based phishing attempt targeted at its employees.
- Threat actors got access to internal systems and grabbed marketing lists for clients that deal with cryptocurrencies, prompting email marketing company Klaviyo to suffer a data breach.
- In relation to a Stairwell report on Maui ransomware, CISA disclosed that North Korean State-Sponsored Cyber Actors Target the Healthcare and Public Health Sector using this ransomware.
- The producer of Ski-Doo snowmobiles and Sea-Doo boats reported becoming the subject of malicious cybersecurity activity and immediately took action to manage the problem.
- Denmark’s 7-Eleven acknowledged that ransomware caused 175 stores to close on Monday. The threat actors accessed its network and encrypted systems.
- Cybersecurity company Sophos revealed a rise in cyberattacks involving numerous criminal groups distributing ransomware to the same victim had been noticed.
- The malicious Chromium-based browser extension distributed by CopperStealer allows for cryptocurrency withdrawals from the wallets of victims to the attackers.
- Realtek, a Taiwanese semiconductor maker, has a significant weakness in eCos SDK that might make many vendors’ networking hardware vulnerable to remote attacks.
- A new type of HTTP request smuggling attack made it possible to infiltrate some well-known websites, such as Amazon and Akamai, disable TLS, and take advantage of Apache servers.