Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Microsoft shutting down accounts associated with Russian spies, Zoom addressing a vulnerability that affects Mac users, the Federal Reserve issuing guidance to banks regarding Crypto activities, Google blocking a third record-breaking DDoS attack, and much more.
· Microsoft claimed to have blocked accounts used by the Seaborgium cybercrime group to phish for customer information and steal passwords. This gang has links to Russia.
· Zoom users on Macs should update their application because the developer released a patch to address a security vulnerability that may allow an attacker to hijack users’ devices.
· The U.S. Federal Reserve provided more recommendations for banks considering their engagement in cryptocurrency-related operations, highlighting the need for enterprises to inform the Fed beforehand and ensure that anything they do is lawful.
· A fugitive, Njuh Valentine Fombe, was detained after being sought out by the US Department of Justice (DoJ) for his involvement in a business email compromise (BEC) scam.
· Google claimed that it successfully thwarted the largest-ever HTTPS-based distributed denial-of-service (DDoS) assault, which peaked at 46 million requests per second in June.
The Bad News
This week’s bad news includes Chinese hackers backdooring the MiMi chat application, a Twilio hack exposing Signal phone numbers, Argentina’s Córdoba-based judiciary being targeted by PLAY ransomware, Russian hackers using the Infostealer malware to attack Ukrainian organizations, LockBit behind the ransomware attack on security company Entrust, Active Directory Services being compromised by hackers, and more.
· Infection chains by Chinese threat actor Lucky Mouse employ the chat app MiMi, whose installation files have been compromised, to get and install HyperBro samples for Windows and rshell artifacts for Linux and macOS.
· Twelve malicious Python packages that launch DDoS assaults on a Counter-Strike 1.6 server were uploaded to the PyPi repository as part of a typosquatting attempt.
· Nearly 1,900 Signal users’ phone numbers were made public due to the data breach Twilio, a cloud communications provider had at the beginning of the month. It happened because hackers accessed the Twilio employee accounts.
· An advisory from the Department of Health and Human Services Cybersecurity Coordination Center revealed that healthcare providers are being targeted by the Evernote phishing scam. It leverages a secure communication theme to gather credentials.
· In response to a ransomware attack, which was purportedly executed by the new ‘PLAY’ ransomware operation, the Córdoba Judiciary in Argentina shut down its IT systems.
· 37,000 users’ personal and transaction information was leaked online during the BharatPay data breach incident. Usernames, hashed passwords, mobile phone numbers, and UPI IDs are among the breached data.
· As part of what is thought to be an espionage campaign, Russian state-sponsored hackers are continuing to target Ukrainian organizations with information-stealing malware.
· Malware that can run on Apple Macs with Intel and M1 chipsets has been seen to be used by the Lazarus Group to target jobseekers. This gang receives financial support from North Korea.
· The LockBit ransomware gang has been held responsible for the attack against Entrust, a prominent supplier of digital security, on June 18, 2022. During this intrusion, data was stolen from its internal systems.
· A series of activities related to a single Iranian threat organization has been aiming its attacks toward Israeli interests, particularly the shipping sector. Beginning in late 2020, the action is still going on in mid-2022.
· The BlackByte ransomware is back with version 2.0 of their campaign, featuring a new data leak site that makes use of fresh extortion strategies adapted from LockBit.
· At least 80 businesses were targeted by the Chinese Winnti hacking gang, also known as “APT41” or “Wicked Spider,” last year, and at least thirteen of those networks were successfully compromised.
· The malware loader Bumblebee is increasingly being used by threat actors connected to BazarLoader, TrickBot, and IcedID in their operations to infiltrate victim networks for things like post-exploitation activities.
