Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
From the good news:
This week, we’ve learned about an unexpected twist in the biggest de-fi hack, a new Titan security key from Google, Microsoft’s new ransomware detection feature, and more.
- The hacker(s) who stole the digital assets on Tuesday returned almost all the $600m in crypto stolen from the DeFi platform Poly Network in one of the ‘biggest’ hacks in de-fi history. BBC said Poly Network offered $500,000 in return for the $600 million in crypto transferred back.
- Following the discovery of several bugs in Windows 10 called PrintNightmare, Microsoft has issued an update that mitigates a flaw in the Windows Print Spooler service. From now, users will need admin rights to install print drivers.
- As part of August’s Patch Tuesday, Microsoft has released 44 security fixes, including seven critical vulnerabilities. There were also fixes for three zero-days and 37 important fixes.
- Google has simplified its range of Titan security keys by deprecating its Bluetooth Titan Security Keys. Google recommends buying Titan USB-A + NFC security key instead of Bluetooth ones.
- Microsoft’s new ransomware detection feature will alert Azure Sentinel customers when their systems perform actions that are associated with the development and execution of ransomware.
- A universal decryptor for Kaseya attack has been leaked online on a hacker forum. Impacted businesses can use it to restore files encrypted during the REvil’s attack and researchers can study it to get a glimpse into the encryption techniques of the now-defunct gang.
From the bad news:
This week has brought news details about Solarwinds attacks, new malware Webdav-O, GhostEmperor, and DeadRinger, a new type of social engineering malware, and other important stories you can’t miss.
Microsoft has detailed an evasive year-long social engineering campaign wherein the operators were relying on Morse code to cover their tracks and harvest user credentials. The operators would change their encryption and obfuscation methods every 37 days.
Taiwanese NAS maker Synology warned its users about the StealthWorker botnet encrypting its network-attached storage (NAS) with ransomware.
A previously unknown ransomware actor DeepBlueMagic is targeting Windows systems and using an innovative encryption approach. The actor uses a commercial disk encryption tool to encrypt not files, as other gangs, but the various disks in the server.
A group linked to Russia’s intelligence service SVR has been targeting the Slovak government officials through spear-phishing campaigns for months, ESET and IstroSec security firms said.
Several flaws in the Wodify fitness platform allow an attacker to modify user data and steal funds. Software is used in over 5,000 gyms all around the world. Fixes are yet to be released.
New information-stealing malware Ficker Stealer, written in Rust, is sold on underground hacker forums in Russia. It has been observed stealing such sensitive information as login credentials, credit card details, cryptocurrency wallets, and browser information.
ESET detailed several new families of IIS web server malware that are being used to carry out cyberattacks, cyberespionage, and SEO fraud. Most notable of the newly discovered threats are IIStealer, IISpy, and IISerpent.
IT consultancy company Accenture has been hit by ransomware from the LockBit 2.0 gang. The new group is threatening to reveal the files publicly. This week, the Australian Cyber Security Centre (ACSC) has warned about an increase in LockBit 2.0 ransomware attacks starting July 2021.
Game maker Crytek revealed that it had suffered a cyberattack that compromised the personal information of some of its customers and game files. The Egregor gang claimed it had breached Crytek’s network back in October 2020.