Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes FoxIt addressing code execution vulnerabilities in PDF tools, Google enabling end-to-end encryption for Gmail, two individuals being arrested for involvement in taxi hacking activity at JFK airport, Hikvision patching a severe vulnerability in some of its products, and much more.
- A critical-severity patch from Foxit Software was released to address a risky remote code execution vulnerability in its flagship PDF Reader and PDF Editor products.
- Google introduced end-to-end encryption (E2EE) that will allow enrolled Google Workspace users to send and receive encrypted emails both inside and outside of their domain.
- Hikvision, a Chinese business specializing in video surveillance, addressed a severe flaw in some of its wireless bridge devices. The problem could have resulted in remote CCTV hacking.
- Two suspects were arrested for taking part in a hacking campaign against the taxi dispatch system at John F. Kennedy International Airport.
- President Biden signed legislation aimed at encouraging federal government agencies to adopt technology safeguarded from decryption by quantum computing.
The Bad News
This week’s bad news includes Play ransomware attacking German hotel business H-Hotels, Ukraine’s military system users being targeted by malware that steals information, a data leak at DraftsKing impacting personal data of 68,000 users, RisePro info-stealer gaining popularity among cybercriminals, IoT botnet Zerobot being updated, more than 400 banking and crypto applications being targeted by the GodFather Android banking trojan, and much more.
- Communications at the hospitality group H-Hotels (h-hotels.com) were interfered with due to a hack attributed to the Play ransomware group. This security incident occurred on December 11, 2022.
- More than 100,000 students’ records, as well as the source code and cryptographic keys belonging to the world’s largest education publishing company, McGraw Hill, were exposed due to misconfigured Amazon Web Services S3 buckets.
- Users of the “DELTA” situational awareness program received phishing emails and instant messages from a stolen email account belonging to the Ukrainian Ministry of Defense. They were intended to infect computers with info-stealing malware.
- A notorious hacker by the name of Jason Brubeck was successful in stealing the Bored Ape collection for almost 850 ETH ($1+ million), completely devasting his victim.
- Sports betting firm DraftKings disclosed that 68,000 users’ personal information was exposed due to a data breach. The problem was the consequence of a credential-stuffing attack instead of a system breach.
- Cyberthreat firm Flashpoint revealed that the pay-per-install malware downloading service “PrivateLoader” is spreading the newly found information stealer RisePro.
- Threat actors linked to the ProxyNotShell vulnerabilities in Microsoft Exchange Server have been found using a never-before-seen attack chain to get around blocking controls and execute remote code through Outlook Web Access (OWA).
- An Oklahoma-based firm offering administrative and technological support to healthcare institutions informed over 271,000 people that their private details might have been exposed in a hacking scandal involving a third-party data storage vendor.
- ThyssenKrupp AG, a global industrial engineering and steel production company, based in Germany, reported a cyberattack on its Materials Services branch and corporate headquarters.
- The IoT botnet Zerobot has been updated with a wider range of exploits and DDoS capabilities. It can now target twelve different device architectures and is capable of self-replication and self-propagation.
- Over 400 banking and cryptocurrency applications from 16 different countries were found to be targeted by the Android banking trojan known as GodFather.
- Millions of ad impressions on stolen content were created by a huge advertising fraud scheme employing Google Ads and “popunders” on adult websites, earning the fraudsters approximately $275k per month.
- Sports betting operator BetMGM revealed that the personal information of its clients had been stolen unlawfully. However, it did not say how many individuals were impacted by this incident.
- LastPass, a password management service, disclosed that cybercriminals used information stolen from the prior break-in to gain a trove of personal data belonging to its users, including their encrypted password vaults.