Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes the Government of India issuing an advisory against phishing attacks, the UAE Cybersecurity Council cautioning against potential cyberattacks, Netgear urging users to update their devices, CISA adding two JasperReports flaws to its Known Exploited Vulnerabilities Catalog, and much more.
- Following the LastPass data breach, the Computer Emergency Response Team (CERT-In) published advice that forewarned Indian users that phishing attacks carried out by fraudsters might breach their accounts.
- The UAE Cybersecurity Council cautioned all public and commercial organizations, as well as individuals, of the possibility of cyberattacks, particularly during the New Year’s celebrations and the holiday season.
- Multiple WiFi router models were affected by a high-severity vulnerability that was patched by Netgear. Customers were encouraged to upgrade their devices to the most recent firmware as soon as possible.
- The Known Exploited Vulnerabilities (KEV) database of the US CISA now includes the TIBCO Software JasperReports vulnerabilities, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9).
The Bad News
This week’s bad news includes data of 400 million Twitter users being stolen and made available for sale, new methods of avoiding security software being used by GuLoader malware, data of 30 million Indian Railways customers being made available on the internet, Android phones being spied via motion sensors, ransomware attack at Louisiana hospital affecting 270,000 patients, Citrix servers being vulnerable to patched vulnerabilities, and much more.
- A hacker stole the data of 400 million Twitter users and made it available for sale. He said the database is private and provided a sample of 1,000 accounts, having personal information of prominent people like Donald Trump Jr., Brian Krebs, etc.
- Attackers from North Korea have started using phishing websites to pose as well-known non-fungible token platforms and decentralized finance markets in order to steal thousands of dollars worth of digital assets.
- A Chicago-based engineering and construction company that develops electricity networks discovered unauthorized behavior that led to the theft of names and Social Security numbers of its clients.
- Cybersecurity researchers found that the advanced malware downloader GuLoader, aka CloudEyE, now employs various new tactics to get through security software.
- The largest cryptocurrency mining pool in the world, BTC.com, reported becoming the target of a hack that stole digital assets worth about $3 million.
- About 30 million people’s data were stolen via a data breach that the Indian Railways faced. The user data is rumored to have been put up for sale on the Dark Web by a hacker.
- A group of researchers developed an eavesdropping attack for Android cellphones that, to varying degrees, may discern the gender and identity of the caller and even read the private conversation.
- In order to spread malware to naïve people looking for well-known software products, malware operators started exploiting the Google Ads platform more and more frequently.
- A cyberattack against the telecoms firm Intrado was blamed on the Royal Ransomware group. Certain sources revealed to the media that the preliminary ransom demand was $60 million.
- An internal investigation revealed that hackers gained unauthorized access to the LCMHS (Lake Charles Memorial Health System) network and stole crucial data. This incident occurred on October 21, 2022.
- Citrix recently resolved two critical-severity security flaws, yet thousands of Citrix ADC and Gateway implementations are still at risk. Threat actors have already started exploiting some of these weaknesses.
- Two ransomware gangs released stolen material on their leak site, prompting toy manufacturing company Jakks Pacific to disclose a hack to the U.S. Securities and Exchange Commission.
- The Google Home smart speaker may be remotely controlled and converted into an eavesdropping device by setting up a backdoor account with access to the microphone feed.
- The LockBit ransomware group took responsibility for a cyberattack that occurred on Christmas day on the Port of Lisbon Administration (APL), Portugal’s third-largest port.