Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes four individuals being arrested for plotting an IRS tax refund scam, Android’s December security update addressing 81 weaknesses, Apple rolling out enhanced security measures for iCloud backups, FERC chairman seeking upgradation of cybersecurity requirements, and much more.
- Four individuals were deported to America for conspiring to hack into the systems of US businesses, steal people’s personally identifiable information (PII), use that data to submit false tax returns with Uncle Sam, and then take the victims’ tax refunds.
- The December 2022 security update for Android was released by Google. It fixed 81 weaknesses, of which four were critical-severity flaws and one allowed remote code execution through Bluetooth.
- In order to secure sensitive iCloud data, including backups, photographs, notes, and more, Apple released Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption.
- Cybersecurity solutions supplier Fortinet released fixes for various flaws affecting its multiple products, including a high-severity authentication bypass harming FortiOS and FortiProxy.
- FERC chairman, with other regulators, is looking into ways to upgrade the critical infrastructure protection, or CIP, guidelines to defend electric utilities and other companies in the energy sector from cyberattacks on their software supply chains.
The Bad News
This week’s bad news includes Google Play distributing over 2 million Android malware apps, Linux devices being hijacked via PRoot isolated filesystems, hackers being helped by a SiriusXM flaw to remotely unlock ans start connected vehicles, the second-largest Russian bank being affected by a DDoS attack, WAFs of multiple vendors being bypassed via a generic attack technique, New Zealand government being impacted by a cyberattack on IT services provider, new “Fantasy” wiper being employed by Iranian cybercriminals for supply chain attacks, and much more.
- The Google Play store was found to be compromised by new Android malware, phishing, and adware apps that have tricked over two million people into installing them.
- Resecurity, the cybersecurity business in California, discovered a new Dark Web marketplace (InTheBox) oriented towards mobile malware operators and developers.
- A variant of the open-source ransomware toolkit known as Cryptonite was spotted in the wild with wiper capabilities because it is written in Python and uses the Fernet module of the cryptography package for encrypting files.
- Cybersecurity researchers discovered a security hole that leaves automobiles built by Honda, Nissan, Infiniti, and Acura open to remote intrusions through a connected car service provided by SiriusXM.
- Hackers were found exploiting BYOF (Bring Your Own Filesystem) attacks to take advantage of the open-source Linux PRoot utility and offer a consistent library of harmful tools that are compatible with different Linux versions.
- A new report from a Scottish security company revealed that Russian hackers have been attacking Ukraine by infiltrating the networks of companies in the UK, the US, and other countries.
- VTB, Russia’s second-largest bank, dealt with the greatest hack in its history after being forced to shut down its website and mobile applications by a DDoS attack.
- French-language media source Numerama revealed that the infamous ransomware gang Hive attacked the sports products manufacturer Intersport and exposed records of its clients’ personal data.
- Claroty, a cybersecurity company for the industrial and IoT, discovered a general technique for getting beyond the web application firewalls (WAFs) of several key vendors. Cybercriminals can exploit this method.
- The managed service provider (MSP), Mercury IT, was the target of a ransomware attack, which was recognized by the New Zealand government as having harmed businesses and government entities in the country.
- Acuity Brands, a global leader in lighting and building management, made public disclosures about two recent data breaches, one of which may have involved ransomware.
- Cisco uncovered a high-severity vulnerability that might allow remote code execution and denial of service (DoS) attacks on its most recent IP phones.
- Agrius, an advanced persistent threat (APT) actor with ties to Iran, was found using a new wiper in attacks against targets in South Africa, Hong Kong, and Israel.