Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
From the good news: The good things that occurred this week involve Microsoft taking down websites employed by Chinese hackers, a Canadian citizen being accused in relation to healthcare attacks, US Cyber Command head confirming direct action against ransomware groups, Microsoft suggesting preventing ransomware attacks with secure-core servers, and much more.
- Microsoft removed hundreds of malicious websites run by Nickel, a Chinese hacking gang. Its websites target businesses in the US and 28 other nations globally.
- CS Energy of Australia succeeded in foiling a ransomware attack that took place on November 27. Experts believe it was from Chinese hackers, and their success could have led to the shut down of two big thermal coal plants.
- In connection to healthcare attacks, a suspected ransomware associate has been detained. He is a 31-year-old Canadian resident and was involved in many cyberattacks on US and Canadian companies.
- Grafana, open-source analytics & interactive visualization solution, was updated to address a critical zero-day flaw that allows remote access to local files.
- The head of the United States Cyber Command has confirmed that direct action will be taken against ransomware groups. This initiative will help in reducing cyberattacks on American infrastructure and companies.
- Microsoft has developed the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices. The company believes them to be efficient in protecting clients’ networks from security threats like ransomware.
- Australian Cyber Security Centre (ACSC) is worried about the Conti ransomware attacks on Australian enterprises. As a result, it published a ransomware profile with further information on the Conti gang.
The bad news: A lot of bad incidents occurred this week, including Pegasus being used to hack iPhones of US officials, personal data of 30K Florida healthcare employees getting leaked, contact forms and discussion forums being spammed to spread infected Excel XLL files, cyber-attack leading to the shut down of several SPAR stores, Emotet now dropping Cobalt Strike, and much more.
- Apple issued a warning to the US Embassy and State Department employees that their iPhones may have been compromised by an unknown adversary using Pegasus malware.
- The DS_STORE file in Microsoft Vancouver is exposing website credentials. The file’s information points to many WordPress database dumps, each containing various administrator identities, email addresses, and the hashed password.
- Due to a non-password-protected database, the personal information of over 30K US healthcare professionals was exposed. Names, emails, home addresses, photos, and, in certain cases, Social Security numbers and tax documents were among the data leaked.
- Cybercriminals are abusing contact forms and discussion forums to spread Excel XLL files infected with the RedLine Password-Stealing Malware. When downloaded and installed, it steals passwords and personal information.
- An online attack on the IT systems of SPAR affected its 330 stores across the North of England. The company immediately started working to resolve this issue as soon as feasible.
- After a ransomware operation, some data from Vestas has been made public by cybercriminals. Regardless, the Danish firm continued operations.
- Various flaws in Eltima SDK affect multiple Cloud service providers. They allow attackers to disable security products, replace system components, harm the operating system, or perform malicious acts without being noticed.
- The famous Emotet malware now deploys Cobalt Strike beacons right away, giving threat actors instant network access and increasing the likelihood of ransomware operations.
- Hackers are inserting credit card swipers into e-commerce WordPress plugins at random. By doing so, they acquire customers’ payment information while remaining unnoticed.
- Security flaws in Microsoft and others’ popular OAuth2.0 implementations are allowing redirection attacks to evade most phishing detection and email security solutions.
- Employee data from the South Australian state government was stolen as part of a ransomware attack on payroll provider Frontier Software. All the critical payroll-related information was taken.