Welcome to CyberIntel Magazine’s weekly roundup! A place where you can read the most important stories in the cybersecurity world from the past week.
This week we’ve seen Microsoft open-sourcing its anti-SolarWinds toolkit, more Accellion-related attacks, how invitation-only Clubhouse audio chats can be hijacked, more than 6,700 VMware vCenter servers exposed online, and more.
From the good news:
Google adds an easy way for Android users to check the security of their passwords
Google’s new password checkup feature in Android will give users an easy way to check if the passcodes they’re using have been compromised. Password Checkup works by searching a database of billions of credentials that had been leaked in website breaches over recent years.
ENISA published new cloud security guidelines for the healthcare industry
European Union Cybersecurity Agency (EUCA) issued cloud security guidelines with best practices for the healthcare sector. The set of practices aims to help IT professionals in the healthcare cybersecurity sector.
Microsoft open-sourced CodeQL queries to root out SolarWinds malware
From the bad news:
China-backed APT31 group cloned NSA Equation Group’s “EpMe” hacking tool
The big surprise came from the Check Point’s researchers who showed that the China-linked APT31 group cloned NSA Equation Group’s “EpMe” hacking tool and have been using it for years. According to Kaspersky who discovered the “EpMe” tool in 2015, it has been in the wild since at least 2001. It was cloned by APT31 sometime in 2014.
VMware flaw with a severity rating of 9.8 reported and patched by the company
A remote code execution flaw in VMware’s vSphere HTML5 hybrid cloud suite – CVE-2021-21974 – with a severity rating of 9.8 out of 10 left more than 6,700 VMware vCenter servers exposed and vulnerable online. Besides that, VMware disclosed a few other vulnerabilities (CVE-2021-21972 and VE-2021-21973) that could allow hackers to take over unpatched devices and companies’ entire networks. The three bugs have been patched by the company this week.
10K Microsoft email accounts hit in FedEx & DHL phishing attacks
Researchers at Armorblox are warning of recent phishing attacks targeting at least 10,000 Microsoft email users in which attackers disguise themselves as mail couriers FedEx and DHL Express. Phishing web pages hosted on legitimate domains, including those from Quip and Google Firebase, – allowed the emails to slip by security filters effectively tricking victims into providing their credentials.
Accellion-related attacks hit over 100 companies, Steris Corporation is the latest victim
A ransomware gang Clop claims responsibility for stealing an unspecified amount of information from Steris Corporation. Steris touted as the latest victim of Accellion attacks that have resulted in 100 companies being attacked and data stolen from 25 of them. Attackers abuse flaws in the Accellion file transfer product which hasn’t been updated due to its reaching end of life.
Malicious Amazon Skills can bypass the security vetting process
German and US researchers warn Amazon’s voice assistant Alexa is vulnerable to malicious third-party Skills. Hackers could publish a Skill under any developer name and make backend code changes after app approval to phish out sensitive information. The security-threat claims have been toned down by Amazon.
T-Mobile discloses data breach after SIM swapping attacks
An American telecommunications provider reported a data breach in which an undisclosed number of customers had been affected by SIM swap attacks. These attacks allow bad actors to steal user credentials, take over their online service accounts, and more. This makes it the fifth data breach disclosed by T-Mobile during the last four years.
Malicious Firefox extension allowed hackers to hijack Gmail accounts
TA413 Chinese-linked APT group targeted several Tibetan organizations in a cyber-espionage campaign using a malicious Firefox extension designed to hijack Gmail accounts and deploy malware. The series of attacks lasted January through February, according to a Proofpoint report.
The Kroger grocery store suffered a data breach
Another Accellion-related victim, Kroger reported a data breach. The grocery store says no fraud or misuse of financial or personal information has been detected but out of caution, Kroger arranged to offer credit monitoring to all affected individuals at no cost to them.
Four new hacking groups are targeting critical infrastructure, Dragos warned
Cybersecurity researchers at Dragos identify four new hacking groups that have been targeting industrial systems mostly in the US and Europe in the past year. The groups named by the researchers as Stibnite, Talonite, Kamacite, and Vanadinite have links to the Sandworm group, Dragos reports.
Ukraine accuses Russia-backed hackers of hacking into web-based state document system
Ukraine’s National Security and Defence Council accused Russian hackers of planting malicious documents on the System of Electronic Interaction of Executive Bodies document system. Ukraine did not disclose whether any damage had been caused.