Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Cloudflare stopping 71 million RPS DDoS attacks, Microsoft addressing three abused security vulnerabilities, high-severity flaws in Linux, Windows applications being fixed by Citrix, Intel issuing fixes for SGX flaws, and much more.
- Cloudflare stopped the most significant volumetric DDoS attack to date. Most cyberattacks peaked between 50 and 70 million requests per second (rps), with the biggest attack exceeding 71 million rps.
- Microsoft provided fixes for 75 CVE-numbered vulnerabilities in February 2023, including three actively used zero-day flaws (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823).
- Citrix released updates for critical flaws in Workspace applications for Windows and Linux, as well as in Virtual Apps and Desktops.
- Software Guard Extensions (SGX) from Intel was again in the news after the chipmaker announced numerous recently identified technological flaws and advised consumers to upgrade their firmware.
- Copilot is a programming helper from GitHub that produces real-time source code and function recommendations in Visual Studio. GitHub claims the improved AI model is now safer and more potent.
- Firefox 110 and Firefox ESR 102.8, with fixes for 10 high-severity vulnerabilities, were released by Mozilla.
The Bad News
This week’s bad news includes ransomware attacks on Technion University, Bahrain airport being targeted by hackers, new malware being used by RedEyes hackers to obtain data from mobile and Windows devices, Emsisoft certificates being impersonated by hackers to infiltrating its networks, diplomatic networks of South America being infiltrated by Chinese hackers, hacked Scandinavian airlines led to the passenger data breach, cloud infrastructure being abused by new WIP26 threat actor, and much more.
- A new ransomware group called “DarkBit” attacked Technion – Israel Institute of Technology. In addition to the demand for a $1.7 million payment, the DarkBit supplied ransom note had words criticizing tech layoffs and pushing anti-Israel propaganda.
- Blockchain researchers uncovered evidence that North Korean hackers (the Lazarus group) have found a means to get past U.S. sanctions to launder the cryptocurrency gains from their heists.
- Security researchers found another large collection of malicious packages on the npm and PyPI open-source registries. They may create problems if developers unknowingly download them.
- The APT37 threat group used the elusive “M2RAT” malware and steganography to target people for info stealing. The North Korean hacking group APT37, also known as “RedEyes” or “ScarCruft,” is said to be supported by the government.
- Hackers claimed to have knocked down the websites of Bahrain’s international airport and state news agency to commemorate the 12th anniversary of an uprising during the Arab Spring in the small Gulf nation.
- Sucuri researchers disclosed that around 11,000 websites were effectively attacked by a backdoor. The campaign has been active since September 2022, and January 2023 saw a spike in website infections.
- A hacker targeted customers of security products made by the cybersecurity firm Emsisoft by imitating the business and employing false code-signing certificates.
- A new elusive piece of malware known as Beep, made to sneak under detection and release additional payloads onto a compromised host, was discovered by cybersecurity experts.
- The ShadowPad remote access Trojan (RAT), often referred to as PoisonPlug, was observed being used by the state-sponsored threat actor DEV-0147 from China to attack diplomatic institutions in South America.
- Scandinavian Airlines (SAS) released a warning informing consumers that a recent multi-hour outage of its site and mobile app was caused by a cyberattack that also exposed client data.
- The ESXiArgs ransomware strain recently infected over 500 hosts in large numbers, the majority of which are based in France, Germany, the Netherlands, the United Kingdom, and Ukraine.
- A new threat actor WIP26 gained popularity for using Google Firebase, Microsoft Azure, Microsoft 365 Mail, and Dropbox for malware distribution, data exfiltration, and C2.