Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Google working to boost Android security, NSA sharing guidelines on securing home networks, lawsuits being filed against a ransomware breach, high-severity flaws in ACI components being addressed by Cisco, and much more.
- Google has been attempting to strengthen Android’s security at the firmware level, a section of the software stack that directly communicates with a system on a chip’s multiple processors.
- The National Security Agency (NSA) of the United States released guidelines to assist remote employees in protecting their devices against cyberattacks and securing their home networks.
- At least five proposed class action lawsuits were filed following a California medical group’s Feb. 1 revelation of a ransomware assault in December that affected more than 3.3 million people.
- Cisco notified customers that two high-severity vulnerabilities impacting parts of Cisco’s Application Centric Infrastructure (ACI) software-defined networking system are patchable.
- A severe remote code execution (RCE) flaw in Google’s Chrome web browser was fixed. When unpatched, it used to allow attackers to infect a victim’s computer with malware by fooling them into visiting a malicious website.
The Bad News
This week’s bad news includes WhiskerSpy malware being distributed through a trojanized codec installer, cyberattacks by Russia in Ukraine being increased significantly, privilege escalation weakness on Windows backup service being exploited by hackers, a data leak being acknowledged by Activision, Facebook & YouTube accounts being hijacked through new malware, fake ChatGPT apps being employed by hackers for spreading malware, customer data from an Australian store being exposed to a third-party leak, trojanized macOS apps being used by hackers for distributing evasive crypto mining malware, and much more.
- Security researchers discovered a new backdoor employed in a campaign by Earth Kitsune, a pretty new advanced threat actor that predominantly targets WhiskerSpy users interested in North Korea.
- The cryptocurrency exchange Coinbase revealed that the same hackers that attacked Twilio, Cloudflare, DoorDash, and more than a hundred other companies last year temporarily infiltrated its systems.
- Security experts found that the malware developers “Portugal” and “Brazil,” who released the packages “xhttpsp” and “httpssp” also published another 0-day attack in the PyPI (Python Package Index) packages.
- A new study from Google’s Threat Analysis Group (TAG) and Mandiant revealed that Russian cyberattacks on Ukraine grew by 250% in 2022 compared to 2021.
- Threat actors were seen abusing the Windows Backup and Restore service’s privilege escalation vulnerability. The flaw can be manipulated by a typical user to run arbitrary code on a computer and delete data from a designated storage location.
- Through unsecured access to Firebase, Google’s mobile application development platform that offers cloud-hosted database services, OyeTalk was discovered to be leaking unencrypted data.
- Activision admitted that a data breach occurred in the first few days of December 2022 due to hackers deceiving a worker with an SMS phishing text to get access to the company’s internal systems.
- Users of YouTube and Facebook were found to be the target of a persistent malware campaign that infects their computers with S1deload Stealer. It takes over their social media accounts and uses their devices to mine for cryptocurrencies.
- Over 15,000 spam packages flooded the npm repository in an ongoing attack on the open-source ecosystem to disseminate phishing URLs.
- The popularity of OpenAI’s ChatGPT chatbot is being misused by threat actors to spread malware for Windows and Android and to deceive unsuspecting users into visiting phishing websites.
- A security incident affecting My Rewards, a former third-party supplier to the Australian retailer The Good Guys, exposed customer data.
- Researchers uncovered an unknown threat actor using the PureCrypter downloader in an evasive threat campaign delivered over Discord that targets government organizations in the Asia-Pacific (APAC) and North American regions.
- Evasive crypto mining malware was deployed on macOS systems through trojanized versions of trusted applications. The video editing software Apple’s Final Cut Pro was found to be used to run the XMRig cryptocurrency miner.