Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
The Good News
This week’s good news includes the U.S. banning several organizations supporting Russian cyber operations, the MortalKombat ransomware decryptor being released by Bitdefender, critical flaws being fixed in ThingWorx and Kepware IIoT products, Aruba Networks addressing severe weaknesses in ArubaOS, and much more.
- The U.S. Department of the Treasury unveiled a new set of penalties against several organizations allegedly aiding the Kremlin, including its cyber activities.
- A new decryptor for the MortalKombat ransomware can be downloaded right now. Bitdefender has been watching the MortalKombat ransomware family since it first surfaced online in January of this year.
- Many PTC’s industrial IoT (IIoT) software solutions were vulnerable to two serious security flaws that might allow remote code execution and denial-of-service (DoS) attacks. However, the vulnerabilities are addressed now.
- Six critical-severity vulnerabilities affecting different versions of ArubaOS, the company’s proprietary network operating system, were disclosed in a security alert that Aruba Networks have now addressed.
- The long-awaited national cybersecurity policy of the Biden administration was released by the White House. The issues and risks the United States faces and the top priorities for tackling them are described in it.
The Bad News
This week’s bad news includes IoT vendors being criticized for the slow adoption of disclosure programs, CISA warning on active exploitation of the Z.K. Java Web Framework flaw, ChromeLoader malware targeting gamers, Cryptocurrency companies being targeted with sophisticated injection methods, Dish Network facing multi-day outage because of a ransomware attack, misconfigured Redis database servers being employed in a new cryptojacking effort, Gitpod weakness demonstrating the necessity for security evaluations in cloud-based development environments, GootLoader and FakeUpdates malware being used by cybercriminals for attacking law firms, and much more.
- IoT Security Foundation’s latest annual report revealed that with only 27.1% of suppliers having a vulnerability disclosure policy, IoT firms are making little progress in making it convenient for security experts to report security flaws.
- Many crucial Colombian sectors were the focus of a recent campaign launched by the threat actor known as Blind Eagle.
- LastPass reported that an ongoing cyberattack stealing corporate data from the cloud storage resources involved one of its DevOps engineers’ personal home computer being compromised and infected with keylogging malware.
- Based on the proof of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity vulnerability affecting the Z.K. Framework to its Known Exploited Vulnerabilities (KEV) list.
- Virtual hard drive (VHD) files were observed to be used in a new ChromeLoader malware operation that deviates from the ISO optical disc image format.
- It was found that cryptocurrency businesses were being targeted as part of a recent operation that disseminates a remote access malware known as Parallax RAT.
- The R3NIN sniffer, an emerging threat to online shoppers, was found by cybersecurity experts at Cybel. When users make purchases on compromised e-commerce websites, it obtains their credit card information and other personal information.
- Dish Network disclosed that a ransomware attack caused the multi-day network and service outage. Customers also expressed dissatisfaction at being unable to call the company’s call center.
- An ongoing multi-channel phishing attack aimed at tricking users into allowing access to their wallets was recognized by cryptocurrency hardware company Trezor.
- Gitpod, a well-known cloud development environment (CDE), was found to have a vulnerability that would let attackers carry out complete account takeover and remote code execution (RCE).
- A new cryptojacking attack was found to target misconfigured Redis database servers, taking advantage of a reliable, open-source command-line file transfer tool.
- Hackers acquired the personal data of approximately 140,000 clients from the company’s Fortra GoAnywhere MFT secure file-sharing platform, enabling Hatch Bank, a fintech banking platform, to declare a data breach.
- Cloud security startup Wiz warned about a widespread redirection effort in which authentic FTP credentials were used to attack thousands of websites targeting East Asian audiences.
- In January and February 2023, six different law firms were the targets of two distinct attack campaigns that disseminated the malware variants GootLoader and FakeUpdates (aka SocGholish).