CyberIntelMag's Threat report

Weekly Cyber Threat Report, February 28 – March 4, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

The Good News

This week’s good news includes Ukraine getting help from the “IT Army” to hack Russian entities, Cisco issuing patches to fix flaws in the Expressway Series and Cisco TelePresence VCS, details of now-patched GitLab vulnerability being released, and much more.

  • Ukraine has enlisted the assistance of a group “IT Army” of security professionals and hackers to conduct cyberattacks on 31 Russian targets, including critical infrastructure, banks, and government organizations.
  • Google declared that it is beefing up security measures to help safeguard Ukrainian people and websites following similar efforts by other internet firms in recent days.
  • Cisco issued patches to address serious security weaknesses in the Expressway Series and Cisco TelePresence Video Communication Server (VCS). They might allow a hacker to gain elevated access and execute arbitrary code.
  • On Wednesday, Maryland lawmakers unveiled a series of measures to bolster the state’s cybersecurity.
  • The details of a now-patched security weakness in GitLab are out now. If left unpatched, this flaw might have allowed an unauthenticated attacker to access personal data from afar.

 

The Bad News

This week’s bad news includes Swiss camera maker Axis suffering from cyberattack, security incident leading Bridgestone America to halt production, the most advanced backdoor being used by Chinese cyberspies, Ukraine being attacked by new data wiper, European officials receiving malicious emails, and much more.

  • Axis, the Swedish camera manufacturer, got hacked on February 20. The company said that investigation into the attack is not yet complete. They still haven’t discovered any evidence about the breach of any customer or partner data.
  • Bridgestone Americas “disconnected” many of its production and retreading activities after a potential cyber-attack on February 27.
  • The world’s largest satellite communications company, Viasat, claimed a hack disrupted internet connectivity for fixed broadband subscribers in Ukraine and elsewhere on its European KA-SAT network.
  • CISA, United States, issued an industrial control system (ICS) notice on multiple flaws affecting Schneider Electric’s Easergy medium voltage protection relays. If exploited, they may cause loss of protection to an electrical network.
  • Security experts have discovered Daxin, a China-linked stealthy backdoor designed primarily to deploy fortified corporate networks with improved threat detection capabilities.
  • Six months after the unique attack method was disclosed in principle, distributed denial-of-service (DDoS) attacks exploiting a new amplification technique dubbed TCP Middlebox Reflection were discovered for the first time.
  • A modern data wiper malware, IsaacWiper, was found on an undisclosed Ukrainian government network. It happened a day after severe cyberattacks battered the country before Russia’s military entry.
  • Visitors were deceived into supplying personal information to a large-scale phishing and scam operation involving over 200 eBikes phishing and scam sites. The scam was geared at an Indian audience with the help of Google Ads and SEO.
  • Multiple vulnerabilities in the Lansweeper IT asset management solution were uncovered by Cisco Talos, which might allow an attacker to run JavaScript or SQL code on the targeted device.
  • At least 30 university websites got hacked in a targeted attack, apparently in support of Russia’s invasion of Ukraine.
  • Malicious emails have been sent to officials at European government agencies using email accounts that seem to belong to Ukrainian military troops. UNC1151, a threat actor previously associated with Belarus and maybe Russia, carried out the attack.
  • Logan Health Medical Center in Montana, United States, alerted 213,543 patients, workers, and business associates that their personal and health data may have been accessed after a cyberattack on its IT systems.
  • The New York State Office of the Attorney General (NY OAG) warned victims of the T-Mobile data breach in August 2021 that they may be in danger of identity theft because some of the stolen information has been sold on the dark web.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Share: