Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes the New York Attorney General punishing a vendor for illegally promoting spyware, Eurocops deactivating the encrypted messaging application and detaining several people, CISA issuing a recovery script for victims of the ESXiArgs ransomware, apps and servers used by global phishing syndicate being uncovered by Hong Kong police, and much more.
- Patrick Hinchy and 16 of his businesses were penalized by the New York Office of the Attorney General for illegally selling malware.
- After a massive wave of raids throughout Europe recently, an encrypted messaging service on law enforcement’s radar since a 2019 raid on a former NATO bunker was shut down.
- A script to restore VMware ESXi servers encrypted by the recent, widespread ESXiArgs ransomware attack was made available by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
- An international phishing gang that employed 563 fake mobile applications to track people’s phones throughout the world and steal information was brought down by Hong Kong authorities.
- Many security vulnerabilities were fixed by the OpenSSL Project, including a high-severity problem in open-source encryption tools that may have exposed users to malicious attacks.
The Bad News
This week’s bad news includes new security flaws being found in EV charging stations, MKS instruments being the target of a ransomware attack, Microsoft OneNote files being used to distribute malware in novel QakNote cyberattacks, Dingo cryptocurrency’s backdoor enabling creator to steal almost everything, Graphiron malware being used by Russian hackers to obtain data from Ukraine, email of UK politician being hacked by threat actors from Russia, malware being pre-installed on Android mobile devices from top Chinese manufacturers, and much more.
- Two new security weaknesses were discovered in several Electric Vehicle (EV) charging systems, which might be used to remotely shut down charging stations and present them to data and energy theft.
- Sunlogin security flaws were found to be used by a new hacking effort to launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks and distribute the Sliver post-exploitation toolkit, which disables security software.
- Semiconductor equipment manufacturer MKS Instruments announced the ransomware incident one day after international security experts and national cybersecurity organizations were alerted about a global ransomware attack affecting thousands of servers using VMware ESXi.
- A security researcher could access private data due to a severe flaw in Toyota’s worldwide supplier management network’s online site.
- The largest healthcare organization in San Diego, Sharp HealthCare, reported that it has started informing 62,777 patients that part of their personal information was exposed due to a cyberattack on the servers hosting sharp.com.
- The “QakNote” variant of the unique QBot malware was recently observed in the wild. This campaign used infected Microsoft OneNote’ .one’ attachments to spread the banking malware onto systems.
- The creator of the Dingo Token, a cryptocurrency, built a backdoor into the code that allows them to charge up to 99% of the token’s value as a fee for each transaction.
- The Computer Emergency Response Team of Ukraine (CERT-UA) alerted about potential cyberattacks on Ukrainian governmental institutions using the authorized remote access program Remcos.
- A threat actor with links to Russia was observed using a new type of information-stealing malware in strikes against Ukraine. The malware goes by the moniker Graphiron.
- Any member who was signed in could view the email addresses and real-time transaction details for other users’ shared wallets because of a bug in the Money Lover financial app for Android, iOS, and Windows.
- Stewart McDonald, a Scottish National Party (SNP) member of the British Parliament, reported that his personal email account had been compromised by unknown threat actors from Russia.
- Scammers were found taking advantage of the increasing humanitarian situation in Turkey and Syria, stealing money by manipulating reputable websites like Twitter and PayPal.
- A recent study by academics from the University of Edinburgh and Trinity College Dublin revealed that the top Android handsets offered in China come pre-installed with malware.
