Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes an Australian man being jailed for targeting people via SMS phishing scams, Dutch police arresting a cybercriminal, US authorities seizing the Hive ransomware gang’s servers, unregistered SMS senders to be labeled as “likely fraud” in Singapore, and much more.
- Four security flaws in vRealize Log Insight (also known as Aria Operations for Logs) that might allow remote code execution attacks were patched by VMware using the software.
- An Australian man who targeted 450 people with an SMS phishing scam and stole AU$100,000 ($69,751) was given a sentence of more than two years in prison.
- Dutch police detained a guy accused of obtaining personal information belonging to tens of millions of individuals worldwide and selling it on cybercrime forums.
- US officials accessed the Hive ransomware group’s servers. They obtained the keys needed to decrypt its attack software, leading to the seizure of its servers and over $100 million in extortion payments it collected from victims.
- In the near future, Singapore will classify SMS messages received by companies that are not listed in the local ID registry as spam.
The Bad News
This week’s bad news includes FanDuel being affected by a security breach, UK’s Arnold Clark car dealership being attacked by the PLAY ransomware group, Kronos malware reemerging with enhanced features, Zendesk being compromised because of a phishing attack, US Federal organizations being hacked through genuine remote desktop tools, over 4,500 WordPress sites being hacked, German airports and government bodies being cyberattacked, Bitwarden Password Vaults being targeted via Google Ads phishing campaign, and much more.
- Users of the FanDuel sportsbook and betting site were informed that a security breach at MailChimp in January 2023 exposed their identities and email addresses to the public.
- Pre-auth SQL injection, local file inclusion, and other critical-severity issues were present in the LearnPress plugin for WordPress online courses.
- Researchers who keep track of the North Korean hackers claimed that they are broadening their list of potential victims to include the government, education, and healthcare.
- Sensitive personal data was apparently stolen from UK’s renowned car dealership, Arnold Clark, and allegedly posted online by the PLAY ransomware group.
- Kronos malware, often used to download additional malware, reemerged with enhanced functionality. Also, threat actors have previously used it for sending other malware strains to victims.
- Lloyds bank, a major UK bank, issued a warning to customers about the increase of con artists who urge their victims to pay up ahead for a good or service that never arrives.
- A data breach occurred at Zendesk, a company that offers customer care solutions, due to hackers phishing employee login information. The crypto trading and portfolio management company, Coinigy, unveiled the incident.
- Local officials in Pakistan looked into the origin of the nationwide blackout and believed it was caused by a cyberattack. The outage occurred on Monday (January 23rd) and affected millions of people.
- CISA, the NSA, and MS-ISAC expressed concern that hackers are increasingly exploiting lawful remote monitoring and management (RMM) software for nefarious purposes.
- A massive campaign that has supposedly been going on since 2017 has purportedly affected over 4,500 WordPress websites. Obfuscated JavaScript infections are hosted on the malicious domain “track[.]violetlovelines[.]com.”
- A Russian hacker gang launched cyberattacks against the websites of German airports, government agencies, and financial sector companies.
- Several hundred people in West Africa were targeted by a malevolent effort posing as American financial advisors. Threat actors identified, researched, and contacted potential victims using professional network sites like LinkedIn.
- Bitwarden and other password managers are the subjects of Google Ads phishing attacks that seek to get users’ password vault credentials. Most password managers being cloud-based is one of the prime reasons for such incidents.
The Aurora Stealer malware was found to be impersonating popular programs to infect as many people as possible.
