Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes QNAP fixing severe weakness used by hackers to inject malicious code, Denial-of-Service weakness in the Open5GS GTP library being addressed, Atlassian releasing patches to resolve an extreme security vulnerability in Jira Service Management Server and Data Center, VMware launching fixes for a Workstation vulnerability, and much more.
- Microsoft banned many fake, verified Microsoft Partner Network accounts for developing malicious OAuth applications that accessed enterprises’ cloud infrastructures to steal email.
- Customers of QNAP were advised to upgrade their QTS and QuTS firmware in order to remedy a severe security flaw that enables remote attackers to implant malicious code on QNAP NAS systems.
- A weakness called Denial-of-Service vulnerability in the Open5GS GTP library was patched in versions 2.4.13 and 2.5.7, released on January 14, 2023.
- Jira Service Management Server and Data Center had severe security flaws that have been fixed by Atlassian. An attacker might exploit these weaknesses to impersonate another user and access vulnerable instances without authorization.
- Users were alerted by VMware to the availability of fixes for a Workstation flaw that might be used by malicious hackers to escalate their privileges.
The Bad News
This week’s bad news includes hackers ruining Windows domains using a new SwiftSlicer wiper, JD Sports identifying the number of customers impacted by a data breach, cybersecurity professionals identifying packers used by various malware for avoiding detection, cryptocurrency scam applications affecting Google Play and Apple App Store, gaming and gambling sectors being targeted via a new type of cyberattack, IT experts revealing cybersecurity risks rounding ChatGPT, malware for evading antivirus being promoted through Google Ads, and much more.
- Security professionals discovered SwiftSlicer, a new malware that erases data. It makes an attempt to delete crucial Windows operating system files. This new malware, connected to Sandworm, was identified in a recent strike in Ukraine.
- Threat actors were found to be promoting Titan Stealer through their Telegram channel. It is a new Golang-based malware that steals information.
- News source WMDT47 revealed that Atlantic General Hospital in Maryland faced network failures and interruptions due to a recently-launched massive ransomware attack.
- JD Sports, a British sports clothing company with locations all over the world, revealed that Hackers stole data from roughly 10 million unique consumers. They may be in danger of fraud.
- On the Massachusetts island of Nantucket, four public schools with 1,700 children were forced to close on Tuesday due to a ransomware attack, per the superintendent’s email to parents.
- The operators of “pig butchering,” or high-yield investment fraud, discovered a way beyond the security measures in Google Play and Apple’s App Store, the official repository for Android and iOS apps.
- A shellcode-based packer known as TrickGate was found operating effectively and covertly for the past six years, allowing threat actors to disseminate malware such as TrickBot, Emotet, AZORult, Cerber, Agent Tesla, FormBook, Maze, and REvil.
- Check Point and Phylum issued a warning about newly discovered NPM and PyPI packages intended to steal user information and download extra payloads.
- A threat actor called InTheBox was found selling 1,894 web injects (phishing window overlays) on Russian cybercrime forums. They can be used to steal login information and sensitive data from banking, crypto exchange, and e-commerce platforms.
- The gaming and gambling industries were found to be the subject of a new cyberattack (known as Ice Breaker) since at least September 2022.
- A new study by BlackBerry found a majority (51%) of security leaders anticipating that ChatGPT would be at the center of a successful cyberattack within a year.
- A U.S.-based blockchain analytics company revealed that last year was the worst for crypto heists, with cybercriminals stealing as much as $3.8 billion, driven by attackers linked to North Korea who made more money than ever.
- Malware installers that exploit KoiVM virtualization technology were found to be distributing the Formbook data stealer to evade detection in an ongoing Google Ads malvertising effort.