Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The good news: This week’s good news includes Emsisoft issuing decryption tool for DeadBolt ransomware, UEFI vulnerabilities affecting millions of devices being fixed, Office 365 improving to mitigate the MITM attacks risk, ESET fixing a flaw that affects multiple versions of Windows 10 and Windows Server, and much more.
- Emsisoft has released a decryption tool for the DeadBolt ransomware. It works only if the victim has paid the ransom and got a key, and it resolves faulty decryptor keys supplied by threat actors.
- Insyde has fixed almost two dozen flaws in UEFI firmware code used by the world’s leading device makers. The bugs have been discovered by researchers at security firm Binarly. Insyde issued security advisories.
- Google released Chrome 98 in the stable channel on Tuesday, with a total of 27 security patches, including 19 for flaws reported by external researchers.
- To protect the integrity and security of Office 365 customers’ email communication, Microsoft has added the SMTP MTA Strict Transport Security (MTA-STS) functionality to Exchange Online.
- Fastly has patched an uninitialized memory leak HTTP/3 flaw in the H2O HTTP server project. Now, attackers may no longer steal random requests and responses from its nodes’ uninitialized memory.
- ESET released security upgrades to fix a high-severity local privilege escalation flaw that affects Windows 10 and later versions, as well as Windows Server 2016 and later versions.
The bad news: This week’s bad news includes hackers employing device registration tricks in phishing attacks against businesses, more attacks on Ukraine from Russia being found, hacker gang MuddyWater attacking Turkey, Intuit customers being targeted via phishing campaigns, and much more.
- Microsoft uncovered a multi-phased, large-scale phishing effort that uses stolen credentials to register devices on the victim company’s network. This spreads spam emails and increases the infection pool.
- Symantec revealed that the WhisperGate hack is not the only one launched by Russia against Ukraine. For years, Russian advanced persistent threat (APT) operators have waged a series of cyberattacks on Ukrainian targets.
- The FBI warned that cybercriminals (scammers) continue to exploit security flaws in job recruitment websites to post fake job postings in order to trick people into providing personal information or money.
- Researchers discovered a heap base buffer overflow bug (CVE-2022-0185) in the Linux kernel’s (5.1-rc1+) filesystem context function “legacy parse param” on January 18, 2022. An unprivileged attacker might use it to elevate their privilege to root, circumventing any Linux namespace constraints.
- Boston-based cybersecurity firm Cybereason revealed that an APT organization (Charming Kitten) had changed its malware toolkit to incorporate PowerLess Backdoor, a novel PowerShell-based implant. It includes modular, multi-staged malware that decrypts and distributes additional payloads in various stages for stealth and efficacy.
- The Iranian-backed hacking group MuddyWater has launched a new attack against Turkish businesses and government entities.
- WooCommerce skimmer steals credit card information of customers with the help of fake fonts and favicons.
- An unprotected Microsoft Azure blob holding more than 100,000 files from the British Council, including sensitive student information, was discovered on the internet.
- On August 01, 2021, Morley Companies Inc. revealed a data breach due to a ransomware attack. This incident allowed threat actors to acquire data before encrypting files.
- The cyber security experts at Walmart have dissected a new ransomware family, Sugar. It is readily available to cybercriminals as a RaaS (ransomware-as-a-service).
- With a new proprietary backdoor known as ‘xPack,’ Antilon, a Chinese APT actor, has been targeting banks and manufacturing firms. The malware was used in a campaign that lasted over 18 months and targeted people in Taiwan.
- Customers of Intuit, a provider of accounting and tax software, are being targeted by a phishing effort that imitates the company and attempts to attract victims with false account suspension notifications. The firm, however, has issued a warning.