Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Microsoft releasing January 2023 patch Tuesday updates, Adobe fixing security issues in its primary products, the White House denying any cyberattack associated with the FAA outage, Chrome 109 addressing 17 flaws, and much more.
- A total of 98 security issues were fixed in Microsoft’s first Patch Tuesday updates for 2023, including one that the firm said is already being actively exploited in the wild.
- Adobe released its first round of security updates for 2023, fixing at least 29 security flaws in many enterprise-focused products.
- The White House said that the FAA systems breakdown on Wednesday forced officials to suspend all domestic flight departures, although there is “at this point” no evidence that a cyberattack was to blame.
- After receiving reports of 14 problems from outside researchers, Google released Chrome 109 on the stable channel with updates for 17 vulnerabilities.
- In its first wave of security warnings for 2023, Juniper Networks addressed hundreds of flaws that have been fixed in the company’s products.
The Bad News
This week’s bad news includes Russian hackers using outdated malware infrastructure for delivering new backdoors, Kinsing crypto malware affecting Kubernetes clusters, a British business that assists semiconductor manufacturing being attacked, over 1,300 phony AnyDesk websites promoting Vidar info-stealing malware, Gootkit malware attacks targeting Australian healthcare sector, active directory domain being infected in less than a day, old Intel drivers being employed by hackers for avoiding security, and much more.
- The surveillance and backdoor tools used by the Russian cyberespionage group Turla to infiltrate Ukrainian targets are being distributed via malware attack infrastructure that is ten years old.
- A data leak linked to a hacking issue at a Kansas-based gastroenterology vendor affected roughly a quarter of a million patients who had an intestinal investigation since 2019.
- Custom Android applications are now being used by online drug and other illicit substance markets on the dark web to boost anonymity and elude law enforcement.
- The threat actors behind the Kinsing cryptojacking operation were observed using unsecured and incorrectly configured PostgreSQL servers to get early access to Kubernetes configurations.
- Morgan Advanced Materials, a British firm that manufactures ceramic and carbon components used in the semiconductor manufacturing process, reported a cyber security issue to the London Stock Exchange.
- A trojanized version of the Telegram for Android app with a backdoor has been introduced to the phony Shagle chat app that the StrongPity APT hacking organization is spreading.
- A massive campaign employing over 1,300 domains to link to a Dropbox folder that distributed the information-stealing malware called Vidar is impersonating the official AnyDesk website.
- The Japanese division of international insurer Aflac disclosed that the personal information of more than three million users of its cancer insurance product had been published online.
- New Gootkit malware loader attacks targeted the Australian healthcare industry by using reliable tools such as VLC Media Player.
- A financially motivated threat actor known as Scattered Spider was observed trying to spread Intel Ethernet diagnostics drivers through a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection by EDR security solutions.
- In order to infect customers with malware that allows them complete control over their servers, hackers have been using a major weakness in the SugarCRM (customer relationship management) system for the past two weeks.
- In an IcedID malware attack, the threat actor used methods from ransomware gangs, like Conti, to achieve its objectives and was able to breach the Active Directory domain of an undisclosed victim less than 24 hours after initially acquiring access.
- Hackers were found actively exploiting the recently resolved critical vulnerability in Control Web Panel (CWP), a server administration application formerly known as CentOS Web Panel.
- Malicious Java archive (JAR) files are being used to spread remote access trojans like StrRAT and Ratty, demonstrating once more how threat actors are always coming up with new strategies to go undetected.