Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Google taking measures to ax several fraudulent apps from the Play Store, the U.S. recovering funds from a North Korean hack on Kansas medical entity, Oracle releasing 349 new security fixes, Cisco addressing severe flaws in the Nexus dashboard, and much more.
- Numerous fake applications spreading the Joker, Facestealer, and Coper malware families through the online store will be removed by Google from its Play Store.
- In addition to the cryptocurrency used to launder the payments, the U.S. Department of Justice recovered nearly $500,000 in ransom payments made to North Korean hackers by a Kansas medical institution last year.
- In their July 2022 Critical Patch Update (CPU) announcement, Oracle stated that a total of 349 new security fixes had been made available. Out of them, 230 were for vulnerabilities that might be exploited by remote, unauthenticated attackers.
- Microsoft updated the Azure Storage SDK to address a padding oracle flaw in client-side encryption. The Azure Storage SDK includes all resources that Python, .NET, or Java developers require to create Azure apps.
- Patches for several Nexus Dashboard vulnerabilities, including one of critical severity that might allow arbitrary instructions to be executed, were made available by Cisco.
The Bad News
This week’s bad news includes hackers attacking VoIP servers with the help of Digium phone software, hackers attacking a travel-booking platform in India, Pegasus spyware being used in Thailand, the heat wave in the U.K. affected Oracle and Google Cloud services, hackers stealing 50,000 credit cards, Ukrainians being tricked with phony DoS Android apps, and much more.
- An attack operation designed to exfiltrate data by downloading and running additional payloads was carried out by dropping a web shell on the servers of VoIP phones running Digium’s software.
- Extortionists who write false reviews online and then promise to erase them in return for a gift card targeting restaurants and other dining venues.
- Cleartrip, one of India’s most well-known sites for booking travel disclosed a data breach after hackers allegedly posted the stolen information on the dark web.
- Thai activists taking part in the nation’s pro-democracy protests had their smartphones infected with the infamous Pegasus government-sponsored spyware. At least 30 individuals, including activists, academics, lawyers, and NGO staff members, were the target.
- Fortinet’s FortiGuard Labs intercepted a phishing email that was part of a phishing effort propagating a new QakBot variant. Since 2007, security experts have discovered and studied QakBot, a banking Trojan aka QBot, QuackBot, or PinkslipBot.
- The Frederick, Colorado police department announced looking into reports about the town government being a ransomware operation’s target. This announcement came after the LockBit ransomware gang added the town to its list of victims.
- Oracle Cloud and Google Cloud both experienced disruptions due to failing cooling systems at their respective data centers due to the continued heatwave in the United Kingdom.
- Two web-skimming attacks aimed at three online ordering systems resulted in the theft of over 50,000 payment card information from patrons of more than 300 eateries.
- The well-known mental health app Feelyou disclosed a platform flaw that allowed roughly 78,000 of its users’ email addresses to be made public. The issue was found while reverse engineering other mental health trackers and similar applications.
- More than 1.5 million automobiles have MiCODUS MV720 GPS trackers installed, and some unpatched security weaknesses in these devices might remotely halt essential operations.
- In order to perform distributed denial-of-service (DDoS) attacks against Russian websites, Russian threat actors used the current crisis with Ukraine to disseminate Android malware disguised as an app for pro-Ukrainian hacktivists.
- The latest victim of a hack was the Ukrainian radio station TAVR Media, which broadcasted a false message claiming President Volodymyr Zelenskyy is critically ill.