Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
This week’s good news includes AstraLocker ransomware shutting down and issuing decryptors, Microsoft fixing ShadowCoerce vulnerability, Dutch university getting ransom money back, Apple previewing Lockdown Mode, Cisco addressing security issues in multiple products, and much more.
- A threat actor behind the AstraLocker ransomware revealed that they are ceasing operations and intend to transition to cryptojacking. A ZIP archive containing AstraLocker decryptors has been submitted to the VirusTotal virus detection service.
- Microsoft acknowledged that it patched a previously known “ShadowCoerce” vulnerability as part of the June 2022 updates. It allowed attackers to use Windows servers as a target for NTLM relay attacks.
- A Dutch academic institution (Southern Maastricht University) that was the target of a significant ransomware attack partially recovered its stolen funds, which have now increased in value by more than double.
- Apple offered information on a new, extreme security option dubbed Lockdown Mode for customers of Apple devices who could be subject to major, sophisticated digital attacks. It will be available this fall with iOS 16, macOS Ventura, and iPadOS 16.
- Ten security flaws affecting various products were patched by Cisco, one of which was given a Critical severity rating and may be used as a weapon to launch absolute path traversal attacks.
The Bad News
This week’s bad news includes Israel’s PPA confiscating hijacked servers of tourism companies, military entities of Bangladesh being hit by Bitter APT hackers, an NPM supply-chain attack impacting numerous websites, a community college in California experiencing a cyberattack, misconfigured Amazon S3 bucket exposing 3TB of airport data, QNAP issuing an alert on new malware, and much more.
- The servers hosting several travel booking websites were seized by Israel’s Privacy Protection Authority because the admin failed to fix security issues affecting more than 300,000 people to have their personal information compromised.
- The creators of the Hive ransomware-as-a-service (RaaS) scheme overhauled their file-encrypting software to completely migrate to Rust and adopt a more advanced encryption technique.
- The Fars News Agency of Iran disclosed that the Tel Aviv Metro’s servers and operating systems were the targets of a significant cyberattack. It later said that a business working on the Tel Aviv Metro’s development was targeted.
- An anonymous threat actor asked 10 bitcoins (approximately $195,000) for databases containing what they claim to be more than 22 GB of stolen information on around 1 billion Chinese citizens.
- An advanced persistent threat known as Bitter continued to target military organizations in Bangladesh with prolonged cyberattacks.
- A newly discovered and completely undetectable Linux threat, OrBit, has been unveiled by cybersecurity researchers, indicating a growing trend of malware attacks targeted at the well-known operating system.
- In an NPM supply-chain attack that began in December 2021, many malicious NPM modules with JavaScript code obfuscation were employed to compromise numerous websites and desktop applications.
- In Palm Desert, California, a 12,500-student community college (College of the Desert) experienced a cyberattack that shut down its phone lines and internet services.
- Since the start of the conflict in late February 2022, the TrickBot malware’s controllers have resorted to systematically targeting Ukraine in what is being called an “unprecedented” turn of events.
- Hotel industry giant Marriott International reported a second data breach after an unknown threat actor hacked into one of its facilities and stole 20GB of data.
- The risks of unprotected cloud infrastructure in the travel industry were highlighted by the 3TB of airport data (more than 1.5 million files) made publicly available, open, and without the need for authentication due to a misconfigured Amazon S3 bucket.
- Many malicious PyPI packages were found that either create new Remote Desktop user accounts on Windows computers or steal encrypted Telegram data from the Telegram Desktop client.
- Customers of network-attached storage (NAS) company QNAP were urged to safeguard their hardware from intrusions employing the data-encrypting Checkmate ransomware.
