Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes VMware fixing the vCenter server vulnerability, AWS fixing authentication vulnerabilities in Kubernetes, Microsoft addressing the 0-day vulnerability, Microsoft fixing several Azure Site Recovery vulnerabilities, Adobe issuing security fixes for multiple products, and much more.
- VMware released a fix for one of the impacted versions of vCenter Server. It happened eight months after a high-severity privilege escalation bug in the IWA (Integrated Windows Authentication) system was revealed.
- Three authentication flaws that might have allowed an attacker to elevate privileges within a Kubernetes cluster were resolved by AWS (Amazon Web Services).
- Microsoft issued its monthly set of Patch Tuesday fixes to tackle 84 new security issues spanning various product categories. The patches also address a zero-day flaw already actively exploited in the wild.
- Microsoft patched 32 flaws in the Azure Site Recovery suite that may have given attackers access to code execution or escalated privileges.
- Adobe published security patches for its products such as Acrobat and Reader, RoboHelp, Photoshop, and Character & Animator. These products’ unpatched versions include flaws that might provide an attacker access to vulnerable systems.
The Bad News
This week’s bad news includes Mangatoon data breach exposing the information of 23 million accounts, Bandai Namco being hit by a ransomware attack, Honda accepting that hackers can have access to its cars, new versions of the ChromeLoader browser hijacking malware being uncovered, Luna Moth data extortion gang stealing sensitive information from businesses, Indian students being targeted by Pakistani hackers, password recovery too infecting industrial systems, and much more.
- A hacker exposed information from 23 million user accounts on the comic reading website Mangatoon by accessing a misconfigured Elasticsearch database.
- Social media phishing scams are aggressively employing scare tactics and false claims of account abuse to force victims into providing their login information. Malwarebytes Labs found two phishing schemes that preyed on Discord and Twitter.
- The developer of Dark Souls, Elden Ring, and Soulcalibur, Bandai Namco, has apparently been targeted by a ransomware attack. Malware tracker vx-underground, also known as BlackCat, first reported the incident.
- Honda has admitted that leveraging a remote keyless entry technology could lead hackers to start some Honda vehicles’ engines and unlock their doors.
- Cybersecurity researchers found that the information-stealing malware known as ChromeLoader has undergone several modifications. They revealed how quickly its feature set has evolved.
- A new Android malware family, Autolycos, was downloaded by more than 3,000,000 people from the Google Play Store that discreetly subscribes users to premium services.
- A new data extortion gang, Luna Moth, has been using fake subscription systems to get into the organizations’ systems and steal sensitive information. The group has threatened to reveal the files to the public unless the victims pay a ransom.
- A new continuing phishing attack targeting students at numerous educational institutions in India since December 2021 has been attributed to the Pakistan-based advanced persistent threat (APT) organization Transparent Tribe.
- Several pieces of personal information, including official identity papers and images, are being attempted to be stolen from victims by a recently found phishing kit that targets PayPal customers.
- The record-breaking distributed denial-of-service (DDoS) attacks handled by Cloudflare last month (June) were caused by a new botnet called Mantis. After this, it is referred to as “the most powerful botnet to date.”
- Since September 2021, ransomware has been created and used in cyberattacks against small and medium enterprises by a new threat cluster (H0lyGh0st) with North Korean origins.
- A threat actor is compromising industrial control systems (ICS) to build a botnet using the password “cracking” software for programmable logic controllers (PLCs).
- Security experts discovered a large-scale operation that searched over 1.6 million WordPress websites for the existence of a faulty plugin that permits file uploads without authentication.
