Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Cloudflare blocking HTTPS DDoS attack, ‘DownThem’ DDoS service operator sentenced to two years in jail, Cisco addressing the flaws in its Secure Email and Web Manager, a hacker stealing nude pictures from iCloud sentenced to prison, and much more.
- A 26 million request per second distributed denial-of-service (DDoS) attack was successfully repelled by Cloudflare, an internet infrastructure company. It was the most powerful HTTPS DDoS attack yet.
- The operator of a controversial site that allowed customers to commit distributed denial-of-service (DDoS) attacks received a 24-month sentence.
- Cisco issued fixes for the Email Security Appliance (ESA) and Secure Email and Web Manager to resolve a serious security flaw that might let an unauthenticated, remote attacker circumvent authentication.
- Splunk, big data monitoring and search capabilities provider, issued a set of out-of-band fixes for Splunk Enterprise that address several issues, including a serious flaw that may lead to arbitrary code execution.
- After pleading guilty to conspiracy and computer crime in October 2021, a California guy who hacked thousands of Apple iCloud accounts received an eight-year sentence. He used to advertise himself as “icloudripper4you,” claiming to be capable of hacking iCloud accounts and stealing anything saved in the related iCloud storage.
The Bad News
This week’s bad news includes ransomware being deployed on Confluence servers, Chinese hackers employing PingPull malware, sensitive data being leaked from Uganda Security Exchange, health data of 69k people in the US being exposed in a data breach, Linux servers being infiltrated with crypto-miners, Anker Eufy Smart Home hubs susceptible to RCE attacks, and much more.
- Ransomware organizations are now targeting a recently patched and actively exploited RCE weakness affecting Atlassian Confluence Server and Data Center installations for first access to corporate networks.
- The Iranian state-sponsored cybercriminal Lyceum shifted to distributing a new custom .NET-based backdoor in the most recent efforts targeting the Middle East.
- Gallium, a Chinese APT, was spotted using a previously unknown remote access trojan (PingPull) in espionage attacks targeting companies in Southeast Asia, Africa, and Europe.
- The Uganda Securities Exchange (USE), also known as Uganda’s main stock exchange, leaked extremely sensitive financial and commercial data of its consumers and business organizations worldwide.
- A highly skilled threat actor, SeaFlower, has been targeting Android and iOS users to install backdoored apps that steal money from users by posing as reputable cryptocurrency wallet websites.
- Kaiser Permanente, one of the major not-for-profit health plans and providers in the United States, reported a data breach affecting approximately 69,000 patients.
- A novel side-channel attack, Hertzbleed, lets remote attackers gain complete cryptographic keys by detecting changes in CPU frequency permitted by dynamic voltage and frequency scaling (DVFS).
- A data breach at Comstar, a US ambulance billing provider, potentially exposed sensitive patient data. This incident occurred on March 26 when Comstar identified “strange behavior” relating to various servers in its environment.
- Panchan, a new peer-to-peer botnet that mines cryptocurrency on Linux servers, was found to have SSH worm capabilities, including dictionary attacks and SSH key abuse. This lets it spread fast from compromised network computers to susceptible ones.
- A threat actor known as ‘Blue Mockingbird’ exploited Telerik UI weaknesses to access servers, install Cobalt Strike beacons, and steal system resources to mine Monero.
- Safety Detectives, a product recommendation service, discovered that StoreHub, a Malaysian point-of-sale software vendor, had roughly a million customer records open on its Elasticsearch server.
- Montrose Environmental Group, a US-based provider of environmental services, stated that its laboratory testing activities were hampered by a ransomware incident last weekend.
- Three weaknesses were discovered in Anker’s primary smart home device hub, Eufy Homebase 2, one of which was a severe RCE flaw. All Anker’s Eufy smart home devices employ Homebase 2 as a video storage and networking gateway.
- QNAP released a new security advisory that encouraged users to secure their devices from the latest DeadBolt ransomware attacks. It advised updating NAS devices to the current firmware version and ensuring they are not vulnerable to remote access through the Internet.