Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
From the good news:
This week, we’ve learned about Google’s new encrypted messages, new security features from tech giants, and more.
- On Tuesday, Google announced the rollout of earthquake alerts and end-to-end encrypted messages. “End-to-end encryption is available in one-on-one conversations between Messages users with chat features enabled,” the company said.
- Microsoft has announced improvements to Microsoft Defender for Endpoint that should help an organization’s remote workers with mobile devices to more securely access information from the corporate network. The enhancement can protect an organization’s managed app data for those who are using Intune to manage mobile applications.
- In response to the increasing number of attacks on the supply chain, Google has proposed a framework called the Software Artifacts System Architecture, or SLSA. Google describes SLASA as an end-to-end framework that aims to ensure the integrity of all software artifacts throughout the supply chain.
- Security researchers at Microsoft’s Defender 365 disrupted a massive email campaign designed to compromise business email accounts and took down the attackers’ cloud infrastructure. The attackers used a technique known as forwarding rules to trick unsuspecting users into opening suspicious emails.
From the bad news:
This week has brought reports about Ledger scam, Russia’s cyberattacks on Poland, new malware and vulnerabilities, and other important stories you can’t miss.
- Scammers are sending fake Ledger cold storage devices in an attempt to steal cryptocurrency wallets. The device comes in authentic-looking packaging, with a letter explaining that a new Ledger was sent to replace the existing one after customer information leaked online.
- A researcher discovered that a certain Wi-Fi network name causes a bug in iOS that will completely break your iPhone’s ability to connect to Wi-Fi. If an iPhone or iPad joins the network “%p%s%s%s%s%n,” the device can’t connect to Wi-Fi networks.
- Wegmans Food Markets, a major regional supermarket chain with stores in the mid-Atlantic and Northeastern regions, notified customers that their information was exposed after discovering that two of its databases were exposed on the Internet. After learning about a data breach, the company immediately hired a forensics firm to fix misconfiguration.
Russia’s telecommunications watchdog Roskomnadzor has banned the use of Opera VPN and VyprVPN “in accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content.” The Russian government classified two VPN services as threats.
The data of over 2 million customers of both Volkswagen and Audi was reportedly being sold online. The data breach took place last week. The company said that the leaked information compromised included phone and email addresses, and vehicle information.
The Korea Atomic Energy Research Institute said that its networks were breached by North Korean hackers using a remote access vulnerability. The Korea Atomic Energy Research Institute (KAERI) is a government-affiliated institution that conducts research related to nuclear energy.
Kaczyski, Poland’s deputy prime minister, said that the last week’s attacks on the officials’ email accounts were carried out by Russian hackers. The analysis revealed that “the infrastructure and modus operandi” were similar to those used in the operations carried out by the Russian-affiliated entities.
Law enforcers in Ukraine have arrested individuals involved in the Clop ransomware gang. They were apprehended through an operation conducted jointly with the US and South Korea. The National Police of Ukraine’s Cyberpolice Department stated that the ransomware group caused around $500 million worth of financial damages. Ukraine’s law enforcers shut down the group’s infrastructure and seized servers.
Unit 42 researchers described a new threat actor Matanbuchus and its infrastructure. Matanbuchus is a malware loader that can execute arbitrary code. It has already hit some victims in the US and Europe.
A known Middle Eastern APT has reemerged after two months of hiatus and has launched a series of attacks on organizations and governments in the region. Proofpoint attirbuted the campaign to a politically motivated actor, whom it tracks as TA402.
- Experts revealed that a state-backed military unit in China’s Xinjiang province carried out multiple attacks on government and private individuals in recent years. Since 2014, the PLA’s Unit 69010 carried out espionage campaigns against other countries with the intention of gathering military intelligence.
- REvil claimed responsibility for a ransomware attack on Invenergy, a US-based renewable energy company, which the company confirmed in a statement issued on Friday. The Chicago-based energy company said that its operations were not affected by the incident, and that it did not pay any ransom.