Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes an ex-Amazon worker pleading guilty in a 2019 data breach, Adobe Illustrator patches addressing multiple 0-day flaws, Google patching 14 vulnerabilities with the release of Chrome 103, NSA issuing an advisory to find and prevent suspicious activities on Windows devices, and much more.
- A 36-year-old former Amazon employee was convicted in the US of wire fraud and computer intrusions for her role in the Capital One breach of 2019 that resulted in the loss of personal information from more than 100 million customers.
- Multiple zero-day vulnerabilities were patched by security updates from Adobe. Two Illustrator plugins are the underlying sources of these flaws in different ways.
- With updates for a total of 14 vulnerabilities, including nine that were identified by outside researchers, Google released Chrome version 103 to the stable channel.
- System administrators were advised to use PowerShell to stop and identify malicious activity on Windows machines in an advisory released by the National Security Agency (NSA) and cybersecurity partner organizations.
The Bad News
This week’s bad news includes BRATA malware becoming a persistent threat, a data breach at an eye care software provider affecting millions of patients, Azure Front Door being employed in phishing efforts, Yodel parcel enterprise acknowledging the cyberattack, Chinese hackers attacking script kiddies, out-of-control scalper bots causing havoc in Israel, and much more.
- The bad actor behind the BRATA banking trojan has improved its tactics and given the malware features that allow it to steal information. The current operating method matches a pattern of Advanced Persistent Threat (APT) activities.
- User comments and sample uploads on the ID ransomware portal showed that the ech0raix ransomware has again started attacking unprotected QNAP NAS (Network Attached Storage) devices.
- Millions of people’s personal data may have been exposed to threat actors due to a data breach at Eye Care Leaders, a provider of practice management and electronic health record systems.
- Cybersecurity experts found an increase in phishing content served by Microsoft’s Azure Front Door (AFD), a cloud CDN service.
- Attempts to gain Microsoft Office 365 and Outlook credentials through fake voicemail campaigns were made on U.S. companies in the defense, security software, industrial supply chain, healthcare, and pharmaceutical industries.
- The Computer Emergency Response Team (CERT) of Ukraine alerted that hacking gangs from Russia are employing Follina code execution flaws in the latest phishing efforts to deploy the CredoMap malware and Cobalt Strike beacons.
- UK-based Yodel delivery firm services were disrupted due to a cyberattack causing delays in product delivery and online order tracking. The customer payment information was unaffected because it was neither stored on their systems nor handled by them.
- Over 1 million hospital patients nationally, including those receiving care at Indiana University Health, have had critical health and personal information compromised by unidentified attackers.
- A Parse Server software flaw resulted in the discovery of an authentication bypass affecting Apple Game Center. The open-source Parse Server project, available on GitHub, provides push notification support for iOS, Android, macOS, and tvOS.
- Chinese hacktivist gang “Tropic Trooper” uses the Nimbda loader and a new Yahoyah trojan variant to flood mobile devices of beginner threat actors with messages in DoS attacks.
- Aggressive ransomware operations led by affiliates of the Conti cybercrime gang succeeded in attacking over 40 businesses in a month.
- Emotet banking malware has been updated and may now access and use spreadsheets, documents, and other Microsoft software without being detected by entry security.
- In Israel, out-of-control scalper bots are causing havoc by creating public service appointments for government services and then selling them. Bot operators charged over $100 for meetings with different governmental bodies.
- A Mitel VoIP device was employed as an entry point for a suspected ransomware attack against an unnamed victim to achieve remote code execution and gain early access to the environment.