Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Amazon fixing a severe Android photos app flaw, Oracle patching Miracle Exploit vulnerability, Ukrainian police busting phishing gang, a U.S. FCC commissioner requesting the removal of TikTok, and much more.
- Amazon revealed on Tuesday that its researchers fixed a high severity flaw affecting the Amazon Photos Android app in December.
- Oracle patched the Miracle Exploit remote code execution (RCE) vulnerability that affected Oracle Fusion Middleware and many other Oracle systems.
- Ukrainian cyber police arrested nine accused members of a successful phishing gang that gained 100 million hryvnias ($3.4 million) by enticing locals with the promise of financial help from the EU.
- US Federal Communications Commission (FCC) asked Apple and Google to ban the video-sharing app TikTok from their app stores due to its history of deceptive data practices. The compromise of a significant number of people’s sensitive data would be avoided by its removal.
- KISA, a South Korean cybersecurity organization, had good news for Hive ransomware victims. It made a free decryptor available for versions 1 through 4.
The Bad News
This week’s bad news includes fake emails of copyright violation setting up LockBit ransomware, Vice Society admitting ransomware strike on the Medical University of Innsbruck, a steel manufacturer in Iran being affected by a cyberattack, ZuoRAT malware hijacking home-office routers, YTStealer attempts hacking accounts of YouTube content creators, Walmart denying being affected by a ransomware attack, and much more.
- The LockBit ransomware campaigners use a clever trick to convince people to let the malware infect their devices. They send emails accusing the recipients of downloading media files without consent and warn them against violating copyright.
- Various malicious Python applications that steal private information, such as AWS credentials, and transmit it to places that are openly accessible were discovered to reside in the PyPI repository.
- A cyberattack directed at the Medical University of Innsbruck caused a sizable IT service outage and a possible data loss. The ransomware gang Vice Society claimed responsibility for this attack.
- One of Iran’s largest steel producers said a cyberattack caused it to suspend operations. It was a huge attack on Iran’s strategic industrial sector and impacted two other plants.
- An Android banking malware named Revive impersonates the 2FA application used to access BBVA bank accounts in Spain. This trojan has a more focused strategy that targets the BBVA bank rather than customers of different financial institutions.
- Threat researchers at Kaspersky discovered that the ShadowPad backdoor targeted Pakistan, Afghanistan, and Malaysia’s manufacturing and telecommunications industries, as well as the port of Malaysia.
- Small office/home office (SOHO) routers have been targeted by the sophisticated attack on North American and European networks carried out by ZuoRAT, a previously unidentified remote access trojan (RAT).
- The biggest non-fungible token (NFT) marketplace, OpenSea, revealed a data breach and alerted users to potential phishing attempts in the coming days.
- China’s largest internet company Tencent confirmed a significant account hijacking attempt on its messaging and social networking platform QQ.com.
- New malware targeting YouTube content creators and stealing their login cookies was discovered. Intezer’s “YTStealer,” a service provided on the dark web, is disseminated through fake installers that also distribute RedLine Stealer and Vidar.
- A recently developed malware, Bumblebee, has become a critical component of ransomware attacks. It was associated with ransomware operations, including Conti, Quantum, and Mountlocker.
- The personal information of anybody who applied for a concealed-and-carry weapons (CCW) permit between 2011 and 2021 was made public on a California state website.
- Walmart denied that it was the target of a ransomware attack by the Yanluowang gang, which claimed to have done so. Walmart asserts that the allegations are unfounded and that its Information Security team monitors the systems 24/7.
- Microsoft warned that one of the most prevalent Android dangers, toll fraud malware, is evolving with characteristics allowing automated subscriptions to premium services.