Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Owl Labs fixing a severe flaw in video conferencing tools, Atlassian issuing patches for the 0-day vulnerability in Confluence, users getting control over data sharing for IoT devices, Google addressing many vulnerabilities via June 2022 update, and much more.
- The video conferencing firm, Owl Labs, provided fixes for a serious vulnerability in its Meeting Owl Pro and Whiteboard Owl equipment. This action happened after security researchers identified and warned about multiple flaws in Owl’s devices.
- Atlassian issued fixes for its Confluence Server and Data Center products, which address a serious security flaw (CVE-2022-26134). Now, threat actors can’t exploit it for remote code execution.
- The 0patch platform published free unofficial fixes for a new Windows zero-day vulnerability (DogWalk) in the Microsoft Support Diagnostic Tool (MSDT).
- A newly developed privacy-sensitive framework aims to enable developers to create smart home apps that address data-sharing concerns while still providing users control over their personal information.
- Google disclosed that the June 2022 Android updates fix a total of 40 vulnerabilities, including many classified “critical.”
The Bad News
This week’s bad news includes Bored Ape Yacht Club and Otherside NFTs being stolen, Mandiant not having any evidence of a hack by LockBit, hackers targeting phones of Ukrainian officials, US alleging Chinese hackers for breaching telecom networks, hijacked CCleaner search results spreading malware, Emotet malware stealing credit card data, and much more.
- After the Yuga Lab’s Bored Ape Yacht Club and Otherside Metaverse Discord services were hacked to conduct a phishing campaign, hackers reportedly obtained over $257,000 in Ethereum and 32 NFTs.
- A cyberattack on southern Italy’s Palermo impacted various activities and services for inhabitants and visitors. Despite the attempts of local IT professionals to restore the systems, all services, public websites, and online portals were down.
- US cybersecurity company Mandiant investigates claims made by the LockBit ransomware group that they breached the company’s network and took data. Currently, Mandiant lacks evidence that supports LockBit’s claims.
- According to a cybersecurity official, hackers have targeted the phones of Ukrainian officials as Russia continues its invasion of Ukraine.
- A chained zero-day vulnerability uncovered by security researchers might expose all user data in the backend of Yunmai Smart Scale‘s companion mobile app.
- The Black Basta ransomware gang linked up with the QBot malware operation to spread laterally across penetrated company networks. QBot harvests bank and domain credentials and distributes additional malware payloads to infected systems.
- Many US federal agencies reported that Chinese threat actors have targeted and infiltrated critical telecommunications and network service providers to obtain credentials and gather data.
- A faulty Microsoft Azure server exposed 30GB of personal and educational details of thousands of students from India and Israel. Myeasydocs, an online data verification company in Chennai, India, owns the exposed server.
- SVCReady, a malware loader, has been discovered in phishing attempts. It employs a novel technique of loading malware from Word documents onto victim devices.
- Using search results for a pirated copy of the CCleaner Pro, malware that steals passwords, credit cards, and cryptocurrency wallets are being sold. This new malware propagation operation is called “FakeCrack.”
- The Emotet botnet now has a credit card stealer module that gathers credit card data from Google Chrome user profiles to infect potential targets.
- Malicious actors are reworking their previous Magento credit card theft malware, Smilodon, to target WordPress. They act as credit card skimmers and webshells in websites running WordPress and WooCommerce.
- Researchers identified a large-scale phishing effort that used Facebook and Messenger to trick millions of individuals into entering their account information and viewing advertisements on phishing pages.
- A decryptor for the latest ransomware is being sold using the Roblox online kids gaming platform’s in-game Robux currency, which is a one-of-a-kind approach.
