Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Siemens and Schneider Electric addressing more than 100 flaws, SAP issuing security updates that fix five severe vulnerabilities, Outlook zero-day exploit used by Russian hackers being fixed by Microsoft, Mozilla releasing Firefox 111 to address high-severity weaknesses, and much more.
- Over 100 vulnerabilities were fixed by Siemens and Schneider Electric with their March 2023 Patch Tuesday security bulletins.
- The software manufacturer SAP provided security fixes for 19 flaws, five of which are classified as critical, necessitating immediate application by administrators to reduce risks.
- Microsoft fixed an Outlook zero-day weakness (CVE-2023-23397) that was used to attack European firms by a hacker gang associated with Russia’s military intelligence service GRU.
- The cryptocurrency mixing service “ChipMixer,” allegedly used by hackers, scam artists, and ransomware gangs to launder their money, was seized by an international law enforcement operation.
- Mozilla released Firefox 111, which fixes several vulnerabilities, including some that might be quite severe.
- Microsoft developed a script to make patching a BitLocker bypass security vulnerability in the Windows Recovery Environment (WinRE) simpler.
The Bad News
This week’s bad news includes the Medusa ransomware gang gaining momentum by targeting global businesses, Lockbit claiming to stealing confidential blueprints through Maximum industries, a massive cyberattack hijacking East Asian sites and redirecting them to adult websites, SVB’s collapse attracting scam artists, Rubrik confirming data leak in GoAnywhere 0-day exploit, exfiltration malware gaining the main focus of cybersecurity worries, credentials and information belonging to government and energy organizations being stolen by YoroTroopers, mobile automated payment system being targeted by the Android banking trojan, and much more.
- The Medusa ransomware campaign was found gaining traction in 2023 and beginning to target multinational companies with million-dollar ransom demands.
- The Ukrainian developer of S.T.A.L.K.E.R. 2: Heart of Chornobyl, GSC Game World, claimed to have been hacked. It also said that the perpetrators threatened to extort money from the business.
- The ransomware group Lockbit claimed it got into Maximum Industries, a supplier of components to SpaceX, and stole 3,000 confidential blueprints created by Musk’s rocket scientists.
- A large-scale malicious cyber operation that drives viewers to adult-themed content was discovered infiltrating East Asian-targeted websites from the beginning of September 2022.
- Wymondham College, the largest public boarding school in the United Kingdom, stated that it had been struck by a “sophisticated cyberattack”. The school did not describe the specifics of the attack.
- Several researchers and security companies claimed that threat actors are actively and passively using phishing scams to look for SVB-exposed targets, including business email compromise (BEC) assaults and similar fake domains.
- Cybersecurity company Rubrik claimed that Fortra GoAnywhere’s secure file transfer platform has a zero-day vulnerability that was exploited to steal its data.
- Massive public data leaks are understandably alarming, but an increase in malware that steals data directly from devices and browsers was identified in the SpyCloud report to be a major factor in consumer vulnerability.
- A previously unidentified threat actor known as YoroTrooper was found conducting cyber espionage attacks on European governments, energy companies, and international organizations.
- Consumer credit company Latitude Financial reported being the target of a hacking attack and believing that 328,000 customer identification documents, including the license information of around 100,000 consumers, were stolen.
- As part of a rising trend among threat actors to exploit a new automated payment system in Latin America, an Android banking Trojan with the potential to send immediate illicit money transfers was found to target Brazilian banks.
- A new piece of malware created to load Cobalt Strike onto compromised machines was used by threat activity clusters connected to the Chinese and Russian online criminal ecosystems.
- A previously unknown malware variant that mines the cryptocurrency Monero on hijacked devices was thought to have been created by the crypto-jacking group TeamTNT.