The Good News
This week’s good news includes Microsoft developing a tool to detect TrickBot infections on MikroTik routers, Veeam releasing updates for two critical flaws, Apple patching at least 39 security flaws, a major weakness in CRI-O container engine for Kubernetes being fixed, and much more.
- The TrickBot group compromised MikroTik routers to use them as command-and-control servers. Network administrators can leverage Microsoft’s forensics tool ‘routeros-scanner‘ to evaluate MikroTik devices for TrickBot infection signs.
- The mitigations for a variation of the Spectre side-channel attack have been updated by AMD. Intel conducted research that led to the release of this upgrade.
- Veeam released updates for two significant vulnerabilities affecting Backup & Replication, a backup application for virtual environments.
- On Monday, Apple patched at least 39 security weaknesses in its core iOS/iPadOS platform. It warned that the most severe problems might lead to remote code execution attacks.
- CrowdStrike disclosed a significant flaw in the CRI-O container engine for Kubernetes, which might be exploited to exit the container and acquire root access to the host. This vulnerability was fixed in CRI-O versions 1.22.3, 1.21.6, 1.20.7, and 1.19.6.
- The Ukrainian Security Service (SBU) announced the arrest of a “hacker” who provided technical help to invading Russian soldiers by offering mobile cellular services within Ukrainian territory.
The Bad News
This week’s bad news includes the return of Android banking malware Escobar, video game company Ubisoft being hacked, Ukrainian networks being infected by CaddyWiper malware, insurance company being targeted through Instagram messages, several GoDaddy-hosted websites being hacked, a new RaaS family LokiLocker being discovered, data theft occurring at South African credit bureau, ASUS routers being targeted by a new botnet, and much more.
- The Android banking malware Aberebot has been renamed, Escobar. It now has more features, including the ability to steal Google Authenticator multi-factor authentication (MFA) credentials.
- Korean security experts identified a malware distribution operation on YouTube that uses Valorant cheat lures to trick gamers into downloading RedLine, a robust information stealer.
- The video game creator and distributor Ubisoft was hacked at the beginning of March. The gaming company’s games, systems, and services were all temporarily disrupted due to the hack. Now, the company has reset employee passwords.
- The Federal Office for Information Security (BSI) disclosed a cyberattack on the German unit of Russian energy giant Rosneft. The hacker gang Anonymous claimed credit.
- Data-deleting malware CaddyWiper was detected in attacks targeting Ukrainian businesses, erasing data across computers on compromised networks. Researchers disclosed that it deletes user data and partition information from connected drives.
- An anonymous attacker caused a data breach at the US health facility South Denver Cardiology Associates (SDCA). The medical information of over 287,000 patients was compromised in the leak.
- A botnet has been discovered that exploits Log4J and comms through DNS tunneling. It can turn Linux systems into an army of bots poised to steal sensitive data, install rootkits, build reverse shells, and act as web traffic proxies. B1txor20 is the name given to this newly-found malware.
- BlackBerry Threat Intelligence has discovered a new Ransomware-as-a-Service (RaaS) family, LokiLocker, and traced its origins to a possible beta release. This RaaS targets Windows systems.
- Researchers found a phishing attempt that used the look of Instagram technical support to steal login credentials from employees of a major life insurance company based in New York.
- Backdoor infections were found on hundreds of WordPress websites hosted on GoDaddy’s Managed WordPress service. The backdoor payload was identical on all of them.
- Recent research revealed that the malware known as DirtyMoe had developed new worm-like propagation properties that allow it to quickly spread without human intervention.
- A data theft occurred at one of South Africa’s largest credit bureaus, and the hackers sought $15 million in ransom.
- Threat researchers have found a previously revealed Unix rootkit used to obtain ATM banking data and perform fraudulent transactions due to the activity of LightBasin, a financially driven group of hackers.
- ASUS routers have been targeted by a new botnet Cyclops Blink nearly a month after it was revealed that the malware used WatchGuard firewall appliances as a stepping stone to gain remote access to penetrated networks.