Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Biden predicting US private sector may be attacked by Russian cybercriminals, Lapsus$ suspects being arrested, VMWare releasing fixes for severe vulnerabilities affecting the Carbon Black App Control platform, XSS vulnerability in Microweber being fixed, and much more.
- During a speech at the Business Roundtable’s CEO summit, President Biden claimed Putin was engaged in cyberattacks in Ukraine. He also predicted that Russia would strike the US with cyberattacks. The loss could be nil or minimum if the US private sector takes preventive measures in advance.
- VMware issued software patches to address two significant security flaws in its Carbon Black App Control platform that a hostile actor may exploit to execute arbitrary code on vulnerable Windows installations.
- The City of London Police announced that seven persons associated with the Lapsus$ data extortion ring had been arrested. They are suspects in Microsoft, Nvidia, and Okta hacks. The arrest happened after getting a hint that some gang members were going on vacation.
- Security experts found that Microweber, an open-source website builder and CMS, has a stored cross-site scripting (XSS) flaw. This vulnerability, identified as CVE-2022-0930, was fixed in Microweber version 1.2.12.
- Western Digital issued new My Cloud OS firmware to address a vulnerability that bug hunters used to gain remote code execution during the Pwn2Own 2021 hacking event.
The Bad News
This week’s bad news includes TransUnion’s South African business being affected by a data breach, Ukrainian researcher leaking data about Conti ransomware gang, BitRAT malware being spread as Windows 10 installer, Chinese hackers using the new “Hodur” malware, Anonymous hacker gang attacking the Central Bank of Russia, Morgan Stanley becoming a victim of social engineering attacks, and much more.
- The credit reporting company TransUnion discovered a data breach affecting its operations in South Africa. After discovering the breach, the impacted client’s access was suspended, and some services were turned off.
- The FBI warned about attacks on critical infrastructure in the United States using the AvosLocker malware. The advice includes indicators of compromise (IOCs) that network defenders may use to detect and stop AvosLocker ransomware attacks.
- In the act of vengeance, a Ukrainian researcher known as ‘Conti Leaks’ disclosed data and source code from the Conti ransomware gang. Around 170,000 chat messages were exposed, revealing what’s happening behind the scenes and who’s involved.
- Miratorg Agribusiness Holding, a Russian meat producer and distributor, was hit by a significant Windows BitLocker encryption attack.
- A new targeted email campaign aiming at French construction, real estate, and government organizations was found. It involved the Chocolatey Windows package manager for installing the Serpent backdoor on infected systems.
- A new BitRAT malware distribution campaign is currently in progress. The targets this time are users seeking to activate unlicensed Windows OS versions for free via illicit Microsoft licensing activators.
- JDC Healthcare Management (JDC), a dental and orthodontic care provider, revealed that a data leak last year exposed the personal information of over a million Texans.
- The internet search engine Censys revealed that QNAP devices were targeted in a fresh round of cyberattacks by DeadBolt ransomware.
- A Chinese APT, Mustang Panda, is linked with an active cyber-espionage campaign using hacked workstations running a previously unknown variant of PlugX RAT. The current version has been dubbed ‘Hodur’ by ESET.
- The Anonymous hacker gang hacked The Central Bank of Russia. They have plans to release 35,000 files very soon.
- Morgan Stanley Wealth Management, the wealth and asset management business of Morgan Stanley, disclosed that social engineering attacks led to the compromise of accounts of some of its clients.
- A cybersecurity researcher discovered a flaw in a system used by hotels in the Middle East that exposed personal data on millions of guests.
- Researchers have discovered that a new variation of the JSSLoader RAT is being used to distribute malicious Microsoft Excel add-ins. This malware has been linked to FIN7, dubbed ‘Carbanak,’ a financially driven Russian hacking gang.
