Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes CISA launching a prototype program for identifying exploitable ransomware vulnerabilities, highly severe flaws being addressed in the Chrome 111 update, the UK government announcing a plan to safeguard the NHS against cyberattacks, high-severity IOS software weaknesses being addressed by Cisco, and much more.
- The Ransomware Vulnerability Warning Pilot (RVWP) initiative was launched by the US CISA to proactively detect information systems that include security flaws associated with ransomware attacks.
- With the release of Chrome 111, Google patched eight vulnerabilities, including seven that were discovered by external researchers.
- The health and adult social care sector’s cyber security strategy laid out a roadmap to advance cyber resilience throughout the industry by 2030, safeguarding services and the patients they assist.
- Six of the ten vulnerabilities, including those with a “high severity” rating, were addressed in the semi-annual Cisco IOS and IOS XE software security advisory bundle.
- A patched version of the Windows 11 Snipping Tool that addresses the newly discovered “Acropalypse” privacy problem, which permits the partial restoration of clipped photographs, was being tested by Microsoft.
The Bad News
This week’s bad news includes the potential launching of significant 3.3 Tbps DDoS attacks by the new “HinataBot” botnet, Ferrari disclosing the exposure of customer data by a ransomware attack, a zero-day exploit leading to a theft of $1.5M from General Bytes Bitcoin ATMs, the “red pill” weakness in the Coinbase wallet allowing attackers to evade detection, PoC exploits for flaws in Netgear Orbi Router being revealed, rogue ChatGPT extension FakeGPT taking control of Facebook accounts, a new Android malware being discovered targeting customers of 450 financial institutions around the world, and much more.
- Realtek SDK, Huawei routers, and Hadoop YARN servers might all be targeted by a new malware botnet (HinataBot) that deploys devices into DDoS swarms.
- Microsoft and the Department of Health and Human Services Cybersecurity Coordination Center revealed that the BlackBasta and Killnet ransomware threat gangs actively targeted the healthcare industry and other key infrastructure sectors.
- The Italian manufacturer of sports cars Ferrari said that a threat actor requested a ransom in connection with customer contact information that could have been exposed in a ransomware attack.
- A significant supplier of Bitcoin ATMs, General Bytes, disclosed that hackers stole money from the company and its customers by taking advantage of a zero-day vulnerability in their BATM management platform.
- A new operation that uses several ShellBot malware variants was discovered to target poorly maintained Linux SSH servers.
- The Coinbase wallet and other decentralized cryptocurrency apps (dapps) were found to be susceptible to “red pill attacks,” a technique for hiding dangerous smart contract activity from security safeguards.
- Proof-of-concept exploits for weaknesses in the Netgear Orbi 750 series router and extender satellites, one of which is a high-severity remote command execution vulnerability, were disclosed.
- The threat gang tracked as REF2924 was spotted using malware that hasn’t been seen before in its cyberattacks against targets in South and Southeast Asia.
- It was discovered that a malicious variant of the trusted ChatGPT extension for Chrome, intended to hijack Facebook accounts, had thousands of downloads.
- A threat actor employing a malicious Android Trojan which has multiple capabilities for gaining control of online accounts and potentially draining money from them found targeting customers of 450 banks and cryptocurrency providers worldwide.
- A new credit card theft hacking campaign was discovered concealing its malicious code inside the WooCommerce Authorize.net payment gateway module, enabling the intrusion to go undetected by security scans.
- Researchers from Unit 42 were found monitoring a massive malicious JavaScript (JS) injection effort that drives users to websites hosting scams and adware. Websites are still infected by this threat in 2023 after being active in 2022.
