Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes US President Biden issuing an order to ban commercial spyware, a Nigerian BEC scammer being imprisoned in the US, account takeover flaws in ChatGPT being patched by OpenAI, Microsoft updating the Azure Cloud Service to fix a dangerous RCE vulnerability, and much more.
- US President Joe Biden signed an executive order banning the US government from using commercial spyware that might endanger national security.
- A Nigerian individual who participated in a business email compromise (BEC) fraud scam was given a four-year and one-month jail sentence in the US.
- The creator of ChatGPT OpenAI addressed a number of critical flaws that may have let attackers hijack user accounts and view conversation logs.
- New guidelines were released by the US Food and Drug Administration (FDA) staff to improve the cybersecurity of internet-connected devices used by hospitals and healthcare professionals.
- Researchers described a flaw in Microsoft’s Azure Service as “dangerous,” but the company corrected the issue. If exploited, it would have let a bad actor operating in an unauthenticated manner run code on a container hosted on the platform.
The Bad News
This week’s bad news includes Emotet malware spreading in the form of W-9 tax forms, three versions of IcedID malware being found, a novel MacStealer macOS malware stealing iCloud keychain data and passwords, an error in the Wi-Fi protocol enabling attackers to control network traffic, Russians being the intended targets of trojan-infected crypto-stealing malware, researchers discovering new Linux malware linked with Chinese APT gangs, Windows and Linux systems being targeted with the KEYPLUG backdoor, 3CX acknowledging supply chain attack, and much more.
- A new Emotet phishing attack was found to be posing as W-9 tax forms sent by companies and the Internal Revenue Service to target taxpayers of America.
- According to a technical analysis of the NullMixer malware campaign, Italy and France are the attackers’ preferred European nations.
- Despite sharing the same code basis, three new variations of the banking Trojan known as IcedID were seen in the wild. Security researchers named them Standard, Lite, and Forked IcedID variants.
- A new type of information-stealing malware (MacStealer) was developed to steal private data from infected computers that target Apple’s macOS operating system.
- Following a data breach at the file transfer provider GoAnywhere, Crown Resorts stated that a ransomware gang contacted them and claimed to have access to certain files.
- Cybersecurity researchers found that the IEEE 802.11 Wi-Fi protocol standard has a fundamental security weakness that allows attackers to deceive access points into exposing network packets in plaintext.
- A surge in trojanized Tor Browser installations that hijack clipboards to collect cryptocurrency transactions hits Russians and persons in Eastern Europe.
- Two “limited and highly targeted” spyware operations using zero-day flaws and unpatched security gaps to compromise defenses on Android and Apple iOS devices as well as Google’s Chrome browser were found by Google’s Threat Analysis Group.
- Taiwanese hardware provider QNAP advised customers that they should protect their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability.
- An alleged Chinese state-sponsored hacking group was linked to a new piece of malware (Mélofée) that targets Linux computers. Three instances of this malicious software have been discovered in the past.
- Threat actors can search for misconfigured servers to steal authentication keys and passwords for cloud-based email services using a new modular toolkit dubbed “AlienFox.”
- The usage of a unique Windows and Linux backdoor named KEYPLUG was linked to a Chinese state-sponsored threat activity organization known as RedGolf.
- Business communication solutions provider 3CX said it is looking into a security problem as the cybersecurity community continues releasing more information on what seems to be a sophisticated supply chain attack.
- TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan announced a data breach that compromised the personal information of 4,822,580 customers.
