Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Wago PLCs receiving updates for severe weaknesses exploited by hackers, March 2023 updates of Android addressing more than 50 flaws, SANS and Google establishing an academy to promote cloud security and workforce diversity, Netwire RAT malware infrastructure being seized by the police, and much more.
- Updates were released for various programmable logic controllers (PLCs) by the German industrial automation solutions provider Wago to address four vulnerabilities, including one that may be exploited to take complete access to the target device.
- Google addressed over 50 issues as part of the March 2023 security fixes for the Android platform. Two RCE issues in the System component were the most severe of these.
- The SANS Institute and Google launched a new academy with an emphasis on offering scholarship-based training for underrepresented groups to help address the skills gap in cloud security.
- A global law enforcement operation resulted in the detention of the alleged administrator of the NetWire remote access malware and the seizure of the service’s web domain and hosting server.
- Veeam released updates for a critical flaw in its Backup & Replication product that might expose user credentials.
The Bad News
This week’s bad news includes FiXS ATM malware attacking Mexican banks, malware being distributed through old Windows Mock Folders, hackers stealing several GB of corporate and employee data, Sys01 Stealer malware targeting government employees, a weakness in Toyota Management Platform revealing customer data, unfixed SonicWall devices being the target of purported Chinese cyber spies, UNC2970 North Korean hackers increasing activity with new malware, and much more.
- Mexican banks have been targeted by the FiXS ATM malware spread since February 2023. This Windows-based malware requires input from an external keyboard, but it is also vendor-neutral and can infect ATMs accepting CEN/XFS.
- Many DJI drones were found to have significant security flaws that may allow users access to change key drone identification information like the serial number.
- With the help of an outdated Windows User Account Control bypass found more than two years ago, a new phishing campaign targeted businesses in Eastern European nations with the Remcos RAT malware.
- The blockchain game Sandbox alerted its community that a security breach resulted in some players receiving phony emails pretending to be from the game and attempting to infect them with malware.
- Hackers stole many gigabytes of company and personnel data in a cyberattack that the controversial Brazilian multinational Andrade Gutierrez apparently still hasn’t recognized.
- After a three-month hiatus, the Emotet malware organization resumed spamming dangerous emails, rebuilding its network, and infecting devices all over the world.
- Endpoint security provider Morphisec provided information on a data thief (Sys01 Stealer malware) found targeting the Facebook accounts of important people in the government infrastructure.
- Despite the common misconception that cloud infrastructure is impenetrable to cyberattacks, hackers are swiftly discovering vulnerabilities in it.
- A severe flaw in the customer relationship management (CRM) system used by Toyota Customer 360 gave a security researcher access to the private data of the company’s customers in Mexico.
- A Chinese threat actor known as Sharp Panda was found to be conducting a cyber espionage operation against prominent government organizations in Southeast Asia since last year.
- Mandiant revealed that suspected Chinese cybercriminals targeted unfixed SonicWall gateways and are infecting the devices with malware that steals credentials and survives firmware updates.
- The CISO of Swiss cybersecurity company Acronis confirmed a system compromise but said that just one client was affected and all other data was secure.
A spear-phishing effort targeting U.S. and European media and technology firms was discovered to use previously unidentified malware families. This activity has been carried out by a North Korean espionage gang known as UNC2970 since June 2022.