The good news
This week’s good news includes Microsoft fixing RCEs in the RDP client and Exchange Server, Android releasing fixes for 39 security flaws, SAP updating monitoring solutions to get rid of critical security flaws, and much more.
- Microsoft addressed 71 CVE-numbered flaws, including RCEs in the RDP client and Exchange server. However, none of the fixed weaknesses are actively exploited by attackers.
- Yaroslav Vasinskyi was extradited and arraigned on Wednesday. This hacker is accused of Kaseya Ransomware Attack and has also been linked with the Sodinokibi/REvil ransomware group.
- Android started the week by releasing fixes for 39 security vulnerabilities. The flaws were in the System component, Framework, Android runtime, and Media Framework.
- German software company SAP updated monitoring solutions to fix 12 new and 4 updated critical security flaws. These fixes will prevent complete system breaches or the alteration of settings and sensitive data.
- High-severity flaws in Omron’s PLC Programming Software have been fixed. When unpatched, the software from the Japanese electronics giant could’ve been exploited for remote code execution.
The bad news
This week’s bad news includes a data breach at Adafruit, threat actors using NVIDIA’s stolen code signing certificates, Indian companies’ stolen email addresses being used in phishing attacks against Ukrainians, TNAS devices having severe security weaknesses, Russian threat actors launching phishing attacks against several European entities, and more.
- US-based Adafruit disclosed a data breach because of a publicly available GitHub repository. This leak might have revealed information of specific users on or before 2019.
- Nowadays, stolen NVIDIA code signing certificates are being used for signing malware. Threat actors are doing so to make the malware appear trustworthy and install malicious drivers into Windows.
- As the conflict in Ukraine escalates, the China-linked TA416 intensifies its attack activity against European governments.
- CERT-Ukraine warned about new phishing attacks targeting Ukrainians. They exploit three different Indian firms’ stolen email accounts to access their inboxes and steal critical data.
- TerraMaster Network-Attached Storage (TNAS) devices have severe security flaws. If chained together, they might allow unauthenticated remote code execution with the highest privileges.
- Russia disclosed that unknown attackers hacked the stats widget used by numerous government institutions to count the number of visits, compromising some websites of Russia’s federal agencies in a supply chain attack.
- Mercado Libre, the Argentine e-commerce company, revealed unauthorized access to its source code. This incident exposed information about 300,000 Mercado users.
- An attacker might acquire control of a database and potentially steal sensitive information by exploiting a SQL Injection Flaw in the e-learning platform Moodle.
- Russian threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing attacks against Ukraine, Poland, and other European institutions during Russia’s invasion of Ukraine.
- MuddyWater, an Iranian state-sponsored threat actor, has been connected to a new wave of cyberattacks in Turkey and the Arabian Peninsula. It distributes remote access trojans (RATs) on infected PCs.
- The advanced BazarBackdoor malware is now sent using website contact forms rather than typical phishing emails to escape detection by security tools.
- UK ferry company Wightlink has been struck by a highly sophisticated cyber-attack that may have stolen the personal information of a limited number of customers and personnel.
- Cybersecurity researchers discovered that major software package managers contain multiple security flaws. If abused, they can allow a cybercriminal to execute arbitrary code and steal sensitive information.
- Severe flaws in the linked device management platform, Axeda, may expose over 150 IoT devices used by businesses to criminal takeover.
- After a cybercrime gang claimed to have stolen hundreds of gigabytes of source code from Vodafone, the telecom company initiated an inquiry.