Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes the first “rapid” security updates from Apple being released for iPhones, iPads, and Macs, Google and Apple working together to stop illegal location-tracking devices, a massive worldwide raid of the dark web drug industry securing over 300 arrests, Meta disrupting malware campaign that used ChatGPT as a scam to steal accounts, and much more.
- Apple released its first set of “rapid security” updates accessible to the public to swiftly address security flaws currently being exploited or represent a serious risk to its users.
- A proposed industry-wide protocol being developed by Apple and Google is intended to address safety concerns and warn consumers when they are being followed without their knowledge or consent using gadgets like AirTags.
- Authorities in Europe and the United States said that around 300 persons had been detained over the past year on suspicion of trafficking drugs on the dark web across three continents, including the United States.
- Meta revealed that it took action to stop over 1,000 malicious URLs using ChatGPT as bait to spread roughly ten malware families to be shared across its platforms.
- Over 40 vulnerabilities were fixed by Google’s Android security patches for May 2023, including a kernel weakness that a spyware vendor used as a zero-day attack.
The Bad News
This week’s bad news includes cybercriminals getting access to Windows devices through covert VNC, Bitmarck shutting down its internal and customer systems after a cyberattack, Ukrainian government being attacked by hackers via fake “Windows Update” guides, schools and colleges around the US coping with hacks and ransomware occurrences, cryptocurrency exchange Level Finance being hacked, 783K pediatric mental health patients being affected by the Brightline data hack, Royal ransomware attack impacting IT services in the city of Dallas, 600K installations of the new Android malware Fleckpe were seen on Google Play, and much more.
- A new malware named “LOBSHOT” spread through Google adverts allows threat actors to exploit hVNC to stealthily take control of infected Windows PCs.
- Beginning in July 2022, the North Korean threat actor ScarCruft started experimenting with using large LNK files as a distribution channel for the RokRAT malware.
- After a cyberattack, Bitmarck, a German supplier of IT services, shut down all of its internal and client systems, including whole data centers, in certain circumstances.
- Russian hackers were found allegedly sending phony emails to various government entities in Ukraine with instructions on how to upgrade Windows as a defense against cyberattacks.
- Hackers with ties to Russia claimed responsibility for the ransomware attack that affected the Australian business law firm HWL Ebsworth and stole staff and client data.
- The effects of ransomware attacks and other cybersecurity breaches were felt by thousands of students at many U.S. schools and colleges, like Bluefield University, BridgeValley Community and Technical College, and Penncrest School District.
- By exploiting a Level Finance smart contract flaw, hackers were able to take 214,000 LVL tokens from the decentralized exchange and convert them for 3,345 BNB, which is worth over $1,000,000 in total.
- Over a dozen Packagist products were hijacked by a researcher, some of which had hundreds of millions of installations over their existence.
- Brightline, a provider of pediatric mental health services, informed patients that it had a data breach that affected 783,606 individuals after a ransomware gang used a zero-day flaw in its Fortra GoAnywhere MFT secure file-sharing platform to steal data.
- The City of Dallas in Texas had to shut down parts of its IT systems due to a Royal ransomware assault to limit the ransomware’s progress.
- After AvidXchange was the target of ransomware for the second time this year, hackers released a trove of private information that was stolen from the payment software provider.
- An ongoing financial fraud campaign that uses a new web-inject toolset dubbed drIBAN was found targeting Italian business banking accounts since at least 2019.
- It was found that more than 620,000 people had downloaded “Fleckpe,” a new Android subscription malware, from Google Play.