Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Microsoft releasing patches for Azure weakness, QNAP patching a severe flaw in network surveillance products, Microsoft fixing NTLM relay zero-day, Intel patching critical vulnerability in the BIOS, and much more.
- Microsoft published security fixes to address a vulnerability in the Azure Synapse and Azure Data Factory pipelines that might allow attackers to execute remote instructions across the Integration Runtime infrastructure.
- Taiwanese manufacturer of network-attached storage (NAS) solutions, QNAP Systems, revealed fixes for a major vulnerability affecting some of its network surveillance devices.
- Microsoft fixed an actively exploited Windows LSA spoofing 0-day vulnerability. This flaw allows unauthenticated attackers to compel domain controllers to authenticate them using the Windows NT LAN Manager (NTLM) security protocol.
- Intel released updates for several vulnerabilities throughout its product line, including several high-severity flaws in the BIOS firmware of many processor models.
- Zyxel issued a patch to resolve a critical firewall OS command injection flaw in its devices that allows unauthenticated and remote attackers to execute arbitrary code.
The Bad News
This week’s bad news includes Caramel credit card theft gaining popularity, Android apps with Joker trojan resurfacing on Play Store, Anonymous NB65 hacking Russian Payment Processor QIWI, agriculture equipment manufacturer AGCO suffering a ransomware attack, destructive attackers aiming severe F5 BIG-IP weakness, cyber-espionage gang Bitter targeting Bangladeshi government, ElasticSearch servers exposing 579 GB of information, a data breach at the Oklahoma City Indian Clinic affecting 40,000 individuals, and much more.
- A credit card theft business is gaining pace, offering low-skilled threat actors a straightforward and automated way to enter the world of financial crime. This theft activity is run by CaramelCorp, a Russian cybercriminal gang.
- Security experts said they were able to build an attack for a severe remote code execution flaw impacting F5’s BIG-IP family of devices just days after the firm released a patch.
- A new set of trojanized apps has been identified that propagate the infamous Joker malware via the Google Play Store to affected Android devices. This malware is linked to billing and SMS fraud, as well as a variety of other malicious activities.
- Network Battalion aka NB65 gang got access to Qiwi’s databases for Operation OpRussia. QIWI is a Russian business that offers payment and financial services throughout Russia and the Commonwealth of Independent States (CIS).
- A malicious activity that placed malware in Windows event logs was uncovered by security experts. It is an approach that has never been officially documented for cyberattacks in the wild.
- Agriculture equipment producer AGCO alleges that its commercial activities were affected due to a ransomware attack. The company has initiated an inquiry, but many of its business activities will remain affected.
- Lincoln College, a liberal arts institute in rural Illinois, announced that it would close its doors later this month. It is happening for the first time in 157 years because of financial setbacks due to the COVID-19 pandemic and a recent ransomware attack.
- A database containing the personal information and login passwords of 21 million individuals was disclosed in a Telegram group. The data of VPN customers was also revealed in the breach, including VPNs like SuperVPN, GeckoVPN, and ChatVPN.
- A newly disclosed F5 BIG-IP flaw was exploited in destructive cyberattacks to attempt to erase a device’s file system and render the server inoperable.
- Due to a new campaign that leverages SMS and MMS to transmit the malware, the National Cyber Security Center of Finland (NCSC-FI) alerted about an upsurge in FluBot Android malware infections.
- A cyber-espionage APT group, Bitter, has been detected targeting the Bangladeshi government with new malware with remote file execution capabilities.
- An unknown company’s two misconfigured ElasticSearch servers exposed 359,019,902 (359 million) records. It is equal to approximately 579.4 GB of data.
- Researchers identified a massive campaign that injects harmful JavaScript code into thousands of compromised WordPress websites, leading users to scam pages and other malicious sites to create fake traffic.
- The Oklahoma City Indian Clinic (OKCIC) said that it had experienced a data breach that compromised over 40,000 people’s personally identifiable information (PII).
