Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Apple releasing an emergency update to fix a 0-day, NVIDIA fixing flaws in Windows GPU display drivers, updated VMware products addressing a critical authentication bypass flaw, CISA issuing advice to stop ongoing F5 BIG-IP attacks, and much more.
- Apple released security updates to address a 0-day vulnerability that can be used by cybercriminals to attack Macs and Apple Watch units.
- NVIDIA issued a security update that addresses four high-severity and six medium-severity flaws in Windows GPU drivers. The update addresses issues such as denial of service, information exposure, privilege escalation, code execution, and more.
- Customers were informed that a severe authentication bypass flaw “affecting local domain users” in various VMware products might be used to get admin rights. Users should immediately update their products to fix this vulnerability.
- CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint alert warning admins of current cyberattacks targeting a serious F5 BIG-IP network security flaw (CVE-2022-1388). Users can safeguard themselves by removing F5 BIG-IP management from the internet and enabling multi-factor authentication.
- The Spanish police arrested 13 persons and launched investigations into another seven for their involvement in a phishing operation that stole online bank passwords.
The Bad News
This week’s bad news includes vulnerability in Zyxel Firewalls & VPNs being exploited by hackers, researchers revealing that Tesla cars are vulnerable to hacking, Ukraine supporters in Germany getting infected with PowerShell RAT malware, Tatsu WordPress plugin being targeted by hackers, ransomware hitting American healthcare company, NAS devices being harmed by new deadbolt ransomware attacks, Russian Sberbank experiencing massive DDoS attacks, and much more.
- Hackers exploited a newly resolved flaw, CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. It lets a remote attacker inject arbitrary commands without requiring authentication, allowing for the creation of a reverse shell.
- Visitors to a fake Pixelmon NFT site are enticed with free tokens and collectibles, but they are also infected with malware that steals their cryptocurrency wallets.
- The Parker-Hannifin Corporation disclosed a data breach that compromised employees’ personal information after the Conti ransomware gang began uploading allegedly stolen material last month.
- Hackers may remotely open millions of digital locks throughout the world, including those on Tesla automobiles, by exploiting a Bluetooth technology weakness.
- Mysterious threat actors are attacking German users worried about the Ukraine crisis with a custom PowerShell RAT (remote access trojan) and gathering their information.
- Hackers are aggressively exploiting a remote code execution weakness (CVE-2021-25094) in the Tatsu Builder plugin for WordPress, used on about 100,000 websites.
- UpdateAgent, a new kind of macOS malware, has been spotted in the wild, indicating that its creators are continuously working on expanding its capabilities.
- Omnicell, a multinational corporation based in Mountain View, California, revealed that it had suffered a data breach due to a purported ransomware attack that impacted internal systems.
- QNAP, Taiwanese network-attached storage (NAS) provider, issued a warning to customers about ransomware strikes using the DeadBolt payload.
- Media giant Nikkei said a ransomware attack was launched against its Singapore headquarters. The company said that unauthorized access to the server was first identified on May 13, prompting an internal inquiry.
- Hackers may now remotely open and operate cars, get past smart locks in houses, and access secured zones because of a new Bluetooth relay attack. The issue is caused by flaws in the current Bluetooth Low Energy implementation (BLE).
- SentinelLabs security researchers discovered a software chain supply attack intended at Rust developers, including malware designed to compromise GitLab Continuous Integration (CI) pipelines.
- Sberbank, Russia’s banking and financial services company, has been hacked at an unprecedented level. The bank was targeted by the largest distributed denial-of-service (DDoS) attack in its history.