Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Screencastify fixing a webcam spy flaw, Interpol apprehending SilverTerrier cybercrime gang’s leader, Trend Micro addressing a weakness exploited by Chinese hackers, and much more.
- Screencastify, a Chrome plugin for recording and sharing videos, was susceptible to a cross-site scripting (XSS) flaw that allowed random websites to trick users into activating their cameras without their knowledge. When reported, Screencastify’s developers addressed the error within a day.
- After a year-long international investigation, the Nigeria Police Force apprehended the suspected head of the SilverTerrier cybercrime gang. This exercise was named Operation Delilah and resulted in the arrest of a 37-year-old Nigerian.
- Trend Micro Security was patched to fix a DLL hijacking weakness used by a Chinese threat organization to side-load malicious DLLs and distribute malware.
- A popular HTTP client for PHP applications, Guzzle, has been patched by its maintainers to fix a high-severity vulnerability that might lead to cross-domain cookie leaking.
The Bad News
This week’s bad news includes snake keylogger malware being embedded into MS Word docs via PDF attachments, the global food supply chain being threatened by malicious hackers, a cyberattack on General Motors exposing personal data of car owners, ransomware operation interrupting flights in India, ERMAC 2.0 Android malware infecting 467 apps, Canadian healthcare being affected by a data breach, and much more.
- Threat actors are using PDFs as a delivery mechanism for malicious macros that download and install data-stealing snake keylogger malware on victims’ systems.
- Turla, a Russian state-sponsored hacking group, was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College in a recent reconnaissance attempt.
- Hackers may be able to exploit flaws in “smart” agricultural devices used for planting and harvesting crops. John Deere, the agricultural manufacturing behemoth, said it is attempting to fix any software issues as soon as possible.
- General Motors reported that it had been the victim of a credential stuffing assault that exposed user information and allowed hackers to redeem rewards points for gift cards.
- The Python package Ctx was compromised on the Python Package Index (PyPI). Then, a malicious variant was installed, presumably to help the attacker get AWS credentials.
- SpiceJet, an Indian low-cost airline, warned passengers of a ransomware attack that damaged parts of its systems and caused flight delays. The airline’s IT team was able to thwart the attack, and operations are now back to normal.
- Smart cash registers are becoming vulnerable to ransomware attacks. The Israel National Cyber Directorate issued a warning about a new and widespread cyber ransomware operation on smart cash register software that is quite difficult to find.
- NightLion stole several datasets from the breach tracking site DataViper. One of the datasets belonged to MGM Resorts, and it had the personal information of 142 million clients. This dataset has been made available for free download on Telegram.
- The ERMAC Android banking malware has been upgraded to version 2.0. Now, the number of applications targeted has increased from 378 to 467, which means attackers can now steal account passwords and crypto wallets from more apps.
- ChromeLoader malware is experiencing a surge in activity. It’s a rogue Chrome browser extension usually distributed as ISO files via pay-per-install sites and baited social media posts that advertise QR codes for pirated movies and video games.
- A Canadian healthcare provider, Scarborough Health Network (SHN), issued an alert that a data breach following a server hack may have exposed patient health information.
- An anonymous hacker stole hundreds of Verizon workers’ complete names, email addresses, corporate ID numbers, and phone numbers. He succeeded after convincing an employee of Verizon to provide remote access to their corporate computer.