Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Cisco releasing patches for enterprise NFVIS software vulnerabilities, the White House announcing policies to enhance cybersecurity, GitHub implementing new rules, Google addressing 36 security flaws, and much more.
- Cisco Systems provided security updates to address three flaws in its Enterprise NFV Infrastructure Software (NFVIS), which may let an attacker penetrate and operate the hosts.
- The White House announced policies to support quantum technology in the United States and steps to improve cybersecurity to combat the next generation of supercomputers.
- GitHub is implementing new rules for developers and two-factor authentication (2FA) security. They will be a part of a platform-wide effort to improve account security to safeguard the software ecosystem.
- As part of their May 2022 Android security updates, Google released patches for 36 vulnerabilities, one of which appears to have been exploited.
- Google announced plans to add password-less login functionality to Android and the Chrome web browser, allowing users to sign in effortlessly and securely across devices and websites regardless of platform.
The Bad News
This week’s bad news includes the return of the REvil ransomware gang, Mozilla discovering issues with mental health apps, Kellogg community college being affected by a ransomware operation, a Chinese cyber-espionage group attacking Asian telcos, Aruba and Avaya network switches being vulnerable to RCE attacks, State Bar of Georgia being targeted by cybercriminals, Ukraine’s IT army disrupting the alcohol delivery in Russia, and much more.
- The iconic REvil ransomware gang has resurrected, armed with new technology and a revised encryptor that enables more targeted intrusions. This group was shut down in October last year, led by the seizure of its Tor servers and arrests of its members.
- Security experts revealed that a phishing attempt by Russian hackers known as APT29 (Cozy Bear or Nobelium) targeted diplomats and government entities. Russia’s current geopolitical strategic aims determine the scope of its targets.
- Mozilla discovered a troubling lack of consideration for user security and privacy when investigating mental health and prayer apps. They frequently share data, enable weak passwords, customize advertisements to vulnerable individuals, and include vague and poorly stated privacy policies.
- After a ransomware strike over the weekend, Kellogg Community College suspended classes on Monday. The attack has resulted in continuous technological issues.
- The customer support centers and certain stores of the car rental company Sixt suffered because of a cyberattack. Following the attack, they restricted access to all IT systems except those crucial to continuing operations, such as its website and apps.
- Researchers discovered that Moshen Dragon, a Chinese cyber-espionage group, is engaged in malicious cyber activities to target telecommunication service providers in Central Asia.
- A new Advanced Persistent Threat (APT) group was discovered using IP cameras to infiltrate company networks and steal Exchange emails from employees involved in mergers and acquisitions.
- Docker Engine honeypots got hacked between February 27 and March 1, 2022, allowing two separate Docker images to be executed in a denial-of-service (DoS) operation on Russian and Belarusian sites.
- Five weaknesses in Aruba and Avaya network switches were discovered by security experts that may allow malicious actors to run malware on devices remotely.
- A zero-day vulnerability, known as ICS-VU-638779, in C standard libraries uClibc and uClibc-ng might allow a malicious actor to undertake DNS poisoning attacks against IoT devices.