Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes government agencies being ordered by CISA to fix iPhone flaws used in attacks, Google starting a bug bounty program for its Android apps, AT&T fixing vulnerability allowing account takeover using a phone number and ZIP code, D-Link patching auth bypass and RCE flaws in D-View 8 software, and much more.
- According to a directive from the U.S. Cybersecurity & Infrastructure Security Agency (CISA), three newly patched zero-day vulnerabilities affecting iPhones, Macs, and iPads that are known to be exploited in attacks must be fixed.
- The Mobile Vulnerability Rewards Program (Mobile VRP), a new bug bounty program from Google, will compensate security researchers for vulnerabilities discovered in the firm’s Android applications.
- With merely a person’s phone number and ZIP code, anybody could have taken control of that person’s ATT.com account until AT&T addressed the issue.
- In its D-View 8 network management software, D-Link patched two critical-severity flaws that could have let remote attackers skip authentication and run arbitrary code.
- All Google Cloud users now have access to Google’s Automatic Certificate Management Environment (ACME) API, which enables them to automatically get and renew TLS certificates at no cost.
The Bad News
This week’s bad news includes Android phones being vulnerable to brute-force fingerprint attacks, AWS being exploited by Indonesian cybercriminals for profitable cryptocurrency mining operations, food distributor Sysco asserting that a cyberattack exposed 126,000 people, Microsoft IIS servers being the target of the North Korean Lazarus Group’s espionage malware attack, Middle Eastern and South Asian governments being attacked by a new threat gang, Iranian tortoiseshell hackers attacking logistics sector in Israel, Brazilian hackers attacking financial institutions in Portugal, DDoS attacks launched by Dark Frost botnet against gaming industry causing devastating damage, and much more.
- Researchers at Zhejiang University and Tencent Labs created the “BrutePrint” attack, which brute-forces fingerprints on smartphones to thwart user authentication and take control of the device.
- One month after the Royal ransomware group claimed credit for the attack and employed a blatant extortion method, Clarke County Hospital reported that it had experienced a data breach.
- An Indonesian threat actor with financial motivations was seen using Elastic Compute Cloud (EC2) instances from Amazon Web Services (AWS) to conduct unauthorized crypto mining activities.
- Food distributor Sysco Corporation informed over 126,000 consumers that their personal data may have been compromised due to a recent hack.
- After being the target of a cyberattack, the Suzuki motorbike production facility in India was forced to close.
- As part of a reconnaissance and data exfiltration operation, the North Korean advanced persistent threat (APT) organization known as Kimsuky was seen deploying a piece of proprietary malware named RandomQuery.
- GoldenJackal, a new, skillful, and persistent threat actor, is found to be attacking diplomatic institutions in the Middle East and South Asia.
- As a first breach path to install malware on targeted computers, the infamous Lazarus Group actor has been seen targeting weak versions of Microsoft Internet Information Services (IIS) servers.
- AWS credentials linked to DynamoDB and CloudWatch, as well as SSH servers, can now be compromised due to an upgraded version of the common malware known as Legion.
- At least eight websites connected to Israeli shipping, logistics, and financial services companies were targeted in a watering hole attack. Low trust was placed in an Iranian threat actor identified as Tortoiseshell for the intrusions.
- An unauthenticated stored cross-site scripting (XSS) flaw in the Beautiful Cookie Consent Banner WordPress cookie consent plugin, which has more than 40,000 active installs, is the subject of ongoing assaults.
- In a campaign that serves as the most recent illustration of powerful, financially motivated Brazilian hackers attacking targets outside the country’s boundaries, a Brazilian hacking squad targeted users of over 30 Portuguese financial institutions earlier this year.
- The gaming industry has been the subject of distributed denial-of-service (DDoS) attacks by a new botnet called Dark Frost.