Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Interpol detaining three Nigeria-based cybercriminals, a culprit in transnational cybercrime fraud being jailed for four years, Microsoft blocking cyberattacks against Israeli organizations, FluBot Android malware campaign being shut down, Singapore mandating a ‘kill switch’ for banks, and much more.
- Interpol detained three Nigerian men in Lagos on suspicion of rerouting financial transactions and stealing sensitive data with Agent Tesla RAT.
- A 37-year-old individual from New York was jailed for four years for acquiring stolen credit card information and being a member of the Infraud organization, a cybercrime gang. He joined this group in August 2011 and served for five and a half years.
- Microsoft prevented a series of cyberattacks on Israeli organizations carried out by POLONIUM, a previously undiscovered Lebanon-based group of hackers.
- Europol shut down the FluBot campaign, which was one of the largest and fastest-growing Android malware operations yet. This campaign was brought down by an international law enforcement effort involving eleven countries.
- As part of a new set of security measures in Singapore, banks will be required to give a “kill switch” to protect against escalating online frauds.
The Bad News
This week’s bad news includes EnemyBot malware comprising exploits for VMware and F5 BIG-IP flaws, data leak at an Australian pension company affecting 50,000 individuals, Chinese hackers exploiting Microsoft Office zero-day flaw, hackers using call forwarding trick to hijack WhatsApp accounts, several Elasticsearch databases attacked via ransomware, Intel firmware being attacked by Conti ransomware, and much more.
- EnemyBot’s reach is continually expanding as it adds exploits for newly revealed critical flaws in content management systems, web servers, Android, and IoT devices, including weaknesses in VMware and F5 BIG-IP.
- Security researchers issued a warning after uncovering a new Microsoft Office zero-day vulnerability exploited in the wild. A researcher (nao_sec) tweeted that they had found an unusual malicious document.
- A phishing effort at Spirit Super, an Australian pension company, exposed some personal information. On May 19, 2022, the ‘super fund’ revealed that client data had been stolen when an employee’s email account was hijacked.
- Chinese-linked cyber attackers are now aggressively exploiting a zero-day flaw in Microsoft Office (dubbed ‘Follina’) to remotely execute malicious malware on Windows systems.
- After misconfiguring an AWS bucket, a low-cost Turkish airline accidentally exposed the personal details of flight crew members, as well as flight data and source code. There are 23 million files totaling around 6.5TB in the exposed data.
- Hackers can now take over a victim’s WhatsApp account and access messages and contacts. It’s possible with a method that relies on cellular carriers’ automated call forwarding services.
- The cloud-based client management system (CMS) used by the Australian National Disability Insurance Scheme (NDIS) was hacked on May 15, and the data was found on the dark web a week later.
- Several major nonfungible token (NFT) projects’ Discord servers are being targeted by attackers. They ramp up phishing and scamming efforts to take advantage of a popular Discord bot and get users to click on harmful links.
- Hackers exploited weak security in Elasticsearch databases, replacing 450 indexes with ransom messages asking for $620 to restore contents worth $279,000.
- Security specialists discovered a new RuneScape-themed phishing attempt that is exceptionally well-crafted. It targets players of both the Old School and standard (RuneScape 3) versions of the game with a false email change notification.
- A Chinese-speaking group of hackers known as LuoYu has been found to infect users with WinDealer information stealer malware by replacing genuine software updates with destructive payloads in man-on-the-side attacks.
- More than 3.6 million MySQL servers are publicly accessible and reply to requests. They are a tempting target for hackers and extortionists. 2.3 million of these MySQL servers are linked through IPv4, whereas 1.3 million are connected via IPv6.
- Researchers discovered that the Conti ransomware group teams were actively working on firmware breaches. Conti coders created proof-of-concept (PoC) code that overwrote flash and acquired SMM (System Management Mode) execution using Intel’s Management Engine (ME).