Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes the United States stopping Russia’s “Snake” cyberespionage malware, 13 additional domains related to DDoS-for-hire services being seized by the FBI, Microsoft enforcing number matching to prevent MFA fatigue attacks, SAP fixing critical flaws with security updates released in May 2023, and much more.
- The Russian FSB intelligence service’s division was allegedly using the most advanced cyberespionage malware (Snake) to gather information from key targets until the US government announced that it had stopped it.
- The seizure of 13 additional domains connected to DDoS-for-hire platforms, often known as “booter” or “stressor” services, was disclosed by the US Justice Department.
- Microsoft began requiring number matching in Microsoft Authenticator push messages to prevent multi-factor authentication (MFA) fatigue attacks.
- Microsoft released 40 security fixes for Patch Tuesday in May 2023, including two zero-day flaws already being actively used in attacks.
- On its May 2023 Security Patch Day, German commercial software manufacturer SAP announced the release of 18 new security notes, including two “hot news” notes that address severe vulnerabilities.
- At its annual developer conference, Google I/O, Google introduced many new privacy, safety, and security measures. The IT giant’s most recent efforts are intended to shield its users from cyber threats.
The Bad News
This week’s bad news includes hackers stealing Western Digital’s clients’ data in a March cyberattack, gambling companies being attacked by hackers through chat apps, APT from North Korea using fake Microsoft OneDrive links to spread new malware, food distribution company Sysco issuing a data breach warning after a cyberattack, North Korean hackers breaching major hospital in Seoul to steal data, one million WordPress sites being affected by exploited plugin weakness, and much more.
- Western Digital took its store offline and informed customers of the data breach after finding that hackers had compromised it in a cyberattack in March.
- The confidential code signing keys for Taiwanese PC manufacturer MSI were exposed on a hidden website by the threat actors that launched the ransomware attack on the firm last month.
- A threat actor with ties to China targeted a gambling firm in the Philippines as part of a campaign that has been going on since October 2021.
- Unprivileged local users may now elevate their privileges to the root level using a newly found Linux NetFilter kernel bug, giving them total control of the affected system.
- The North Korean cyber espionage group Kimsuky broadened the scope of its operations with a new spear-phishing campaign employing Microsoft OneDrive links in documents laced with malicious macros that activate new reconnaissance software.
- The privacy of residents was violated by a government app (Certificate Issuing Server), for which Taro Kono, Japan’s minister for digital transformation and reform, issued an apology.
- Leading international food distributor Sysco acknowledged that hackers broke into its network earlier this year and stole confidential data, including corporate, customer, and employee data.
- In a data breach event discovered on April 21, almost 24,000 users of internet service provider WhizComms, or about half of its customer base, had their personal information stolen by an outside entity.
- The Korean National Police Agency disclosed that North Korean hackers broke into the network of the Seoul National University Hospital (SNUH), one of the country’s main hospitals, and stole private information as well as vital medical data.
- Cybersecurity company Claroty, which specializes in industrial and IoT devices, released information on five vulnerabilities. If exploited, these vulnerabilities might allow threat actors to compromise specific Netgear routers.
- According to WordPress security company Defiant, exploitation of a serious vulnerability in the Essential Addons for Elementor WordPress plugin started just after a fix was made available.
- Over the past two years, a group of cybercriminals with a base in Israel conducted more than 350 business email compromise (BEC) attacks that have targeted major multinational corporations all over the world.
