Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes the Biden administration wrapping up the cyber apprenticeship sprint, Firefox 107 addressing critical vulnerabilities, F5 fixing two high-severity RCE flaws, researchers silently cracking Zeppelin ransomware keys, and much more.
- The Biden administration completed a 120-day cybersecurity apprenticeship sprint. It was part of a bigger initiative to address a persistent workforce shortage.
- With the launch of Firefox 107, Mozilla addressed many critical vulnerabilities. The security flaws fixed in this version include a total of 19 CVE IDs, nine of which have been rated as having a “high impact.”
- A modified CentOS installation operating on F5 BIG-IP and BIG-IQ devices was found to have multiple high-severity vulnerabilities. After a cybersecurity firm pointed out those flaws, F5 fixed them.
- A researcher cracked the Zeppelin ransomware keys but kept the news a secret because of the creators of Zeppelin. If they had found that their file encryption strategy was being circumvented, they would have changed it.
- Atlassian notified its customers that it had addressed critical flaws in its Crowd and Bitbucket products.
The Bad News
This week’s bad news includes an Airphone flaw allowing hackers to open doors, over 15K WordPress websites being affected by a dangerous SEO campaign, DTrack targeting Latin America and Europe, Chinese hackers breaching Digital Certificate Authority, Magento stores being targeted in TrojanOrders attacks, many Amazon RDS instances exposing users’ personal information, QBot phishing abusing Windows Control Panel EXE, and much more.
- Hackers can hijack several popular digital door-entry systems provided by Aiphone with just a smartphone and near-field communication (NFC) tag. Several high-profile clients using these devices are at risk.
- The Russian scooter rental business Whoosh announced a data breach after hackers started selling a database with the information of 7.2 million clients on a hacking site.
- The Lazarus group’s backdoor, DTrack, has been found active in Germany, India, Brazil, Italy, Switzerland, Mexico, Turkey, Saudi Arabia, and the United States. This indicates that DTrack is expanding to other regions of the globe.
- A new destructive effort that tries to drive traffic to fraudulent Q&A portals has infected more than 15,000 WordPress websites. This SEO poisoning campaign mainly targets a few low-quality Q&A sites.
- It has been found that a flaw in Glitch, a fork of Mastodon, might allow attackers to obtain users’ login information. Mastodon is a social media platform and is seen by many people as a replacement for Twitter.
- RapperBot, a new strain of malware discovered by cybersecurity experts, is being used to create a botnet that can perform Distributed Denial of Service (DDoS) attacks against gaming servers.
- An alleged Chinese state-sponsored attacker penetrated a digital certificate authority as well as government and defense entities in various Asian countries as part of an ongoing operation that dates back to March 2022.
- A significant increase in “TrojanOrders” attacks against Magento 2 websites was attributed to at least seven hacker groups. These attacks make use of a flaw that lets threat actors into unprotected servers.
- With its malicious Python programs intended to steal login passwords, personal information, and bitcoin, the malware known as WASP has been using steganography and polymorphism to elude detection.
- A new analysis found that multiple Amazon Relational Database Service (Amazon RDS) databases continuously leak users’ personally identifiable information (PII).
- A ransomware attack forced public schools in two counties of Michigan to stop all operations, including teaching. The school alerted law enforcement and hired private cybersecurity consultants to investigate the attack and gain assistance in securely recovering its systems.
- A DLL hijacking vulnerability in the Windows 10 Control Panel is being abused by phishing emails disseminating the QBot malware to infect PCs, most likely to avoid being discovered by security software.