Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Amazon addressing a weakness affecting AWS AppSync, domains employed in ‘pig butchering’ crypto frauds being seized by US authorities, two Estonian nationals being arrested for operating a cryptocurrency ponzi scam, Google pushing urgent Chrome update, and much more.
- Amazon addressed a cross-tenant flaw in one of its famous AWS tools. The flaw previously allowed attackers to take over Identity and Access Management (IAM) roles in other AWS accounts and misuse the AppSync service provided by AWS.
- The US Justice Department announced the removal of seven domain names linked with a ‘pig butchering’ cryptocurrency fraud. The actors received approximately $10 million from five victims due to the deceptive scheme.
- Two Estonian nationals were detained in Estonia following their indictment in the United States for operating a huge Cryptocurrency Ponzi scam that cost investors more than $575 million.
- In order to address the eighth zero-day vulnerability used in cyberattacks this year, Google published an urgent security upgrade for the desktop version of the Chrome web browser.
- Interpol announced the seizure of virtual assets valued at $130 million as part of a worldwide campaign to combat financial crimes and money laundering enabled by the internet.
The Bad News
This week’s bad news includes the discovery of new ransomware capable of stealing Discord accounts, phishing emails related to the world cup being increased in middle eastern nations, California county reporting a data breach, BMC firmware weaknesses affecting OT and IoT devices, Android file manager applications using Sharkbot malware to infect users, Russian cybercriminals stealing over 50 million passwords, the hospitality firm Sonder confirming a data breach, OpenVPN Android application being modified by hackers to integrate spyware, and much more.
- The emerging “AXLocker” ransomware group steals affected users’ Discord accounts in addition to encrypting their files and demanding a ransom payment.
- A report from BlueVoyant revealed that private equity firms are struggling to appropriately manage cyber risk in their portfolio companies, with a fifth (19%) of these companies having easily exploitable weaknesses.
- In the month before the World Cup in Qatar, the number of phishing attempts aimed at victims in the Middle East jumped by 100%. Cybercriminals employed FIFA and other football-related baits as a starting point for their attack.
- Employees, clients, and partners received notifications from the County of Tehama in California that their personal information may have been exposed due to a data breach.
- New features have been added to the Ducktail information stealer, and the threat actors that employ it have been growing their operations. Ducktail mainly targets Facebook business users.
- A hack on the Australian charity for children, The Smith Family, might have resulted in the theft of some donor personal information. The charity’s funds were intended to be stolen during the breach. However, the attempt was “unsuccessful”.
- Researchers discovered more than a dozen bugs in the firmware of the baseboard management controller (BMC). Some of them may allow unauthenticated attackers to launch RCE attacks.
- The official Google Play app store was compromised by a fresh batch of malicious Android applications disguising themselves as useful file managers and infecting users with the Sharkbot banking trojan.
- Westmount, Quebec’s municipal services were suspended, and employee email accounts were shut down due to a ransomware attack by LockBit 3.0 cybercriminal gang. The city is asked to make an unknown ransom payment by December 4.
- At least 34 Russian-speaking gangs stole over 50 million credentials by exploiting the stealer-as-a-service business model to sell information-stealing malware throughout the first seven months of 2022.
- The hospitality firm Sonder acknowledged a data breach that may have exposed visitor information. Present employees, former employees, vendors, or attackers might have gained unauthorized access to stem the incident.
- A ransomware attack on the system of AIIMS Delhi, a prestigious hospital in India, shut down daily operations, including OPD registrations and blood sample reporting.
- A threat actor engaged in cyberespionage was found to be luring victims with fake VPN software for Android that is a trojanized version of trustworthy products, SoftVPN and OpenVPN.
