CyberIntelMag's Threat report

Weekly Cyber Threat Report, November 22 – November 26, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week, the good news includes federal agencies warning about cyber threats during holidays, Philips working to resolve vulnerabilities in medical products, Apple suing Israel’s NSO Group, investigators from Ukraine busting a mobile device hacking gang, among others.

  • US federal agencies said that they are aware that some consumers have recently received voicemail messages or phone calls from a phone number that seems to be from the Securities and Exchange Commission. Investors should not fall for these traps and avoid revealing personal information unless they’re sure of speaking with an SEC agent.
  • Philips IntelliBridge EC 40 and EC 80 Hub patient monitoring systems have two high-severity vulnerabilities. The company is working to fix them because exploited flaws in these medical products might provide an attacker unauthorized access to data (including patient information) and cause a denial of service.
  • Early this year, NSO Group customers launched cyberattacks on iPhones. Apple has now sued the Israeli NSO Group and its parent organization Q Cyber. Apple wants a permanent injunction preventing the group from accessing their devices, software, and services.
  • The government of the United Kingdom has presented new regulations aimed at enhancing the security of “smart” internet-connected gadgets in people’s homes. It would help companies be upfront with customers about what they’re doing to solve security weaknesses, improve the public reporting system for vulnerabilities, and prohibit universal default passwords.
  • The Security Service of Ukraine (SSU) has caught five members of the global ‘Phoenix‘ hacker group, which excels in remote hacking of mobile devices. To steal mobile device users’ credentials, the attackers used phishing sites that were replicas of Apple’s and Samsung’s login gateways.

From the bad news:

This week Mahan Air of Iran was attacked, multiple flaws were found in Advantech R-SeeNet, Tardigrade malware-infected biomanufacturing plants, Crypto, NFT, and DeFi communities were attacked by a Babadeda crypter, and more.

  • The computer system of Iran’s Mahan Air got hacked. “Hooshyarane Vatan,” a hacking group, claimed responsibility, claiming to have obtained data tying the airline to the Islamic Revolutionary Guard Corps. The airline confirmed that it had been cyberattacked but claimed that the threat had been mitigated.
  • The Advantech R-SeeNet monitoring software was found to have several vulnerabilities. The flaws were detected by Talos in several scripts within R-online SeeNet’s applications.
  • GoDaddy, the web hosting company, announced a data breach, warning that data on 1.2 million clients may have been accessed. Around September 6, an unauthorized individual gained access to GoDaddy’s systems using a stolen password. The issue was detected last week, on November 17.
  • The dangerous ‘Tardigrade‘ malware has infected biomanufacturing plants. Tardigrade did more than just shut down all of the computers in the building. When the malware was cut off from its command and control server, the researchers discovered that it could adapt to its surroundings, hide itself, and even act autonomously.
  • A night shift employee at a Huntington hospital was found to have accessed computerized medical patient records in contravention of the institution’s standards. The worker was suspended for a short period of time before being fired. Moreover, legal authorities have been notified of the mishap.
  • After a seven-month absence, the cyber-espionage gang RedCurl returned with new breach attacks. The gang made many tactical upgrades to its toolkit this year and has been seen targeting four firms, one of which is Russia’s largest wholesale shop.
  • Google revealed that malicious actors were discovered mining bitcoins within hacked Cloud instances. On 86 percent of the 50 newly hacked Google Cloud accounts, bitcoin mining was downloaded within 22 seconds (in most cases).

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.