Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes African law enforcement disrupting $800K scams, UEFI vulnerability being fixed by Acer, EU police closing 13,000 websites in a piracy crackdown, Spanish police dismantling a campaign running investment frauds, and much more.
- Interpol revealed that 10 suspects had been arrested by the African police after a four-month probe into an $800,000 worldwide fraud conspiracy.
- Multiple laptop models were affected by a high-severity vulnerability that Acer addressed. This vulnerability might have allowed local attackers to disable UEFI Secure Boot on vulnerable devices.
- Europol disclosed that 12,526 websites hosting illicit content were shut down because of an extensive campaign to combat online piracy and counterfeiting throughout the EU.
- A cybercrime ring that defrauded 300 people across Europe out of almost €12.3 million ($12.8 million) was brought to an end by the Spanish National Police.
- Employees of the El Faro digital newspaper in El Salvador sued NSO Group in a US federal court, claiming that the Israeli company’s contentious Pegasus software was used to spy on them.
The Bad News
This week’s bad news includes Belgian police being attacked by hackers, the “invisible challenge” trending on TikTok being employed by hackers for distributing malware, North Carolina college confirming a breach of sensitive data, a Keralty ransomware attack affecting the healthcare system of Columbia, USB devices being used by Chinese hackers to attack organizations in Philippines, compromised OEM Android platform certificates being used to sign apps containing malware, IBM cloud supply chain flaw revealing novel threat class, and much more.
- The data that the Ragnar Locker ransomware gang announced as having been seized from the municipality of Zwijndrecht was stolen from the Zwijndrecht police, a local police unit in Belgium’s Antwerp.
- CloudSEK reported that FIFA world cup-themed cyberattacks causing dangers to enterprises and audiences include advanced persistent threat (APT) campaigns, phishing, credit card/cryptocurrency fraud, DDoS attacks, and identity theft.
- A fake Android SMS app with 100,000 downloads on the Google Play store was found discreetly serving as an SMS relay for a service that creates accounts for websites including Microsoft, Google, Instagram, Telegram, and Facebook.
- The latest research from Checkmarx revealed that TikTok’s trending “invisible challenge” has been employed by threat actors to trick users into information-stealing malware.
- Guilford College in North Carolina revealed that the ransomware attackers stole sensitive information from employees, instructors, and students.
- New research by cybersecurity firm Binarly found that the OpenSSL cryptography library was still being employed by Dell, HP, and Lenovo.
- A ransomware attack using the RansomHouse encryption tool negatively impacted the websites and commercial operations of the global healthcare organization Keralty and its subsidiaries.
- An assortment of espionage attacks in the Philippines that mostly use USB devices as an initial infection vector was found to be connected to a threat actor with a suspected China nexus.
- The indicator of how well a contractor complies with the Defense Federal Acquisition Regulation Supplement (DFARS) requirements revealed that 87% of contractors have a Supplier Performance Risk System (SPRS) score below 70.
- Threat actors used multiple platform certificates that Android OEM device manufacturers used to sign essential system applications containing malware.
- LastPass disclosed that some user data held in a third-party cloud service shared by LastPass and its parent company, GoTo, was accessed by an unauthorized party.
- HealthITSecurity said that a breach at pediatric health IT provider Connexin Software may have exposed the data of more than 2.2 million patients spread over almost 120 pediatric medical offices and practice groups in the United States.
- A flaw in IBM Cloud databases for PostgreSQL might enable attackers to run a supply chain attack against cloud clients by infiltrating internal IBM Cloud services and interfering with the hosted system’s internal image-building process.