Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Google patching high-severity privilege escalation flaws in Android, Siemens and Schneider Electric addressing critical flaws, Lenovo fixing vulnerabilities that can disable UEFI secure boot, Microsoft patching a 0-day flaw exploited for pushing malware, and much more.
- More than 40 vulnerabilities, including many high-severity escalations of privilege issues, were patched in Android’s November 2022 security patches.
- Siemens and Schneider Electric announced their Patch Tuesday advisories. Schneider only issued one new security advisory, whereas Siemens published nine new security advisories, totaling 30 vulnerabilities.
- Lenovo patched two critical vulnerabilities that affected a number of ThinkBook, IdeaPad, and Yoga laptop models and might have allowed an attacker to disable UEFI Secure Boot.
- Windows addressed a flaw that prevented Mark of the Web (MoTW) flags from spreading to downloaded ISO files, giving a devastating blow to malware creators and distributors.
- One of LockBit’s suspected ringleaders was detained in Ontario, Canada, and is now being moved to the US to face charges concerning ransomware attacks that affected at least a thousand victims.
The Bad News
This week’s bad news includes Robin Banks phishing services returning to steal banking accounts, a cyberattack disrupting operations at Maple Leaf Foods, Ukrainian hacktivists claiming to breach Russia’s Central Bank, LockBit affiliate employing Amadey bot malware, many cyberattacks found abusing IPFS decentralized network, StrelaStealer malware stealing Thunderbird and Outlook accounts, Chinese cyberspies being responsible for new BadBazaar Android malware, and much more.
- The Robin Banks phishing-as-a-service (PhaaS) platform is hosted by a Russian internet company. IronNet researchers revealed that Robin Banks’ platform is pretty dangerous and targets major American Banks.
- Over 100,000 downloads of the Android banking Trojan Vultur were made in total through the Google Play Store. It seems to be a legitimate app and can avoid Google Play security procedures due to its sparse permissions and small footprint.
- A major Canadian meat-producing company Maple Leaf Foods acknowledged that a cyberattack resulted in system disruptions. The business withheld more details on the incident.
- In a new entry posted to their data leak website, the ransomware gang threatened to expose data fraudulently obtained from the computers of Medibank.
- Hacktivists from Ukraine broke into the Central Bank of Russia and stole hundreds of internal documents. 27,000 reportedly stolen files included the bank’s operations, security procedures, and the personal information of some of its present and past workers.
- The most severe digital interruption of the day occurred on many Mississippi state websites during Tuesday’s midterm elections. Still, a federal official cautioned that more might come once the votes are counted.
- A LockBit 3.0 ransomware affiliate has been using phishing emails that deploy the Amadey Bot to manipulate victims and encrypt devices. The LockBit 3.0 payload of the attack is distributed as an executable file or PowerShell script that runs on the host system and encrypts data.
- The decentralized Interplanetary Filesystem (IPFS) network was abused by various phishing attempts to host malware, phishing kit infrastructure, and support other attacks.
- Details on the latest vulnerability in a system used by many oil and gas companies that may be leveraged by an attacker to inject and execute arbitrary code were made public by cybersecurity experts.
- A new data-stealing malware named “StrelaStealer” was found aggressively capturing email login information in two well-known email clients – Thunderbird and Outlook.
- Unknown Android malware called “BadBazaar” was found to target China’s ethnic and religious minorities, particularly the Uyghurs in Xinjiang. In VirusTotal detections, the new malware was connected to Bahamut.
- The Royal ransomware gang was accused of attacking one of the most well-known motor racing venues in the UK. The group also claimed responsibility for the alleged event.
- Due to a continuous phishing campaign, thousands of home and business clients have been infected by a new malware version known as “IceXLoader.” The deployment of the malware loader might dramatically rise due to this IceXLoader variant.