Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes severe vulnerabilities in ColdFusion and Adobe Commerce being patched, the White House planning to create an IoT device labeling program, Aruba fixing severe RCE and auth bypass vulnerabilities in EdgeConnect, Google introducing Passkey password-free login support for Chrome and Android, and much more.
- Adobe issued security updates for 29 vulnerabilities across several enterprise-facing products, such as ColdFusion and Adobe Commerce. It also warned that hackers might use these flaws to gain total control of susceptible systems.
- The White House released a fact sheet that details its long-standing objectives to develop a system of product labeling to notify consumers of the security risks connected devices represent.
- Aruba released security updates for the EdgeConnect Enterprise Orchestrator to fix several critical severity flaws that let remote attackers take control of the host.
- Chrome and Android now have official support from Google for passkeys, the newest authentication standard. This feature is a part of a more significant effort to establish a common passwordless sign-in standard.
- Microsoft made it easy to get alerts about new security upgrades through a new RSS feed for the Security Update Guide.
The Bad News
This week’s bad news includes pro-Russian hackers initiating DDoS attacks on US airports, researchers warning that cybercriminals may abuse “thermal attack,” QBot malware infecting over 800 corporate users, various issues in the Robustel R1510 cellular router leading to cyberattacks, hackers using vishing to deceive victims into installing Android banking malware, secret agent of Australian police being exposed in Columbian data breach, a cyber-espionage gang from China attacking telecommunications and IT services providers, and much more.
- Hackers airdropped NFTs to Solana cryptocurrency users under the premise of security upgrades for the Phantom to steal cryptocurrency wallets and implant malware that steals passwords.
- Researchers claim to have created an AI-driven system that can quickly guess passwords by analyzing the heat signatures that users’ fingertips leave on keyboards and displays when inputting data. This technique, dubbed thermal attack, can be abused by cybercriminals.
- A malicious Excel document posing as a tool to figure out the salary for Ukrainian military troops was discovered by FortiGuard Labs. The document attempts to dupe users into allowing the execution of macros meant to fill in the cells’ content automatically.
- Kaspersky revealed that a fresh QBot (aka Qakbot and Pinkslipbot) malware distribution operation had affected over 800 corporate users since September 28.
- The websites of several important airports in the United States have been the subject of widespread distributed denial-of-service (DDoS) attacks by the pro-Russian hacktivist organization “KillNet.” Travelers were not able to access the sites.
- In order for threat actors to publicly distribute malicious clones of private packages and lure developers into using them instead, security researchers found an npm timing attack that exposes the names of such packages.
- A new variant of YoWhatsApp, an unauthorized WhatsApp Android app, was discovered to steal account access keys from users. It includes some additional features over the usual WhatsApp.
- Cisco Talos found nine vulnerabilities in the Robustel R1510 industrial cellular router, some of which might allow an attacker remotely infect operating system code.
- A study from ThreatFabric showed that malicious actors are tricking consumers into installing Android malware on their devices by exploiting voice phishing (vishing) tactics.
- The identities of covert operatives for the Australian Federal Police (AFP) were made public after the release of data taken from the Colombian government by hackers.
- A hacker performed a flash loan attack to steal more than $100 million from the cryptocurrency trading platform Mango Markets. The incident was one of several high-profile platform thefts that have occurred recently and shocked the industry.
- Security researchers discovered that it is feasible to partially or wholly deduce the contents of encrypted communications transmitted through Microsoft Office 365 due to the adoption of a weak block cipher mode of operation.
- A Chinese cyber espionage group that SentinelOne recently uncovered was targeting IT service providers and telecom companies with signed malware in the Middle East and Asia.
