Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes the gang using wireless Key Fob hacking for stealing cars was arrested by European police, CISA offering a free RedEye Analytics tool, Microsoft patching a flaw allowing complete access to Azure Service Fabric clusters, WordPress addressing 16 vulnerabilities via its latest security update, and much more.
- Law enforcement officers in France busted a gang of cybercriminals that employed a computer tool to steal cars without needing a physical key fob, working with Spain and Latvia.
- The Cybersecurity and Infrastructure Security Agency (CISA) released a free, open-source tool RedEye Analytics to make red teams and penetration testers’ analysis, visualization, and reporting tasks more effective.
- Microsoft fixed a vulnerability that may have let an attacker take control of an Azure Service Fabric cluster in its entirety.
- Various stored and reflected cross-site scripting (XSS) flaws were addressed in WordPress 6.0.3, along with open redirect, data exposure, cross-site request forgery (CSRF), and SQL injection issues.
- Two Massachusetts men received prison terms of almost two years each for using SIM-swapping attacks to steal cryptocurrencies and taking control of the social media accounts of their victims.
The Bad News
This week’s bad news includes remote desktop services being targeted by the Venus ransomware, a severe RCE flaw being found in Cobalt Strike hacking software, an Australian insurance firm confirming a ransomware attack, a Microsoft data leak exposing customer’s information, hackers from China employing the GamePlayerFramework network for attacking online casinos, the smartphones of detained Iranian protesters being targeted via spyware, Meta Pixel health system data leak affecting millions of patients, and much more.
- Threat actors may now encrypt Windows PCs by hacking into publicly accessible Remote Desktop services employing the new Venus Ransomware. Once activated, it would attempt to terminate 39 processes connected to Microsoft Office and database servers.
- Cybercriminals took advantage of Hurricane Ian’s aftermath to assist in the theft of Federal Emergency Management Agency funds and the exfiltration of personal information.
- A remote code execution flaw that might let an attacker take over targeted devices was fixed by HelpSystems, the firm that created the Cobalt Strike software platform.
- Cyberattacks that compromised Hong Kong government entities and, in some cases, went unnoticed for a year were found to be linked to the China-affiliated espionage actor APT41, also known as Winnti.
- It was confirmed that Medibank Private Limited, one of Australia’s largest private health insurance firms, was the target of the ransomware attack that disrupted internet access and caused a breach.
- Vinomofo, an online retailer of wine, announced a major data breach in which an unauthorized party gained access to customers’ personal information, including names, dates of birth, contact information, and addresses.
- A misconfigured Microsoft server accessible via the Internet exposed customers’ sensitive information, such as names, email addresses, email content, company names, phone numbers, and files related to transactions between the impacted clients and Microsoft or an approved Microsoft partner.
- Verizon informed certain prepaid customers that their accounts may have been hacked and that scammers may have used SIM swaps to take over their phone numbers.
- The APT group with the codename DiceyF with a Chinese base was found to be responsible for a string of cyberattacks targeting online casinos in Southeast Asia for years.
- One of the few ransomware organizations targeting Russian business networks, OldGremlin, added file-encrypting malware for Linux systems to its toolbox.
- Voice of America (VoA) reported that malware has been found on some Iranian citizens’ Android smartphones who have lately been imprisoned for participating in anti-government demonstrations.
- EnergyAustralia became the subject of a cyber-attack, exposing the personal information of hundreds of customers. An unauthorized access to its online platform, My Account, affected 323 residential and small business customers.
- AAH, a Wisconsin and Illinois healthcare network with 26 hospitals, was notified of a data breach that exposed the personal information of 3,000,000 patients. The issue was caused by Meta Pixel being misused on the AAH websites.