Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes chartered qualification for professionals being established by the UK Cyber Security Council, Apple addressing exploited 0-day with iOS 16.1 patch, Dutch police arresting hacker responsible for breaching healthcare software provider, security features in LinkedIn becoming more robust, and much more.
- The UK Cyber Security Council will launch a nationwide pilot program to create chartered cyber professionals. The project could improve professional standards and career opportunities for cybersecurity professionals.
- A significant iOS update from Apple was released, fixing more than 20 known security weaknesses, including one in the kernel already being actively used in the wild.
- A 19-year-old guy was detained by Dutch authorities in the western Netherlands on suspicion of hacking into the systems of a local provider of healthcare software and stealing tens of thousands of documents.
- The OpenSSL Project assured users that the open-source cryptography and secure communication toolkit’s serious vulnerability would be fixed in a future release.
- LinkedIn released three new security features to combat fraudulent profiles and harmful use of the network, including a new way to determine whether a profile is genuine by indicating whether it has a confirmed work email or phone number.
- Chrome 107 was released by Google to the stable channel with remedies for 14 vulnerabilities, including critical flaws discovered by outside researchers.
The Bad News
This week’s bad news includes malicious fake PoC exploits being distributed by several GitHub repositories, Emotet botnet dispersing malware via password-protected RAR files, threat actors attacking AWS EC2 workloads, a huge cryptomining campaign using free-tier cloud development resources, Fodcha DDoS botnet evolving with new capabilities, Kimsuky hackers employing three new Android malware to target South Koreans, the New York Post being hacked by an employee, Drinik Android malware targeting customers of Indian banks, and much more.
- Researchers at the Leiden Institute of Advanced Computer Science found numerous GitHub repositories providing fake proof-of-concept (PoC) exploits for various vulnerabilities, some of which include malware.
- Trend Micro researchers showed that hackers could attack the computer numerical control (CNC) equipment used in several modern industrial plants.
- The Emotet botnet was blamed for an increase in spam-related attacks. The infamous malware installs CoinMiner and Quasar RAT on the systems it hijacks by taking advantage of password-protected archive files.
- Black Reward, Iranian hacktivists group, accessed an email server maintained by a company affiliated with Iran’s Atomic Energy Organization and exfiltrated 324 inboxes holding over 100,000 messages and 50G worth of data.
- A ransomware attack targeting the almost 20,000-student Kenosha Unified School District in Wisconsin was blamed on the Snatch ransomware group.
- Cybersecurity researchers found an effort exploiting the Amazon Web Services (AWS) instance metadata service (IMDS) from Elastic Compute Cloud (EC2) instances using the monitoring and visualization application Weave Scope and the IMDS endpoint.
- GitHub, Heroku, and Buddy were being used as part of a large-scale, automated “freejacking” attempt to mine cryptocurrencies at the service provider’s expense.
- Australian Clinical Labs said its Medlab Pathology division had a data breach that compromised nearly 223,000 accounts, making it the fourth significant intrusion in corporate Australia since September.
- The Fodcha DDoS botnet evolved with new capabilities to hide its infrastructure from detection and ransom demands embedded into packets.
- The North Korean actor, Kimsuky, was observed employing three different Android malware versions to target South Koreans. FastFire, FastViewer, and FastSpy are among the questionable malware families.
- Cloud communications provider Twilio revealed a new data breach that originated from a security breach in June 2022, wherein the same hackers who carried out the August hack gained access to certain customers’ data.
- The New York Post claimed that it had been “hacked” by an employee after its Twitter account tweeted a series of hostile remarks, including a request for the killing of US President Joe Biden.
- A new Drinik Android malware strain now targets 18 Indian banks while posing as the country’s official tax management app. It does so to collect the victims’ login information.