Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Windows MoTW 0-day flaw receiving an unauthorized fix, CISA guiding on phishing-resistant and numbers matching MFA, Fortinet addressing high-severity weaknesses, US Treasury thwarting a cyberattack from the Russian Killnet gang, and much more.
- A free unofficial patch was released to address an actively exploited zero-day that allowed files with fake signatures to bypass Mark-of-the-Web security warnings in Windows 10 and Windows 11.
- CISA published two fact sheets to highlight threats against accounts and systems employing certain types of multifactor authentication (MFA). CISA urges all companies to use phishing-resistant MFA to defend themselves against phishing and other well-known online risks.
- Six of the 16 vulnerabilities found in the company’s products, which have been given a ‘high’ severity rating, were disclosed to customers by Fortinet. The company has patched them.
- A distributed denial of service (DDoS) attack that authorities believe was launched by the Russian hacktivist organization Killnet was stopped by the US Treasury Department.
- The release of a new set of quarterly patches for Splunk Enterprise, which solves nine high-severity vulnerabilities, was announced by Splunk.
The Bad News
This week’s bad news includes an attack on an Australian defense contractor putting private conversations at risk, SandStrike spyware infecting Android devices through an infectious VPN application, Chinese hackers spreading LODEINFO malware, breached Amazon Prime server exposing viewing habits of users, mobile attacks through old Android and iOS putting US government employees at risk, RomCom RAT malware updating its strategy to attack, Vodafone Italy disclosing a data breach, and much more.
- A ransomware attack may have revealed up to 40,000 records of private conversations between members of the current and past Australian defense services.
- The French firm HENSOLDT France was allegedly compromised by the Snatch ransomware gang. HENSOLDT is a business that specializes in military and defense electronics.
- Threat actors were found targeting Android users with SandStrike, a recently identified malware that is distributed through a rogue VPN application.
- Stone Panda, a Chinese threat actor, was observed spreading a stealthy infection chain (LOADINFO malware) in its attacks against Japanese targets. The targets were think tanks, the media, and political, diplomatic, and public organizations.
- Dropbox confirmed that it was successfully phished, leading to the theft of some of its confidential API credentials and the cloning of 130 of its private GitHub code repositories.
- Ransomware gang LockBit 3.0 allegedly committed data theft from the French defense and technology company Thales. The company has already launched an investigation into this breach.
- Research revealed that over half of the Android-based smartphones used by state and local government employees in the United States have out-of-date operating systems, leaving them vulnerable to hundreds of possible attack vectors.
- An Elasticsearch database known as Sauron was left exposed in cyberspace without any security authentication. It held information on Prime Video watching patterns and was kept on an internal Amazon server.
- The Checkmk IT Infrastructure monitoring software was found to have various flaws that were publicly revealed and may have been used by a remote, unauthenticated attacker to take control of the vulnerable systems completely.
- Threat actors responsible for the RomCom RAT altered their attack strategy and are now making use of well-known IT companies. They created sites resembling the official download pages for SolarWinds Network Performance Monitor (NPM), KeePass password manager, and PDF Reader Pro.
- Vodafone Italia sent notifications of a data breach to its customers. They were notified that a cyberattack had been experienced by one of its business partners, FourB S.p.A., which sells telecommunications services in the country.
- Threat actors deployed the SocGholish JavaScript malware framework, commonly known as FakeUpdates, on the websites of hundreds of newspapers throughout the United States exploiting the infrastructure of an unknown media organization that has been hacked.
