Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes Trend Micro addressing another Apex One flaw, Microsoft fixing 63 vulnerabilities in its latest update, a tax fraud ringleader selling children’s stolen identities being sent to prison, new BIOS updates for Lenovo addressing security flaws in several devices, and much more.
- Trend Micro’s Apex One endpoint security software was patched for several bugs, including a 0-day vulnerability. This flaw is an inappropriate validation issue and affects the product’s rollback feature.
- Microsoft fixed 63 vulnerabilities, including one that is being actively exploited on Windows. Five of them are rated as “Critical,” one of the most severe categories because they permit remote code execution.
- Ariel Jimenez, the founder of a fake tax preparation company, received a 12-year jail term for selling the stolen identities of thousands of welfare recipients and assisting “customers” in falsely claiming tax credits, resulting in millions of dollars in tax losses.
- Lenovo, a Chinese computer maker, released a security advisory to alert customers of multiple serious BIOS flaws affecting hundreds of devices across many models.
- As part of their September 2022 Security Patch Day, German software company SAP announced the release of eight new and five revised security notes.
The Bad News
This week’s bad news includes Iranian APT42 targeting dissidents and activists with espionage attacks, new Browser-in-the-Browser exploits being used to obtain Steam accounts, the legislature of Argentina’s capital city facing a ransomware attack, malware spreading via FishPig distribution server for infecting Magneto-powered stores, phishing pages embedding keylogger to steal credentials, Starbucks Singapore saying customer data was illicitly accessed in a data breach incident, modified RATs being employed by webworm hackers in recent cyberespionage operations, and much more.
- Threat actor APT42 was found to be linked to more than 30 confirmed espionage attacks targeting individuals and groups of vital importance to the Iranian government since 2015.
- Research from Snyk revealed that 80% of companies suffered a “severe” cloud security incident during the previous year, and a quarter of them worry that they may have experienced a cloud data breach without knowing it.
- The latest Freedom of Information (FoI) statistics from the sector regulator revealed that the number of DDoS attacks on UK financial institutions increased during the first few months of the Ukraine war.
- In recent breaches, hackers have been found exploiting a rising phishing technique called “Browser-in-the-Browser” to steal Steam user credentials.
- The legislature of Argentina’s capital city (Buenos Aires) reported a ransomware attack, claiming that Wi-Fi connectivity had been lost and internal operating systems had been infiltrated.
- Proofpoint researchers warned that the death of Queen Elizabeth II is being used as bait by threat actors in phishing attempts. Attackers try to get victims to visit websites where their Microsoft account information and MFA codes can be stolen.
- A specialist gang of espionage hackers have been found to target government and state-owned firms in many Asian nations as part of an intelligence collection operation since 2021 beginning.
- In a unique phishing attempt, Greeks are the target of phishing sites that look like the state’s legitimate tax return platform and steal their login information as they input it.
- A cyberattack on the computers of Bell Technical Solutions (BTS), a Bell Canada subsidiary, was claimed by the Hive ransomware group.
- For the past several weeks, malware has been injected into Magento stores via a supply chain attack on the FishPig distribution server. The Magento extension supplier FishPig specializes in Magento optimizations and Magento-WordPress interfaces.
- Cisco Talos reported that malicious LNK files transmitted in RAR packages were being used by the Gamaredon APT to target users in Ukraine.
- Starbucks disclosed that the names, birthdates, and cellphone numbers of some consumers in Singapore had been compromised. The company urged consumers to change their credentials.
Customized Windows-based remote access trojans (RATs), some of which are supposedly in the testing or pre-deployment stages, have been linked to the threat actor known as Webworm.