CyberIntelMag's Threat report

Weekly Cyber Threat Report, September 20-September 24

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week’s good news includes Siemens introducing an AI solution to combat industrial cybercrime, Netgear resolving harmful code execution vulnerabilities in multiple routers, Google releasing DevOps report findings, LG acquiring Cybellium, and much more.

  • Cybellum, an Israeli automobile cybersecurity firm, was bought by LG Electronics of South Korea. LG will employ Cybellum’s technologies to improve the security of its automotive products’ infotainment and telematics systems.
  • An Indian teen helped Indian Railway Catering and Tourism Corporation (IRCTC) fix an Insecure Object Direct References (IODR) vulnerability that exposes private information of passengers.
  • Siemens Energy has come up with an AI solution to fight against industrial cybercrime. Eos.ii is the name of the new solution, and it offers CISOs with an evergreen foundation for IIoT cybersecurity.
  • Netgear has discovered a fix for a code execution vulnerability in several routers and has released fixes for it. After applying this patch, the hacker will no longer be able to manipulate network traffic passing via the compromised router completely.
  • According to the conclusions of Google’s newest DevOps study, public cloud usage has improved: in comparison to 2019, there is a 5 percent increase. For organizations, it means that more employees will fulfill their performance goals and higher security awareness.
  • The Brazilian government launched a campaign about protecting personal data. This campaign also lays out the principles that guide data processing in Brazil and how these regulations align with the country’s General Data Protection Regulations (LGPD).
  • Three new flaws identified in Cisco’s ISO XE software have been fixed. Threat actors will be less likely to exploit the issue if these patches are installed.


From the bad news:

This week was about ransomware causing shut down of Crystal Valley, entry of the SOVA android trojan, PYSA group joining Linux-aiming gangs, Republican Governor Association’s email servers being hacked, Malware developers using fake certificates, and much more.

  • The new ZE loader is targeting online banking users. It’s made much more severe by the fact that it may modify its names or file extensions to avoid detection by antivirus software.
  • Malware developers are using fake certificates to trick Windows validation. Hackers use this method to spread OpenSUpdater, a riskware – an advertisement is injected into victims’ browsers and installs unwanted programs on their devices.
  • The EU officially blames Russia for ‘Ghostwriter’ hacking activities, which risks the integrity and security of European nations, as well as democratic norms and principles.
  • SOVA android trojan is a new entry made to thieve users’ banking credentials and personally-identifying information. It is still in the early stage and has been publicized on hacker forums. This trojan has the potential to do a lot of damage in the future.
  • To extend their victim pool, the PYSA ransomware gang now targets both Windows as well as Linux-based networks and systems. However, the PYSA malware’s Linux and Windows versions have a lot in common.
  • A cryptocurrency giveaway email scam posing as “Elon Musk Mutual Aid Fund” or “Elon Musk Club” is gaining traction. The victims are duped into receiving bitcoins in exchange for a contribution. Victims, on the other hand, receive nothing after making a donation.
  • The Republican Governor Association’s email system was compromised as a result of Microsoft Exchange’s zero-day vulnerabilities. Victims’ social security numbers, names, and credit card information were revealed due to the attack.
  • In a recent incident, the Cring ransomware gang took advantage of an 11-year-old ColdFusion bug. It was employed to gather timesheet and financial data for payroll and host several virtual computers.
  • Crystal Valley, a farming cooperative based in Minnesota, was forced to shut down its IT systems because of the BlackMatter ransomware attack. The flaw is still not fixed, and the company is still blocked from receiving payments via credit cards.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.