Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes a BEC scammer receiving a jail sentence of 25 years for stealing more than $9.5 million, a Netwalker ransomware affiliate from Canada receiving a 20-year sentence, Avast releasing a free decryptor, a teen using leaked Optus breach data in SMS scam arrested, and much more.
- A 46-year-old American man was found guilty of laundering over $9.5 million amassed via the commission of a financial crime enabled by the internet and received a 25-year jail term.
- A former associate of the Netwalker ransomware was given a 20-year jail sentence in the United States, slightly over three months after the Canadian national admitted admission to his part in the crimes.
- Avast released a decryptor for Hades ransomware strains called “MafiaWare666,” “Jcrypt,” “RIP Lmao,” and “BrutusptCrypt.” It enables victims to restore their data without paying the demanded ransom.
- A 19-year-old teen from Sydney was detained by the Australian Federal Police (AFP) for allegedly attempting to extort victims using the information exposed due to the Optus data breach late last month.
- Cisco stated it had fixed high-severity vulnerabilities impacting networking and communications products, such as Enterprise NFV, Expressway, and TelePresence.
The Bad News
This week’s bad news includes the LAUSD school system’s stolen data being exposed, hacked Comm100 chat provider being used for malware distribution, an Android malware found capable of stealing data and recording audio, new malware identified infecting Microsoft SQL servers, city of Tucson disclosing data breach, trojanized version of Tor browser being spread through a popular YouTube channel, a cyber attack impacting the city of Dunedin, Russian-speaking hackers taking credit for attacking U.S. state’s websites, and much more.
- The Vice Society Ransomware organization exposed data and documents stolen from the Los Angeles Unified School District after a cyberattack earlier this month. LAUSD Superintendent recognized the exposure and announced a new hotline for concerned parents and kids.
- Telstra Corp Ltd, the largest telecom company in Australia, experienced a minor data breach. The disclosure was made two weeks after its primary rival Optus was devastated by an effective hack.
- A Russian individual was apprehended by India’s Central Bureau of Investigation (CBI) for attempting to hack into a platform used to administer engineering admission exams in the country in 2021.
- A threat actor was associated with a unique supply chain attack that used the distribution of a trojanized installer for the Comm100 Live Chat application to spread a JavaScript backdoor.
- New Android spyware called “RatMilad” was found to target mobile devices in the Middle East. Cybercriminals use it for spying on victims and stealing data.
- An analysis of the BlackByte ransomware revealed a new method for bypassing security products by exploiting a known driver weakness. It disables EDR via RTCore64.sys abuse.
- A new malware called Maggie targeting Microsoft SQL servers has already infected hundreds of computers worldwide. SQL queries are used to control Maggie and tell it how to handle files and carry out commands.
- A data breach impacting the personal information of more than 123,000 people was announced by the City of Tucson, Arizona.
- Security experts discovered that two vulnerabilities in the Ikea Trådfri smart lighting system might be exploited by a threat actor repeatedly sending the same malformed Zigbee frame (IEEE 802.15.4).
- A prominent Chinese YouTube channel was found to distribute a trojanized Windows installation for the Tor Browser. The campaign was named “OnionPoison,” and all victims are from China.
- A cybersecurity intrusion affected the city of Dunedin’s network. Many online services of the city are inoperable, including email, permit payments, inspection scheduling, utility bills, Parks & Recreation programs, and marina fees.
- A researcher tried hard to disclose a severe remote code execution (RCE) flaw, but the WebPageTest project’s maintainers seem to ignore this vulnerability.
- News sources revealed that multiple websites run by the U.S. state governments had been taken down by a group of hackers who speak Russian.
