Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes QUAD nations deciding to help each other against malicious cyber activities, WhatsApp addressing two severe RCE flaws, Microsoft boosting phishing protection in the latest version of Windows 11, Drupal updates fixing a critical flaw in Twig, and much more.
- India, Australia, Japan, and the US (collectively known as QUAD) committed to working together to ensure the security and resilience of the region’s cyber infrastructure, issuing a strong warning against state-sponsored harmful cyber activities.
- WhatsApp addressed two critical vulnerabilities that may be used to execute remote code during a video call. There is no evidence that the flaws were used in the wild.
- Microsoft added a feature to its Defender SmartScreen tool in the most recent build of Windows 11, version 22H2, with the intention of making passwords safer.
- Updates for Drupal resolved a severe Twig vulnerability that may cause the disclosure of private data. This vulnerability might allow attackers to load templates outside a specified directory through the filesystem loader.
- The federal criminal police of Germany, Bundeskriminalamt (BKA), raided the houses of three people accused of planning massive phishing attacks that scammed internet users of €4,000,000. A 24-year-old German hacker was arrested.
The Bad News
This week’s bad news includes Microsoft SQL servers being compromised due to ransomware attacks, new Erbium malware circulating in the form of game cracks and cheats, macOS users interested in cryptocurrency jobs being attacked by Lazarus hackers, several malware families being installed on computers by NullMixer dropper, leaked LockBit 3.0 builder being employed by Bl00dy ransomware gang, military and weapons contractors being targeted by stealthy hackers, Brazilian hacker gang reemerging with point-of-sale malware, and much more.
- Security professionals alerted the public that a new wave of attacks on vulnerable Microsoft SQL servers is employing the FARGO ransomware. Disturbing them could present challenges for businesses.
- Cybersecurity experts found a Bangladeshi hacktivist gang aiming its attacks against the Indian government’s websites and servers. DDoS attacks are used by the group known as Mysterious Team Bangladesh (MT).
- Officials verified that the hackers who crippled a French hospital and stole a vast amount of data last month have exposed patients’ personal information online.
- Users’ login credentials and cryptocurrency wallets were stolen by the novel “Erbium” information-stealing malware. It is being distributed as fake cracks and cheats for well-known video games.
- The infamous Lazarus Group of North Korea has kept up its practice of using bogus job openings to spread malware that targets the macOS operating system from Apple.
- A malicious PowerShell script was launched by hackers suspected to be affiliated with Russia employing a novel code execution technique that takes advantage of mouse movement in Microsoft PowerPoint presentations.
- A new malware dropper, NullMixer, infects Windows devices with a dozen different malware families through fake software cracks supplied on shady sites in Google Search results.
- It was revealed that the West Virginia-based Physician’s Business Office’s network breach five months ago resulted in the theft of 196,573 patients’ personal and protected health information.
- The recently exposed LockBit 3.0 ransomware builder is already being employed in attacks in the wild by the newly formed Bl00Dy Ransomware gang.
- American business magazine Fast Company disclosed that hackers had compromised its content management system (CMS) and taken over its Apple News account.
- Security researchers identified a new operation aimed against many military firms engaged in producing weapons, including a supplier of parts for the F-35 Lightning II combat aircraft.
- A threat actor named LeakBase leaked a database including personal information affecting 16 million members of Swachh City, an Indian complaint redressal portal.
- After taking a year off from operations, the Brazilian threat actor Prilex has returned with sophisticated and complicated malware to steal funds via fraudulent transactions.