Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
The Good News
This week’s good news includes ATMSO publishing guidance for testing IoT security products, Cisco releasing security fixes for new flaws, HP fixing a severe bug in its Support Assistant tool, India and the UK conducting a simulated drill to thwart a ransomware attack on 26 countries, and much more.
- Guidelines were made available by the Anti-Malware Testing Standards Organization (AMTSO) for vendors and testers who want to evaluate the effectiveness and usefulness of security tools created to safeguard Internet of Things (IoT) devices.
- Three security vulnerabilities affecting Cisco products were patched, including a high-severity flaw found in NVIDIA Data Plane Development Kit (MLNX DPDK) late last month.
- HP issued a security advisory and warned customers of a flaw in HP Support Assistant. The company said that customers using version 9.x of the Support Assistant should update to the most recent version through the Microsoft Store.
- A virtual ransomware drill for 26 nations was successfully carried out by the UK government, the National Security Council Secretariat of India (NSCS), and BAE Systems to practice for a significant, international cyber-security catastrophe.
- A vulnerability in ConnectWise Automate, a well-known remote monitoring and management application, was fixed by ConnectWise. When unpatched, it might have allowed attackers to compromise sensitive data or other processing resources.
The Bad News
This week’s bad news includes the return of malicious malware SharkBot, booking systems of intercontinental hotels brought down by a cyberattack, a cybersecurity incident affecting travelers in London, around five million attacks targeting 0-day in BackupBuddy plugin, re-emergence of MooBot malware for targeting unpatched D-Link routers, Shopify failing to prevent known leaked passwords, new Shikitega malware targeting IoT devices and Linux systems, and much more.
- SharkBot malware, which was deployed on numerous devices to steal the banking credentials of Android users, returned to the Google Play Store.
- A security breach incident affected the IT infrastructure of Intercontinental Hotels Group. The online booking platforms and other services experienced disruptions.
- Cybersecurity company SafeBreach revealed that security researchers challenged the creator of the new “CodeRAT” backdoor, who then posted the malware’s source code online.
- A reverse-proxy phishing-as-a-service (PaaS) platform called EvilProxy emerged with the promise of collecting login credentials to get past multi-factor authentication (MFA) on Google, Apple, Microsoft, Twitter, Facebook, GitHub, GoDaddy, and PyPI.
- Travelers in London faced delays after the largest bus company in the city, Newcastle-based Go-Ahead, was reported to be affected by a “cybersecurity incident.”
- Wordfence revealed a zero-day flaw in the BackupBuddy WordPress plugin was exploited aggressively. Unauthenticated users may abuse it to download arbitrary files from the vulnerable website, which may contain sensitive information.
- The re-emergence of the MooBot Mirai malware botnet version, which targets unprotected D-Link routers via a combination of old and new weaknesses, was caused by a fresh attack wave that started early last month.
- The Lazarus Group, a well-known North Korean nation-state actor, has been linked to the MagicRAT remote access trojan. It had been installed in victim networks after being successfully exploited in VMware Horizon servers with internet access.
- A string of cyberattacks targeting Japanese businesses and 20 websites belonging to four government departments were blamed on the hacker collective Killnet, which has ties to Russia.
- Shikitega has been identified as a new kind of stealthy Linux malware that infects endpoints and IoT devices using a multi-stage infection chain and deposits additional payloads.
- It was found that the customer-facing section of Shopify’s website has extremely weak password policies. The company has failed to prevent known leaked passwords.
- Threat actors are now employing WeTransfer to spread the Lampion malware in more significant volumes as part of their phishing efforts.
- US cybersecurity firm Proofpoint disclosed that Australian government organizations and corporations were the targets of a sophisticated year-long espionage attempt.