Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, August 13th, 2022.
In an event important data (PII) belongs to the users of Amex and Snapchat has been breached and stolen.
Cisco came in to a limelight in many events, first in an security advisory, it fixed numerous bugs in home VPN routers. In another biggest event new comes, Yanlaowang ransomware breached Cisco and exfiltrated 2.8 GB of data.
Rapperbot – Mirai varient bot has been seen bruteforcing in to SSH and affecting Linux systems. Next data breach happens in Goodman Campbell medical Centre in Indiana where patients PHI data breached and stolen.
Next comes, a cross site scripting vulnerabilities persists GMAIL AMP version. Twilio application reached using stolen credential of its users.
The US CISA and the Australian ACSC have published a joint advisory on top malware strains of 2021. In another event that occurred, logokit is used in a phishing campaign exploiting open redirect vulnerabilities.
In another event, Meta has acted against two cyber espionage operations in South Asia namely Bitter APT and APT36. Next, Chinese based threat actors dubbed T428, are used specially crafted phishing emails and six different backdoors (nccTrojan, Logtu, Cotx, and DNSep) to break into and then steal confidential data.
Microsoft patched 118 CVEs in its August 2022 Patch Tuesday release, with 17 rated as critical and 101 rated as important. Including two zero day fixes. Users are advised to patch on priority. CrowdStrike introduced AI intelligence-powered Indicators of Attack (IoA), an innovation for fileless attack prevention at a large scale that delivers enhanced visibility of stealthy cloud intrusions.
Malicious packages has been found in PyPi packages. A central code repository that used in many projects by infinite users. US defence spearhead Lockheed Martin been said to be attacked by Russian killnet through DDoS attack.
Device42 platform has been found affected by RCE and other vulnerabilities for which patches released. In next event network security giant Palo Alto PAN OS used in NGFW firewalls has been affected by DoS attacks.
RCE vulnerabilities in Zimbra email server found exploited in wild by threat actors. Google fined by Australian regulators over misleading user data handling consent
Researcher detailed out an attack on browser powered defence attack that uses HTTP request smuggling attack. Hackers behind Twilio targets cloudflare employees