TheCyberThrone week in review – August 20th 2022

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, August  20th, 2022.

Intel has introduced, Tunable Replica Circuit to help protect against certain types of physical fault injection attacks without requiring any interaction with the computer owner. A big announcement from the chip giant. Xiaomi has a vulnerability in its trusted execution environment by which using mobile payments could lead to an attacker stealing private keys used to sign Wechat Pay control and payment packages. its been patched now.

In an another news that came, Authorities have warned that victims of a Zeppelin, the ransomware-as-a-service family may require multiple unique decryption keys to stand a chance of getting their data back. VileRAT appears to be involved in attack campaign targeting foreign exchange and cryptocurrency trading companies. The attack was attributed to DeathStalker. The attackers have upgraded the capabilities of VileRAT to perform more sophisticated attacks.

SOVA, an Android banking trojan has been spotted in the wild again and appears to have new features like MFA interception, cookie stealing and injections and also adds ransomware capabilities. in another big news of the week, Meta has informed that it will start testing end-to-end encryption (E2EE) as the default option on its Facebook Messenger platform. This feature will be initially available only to selected users.

Zoom has issued a patch for a vulnerability to its Mac version of the application that could lead to a system takeover. A Log4Shell de-obfuscation tool dubbed Ox4Shell, promises simple, rapid payload analysis without the risk of critical side effects has been showcased at Black Hat USA.

Microsoft has disrupted a prolific Russian state-backed highly persistent threat group called Seaborgium known for conducting long-running cyber-espionage campaigns. A cyberattack has hit a UK water supplier “Thames Water” that serves 1.6 million residents, Clop ransomware gang took the responsibility for the attack.

Tanium has announced that it has been nominated to join the Microsoft Intelligent Security Association, to help customers better defend themselves against increasingly sophisticated cyber threats. in another major acquisition, Thoma Bravo is mulling acquiring the British cybersecurity firm Darktrace.

Google has uncovered that threat actors are exploiting a previously unknown Chrome browser flaw and tracked as CVE-2022-2856 and its 5th Zero day of 2022 which google has fixed. Tropical Scorpius seen using new TTP’s to deploy Cuba ransomware including Kerbercache

The RedAlpha APT group, linked to the Chinese state, has been seen spying organizations through massive phishing campaigns and credential harvesting. Researchers has warned about Dark Tortilla, a .NET based sophisticated, evasive Cryptor that’s been used by several threat actors are using to distribute a range of information stealers and RATs.

Apple has released updates including 2 zero days to fix security flaws across its portfolio devices, after admitting the vulnerabilities may have been actively exploited in wild by threat actors. in another news, threat actors associated with BazarLoader, TrickBot and IcedID malware are now seen deploying the loader known as Bumblebee to breach networks and conduct post exploitation activities.

In a major ransomware attack news, A UK car dealership Holdcroft Motor Group has been the victim of cyberattack and employee data may have been compromised in the breach. Google Cloud announced the general availability of a new threat intelligence solution in the Chronicle secops suite: Curated Detections.

Cisco has patched a high-severity escalation of privilege vulnerability in AsyncOS for Cisco Secure Web Appliance that can be exploited remotely to inject commands and escalate privileges to root, but requires authentication for successful exploitation. The U.S. CISA added critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter