TheCyberThrone week in review – August 27th 2022

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, August  27th, 2022.

The week started with the an event covering the details of Threat actors behind both the ATMZOW JS sniffer campaign and the Hancitor malware downloader infected at least 483 websites across four continents since the beginning of 2019 are same as per the research report from Group-IB.

BlackByte version 2.0 ransomware gang that has the link to the Conti group has returned with a new campaign like the better-known LockBit gang, promoting a new leaks site and claims to have successfully targeted new victims. Threat actors behind the ransomware are also promoting their activities on Twitter including auctions for stolen data.

In an another notable event, A cyberespionage attacks levied by Cozy Bear is seen backed by Russian cyberespionage group backed by the Russian government targeting Microsoft 365 accounts in NATO countries. It continued to conceal the methods of attacking their targets from analysts, preventing their discovery and exposure.

TikTok can track user interactions with websites that they access through the app’s built-in browser, which enables users to open websites through the app interface by tapping on links and ads. The app doesn’t load websites in an external browser such as Chrome, but rather uses a built-in browser. That built-in browser can reportedly collect data about user activity in external websites

Researchers have discovered a new threat campaign by NetSupport RAT, linked to ransomware campaigns and downloads of data-stealing malware Racoon Stealer. This was designed to trick users into downloading malware capable of hijacking their machine. In another news a new RAT has been seen on the dark web weaponizing Microsoft Office and Adobe PDF documents to deliver malicious code, dubbed Escanor.

A revenge has been taken, LockBit ransomware group had its leaks site knocked offline in a DDoS attack, and it blames Entrust Corp. for the attack. A major whistle blower event occurred this week, Twitter’s former head of security has blown the whistle on weaknesses in security, including vulnerabilities that could lay the social media platform open to cyberattacks that could have major national-security implications.

GitLab has fixed a RCE vulnerability tracked as CVE-2022-2884 affecting the Community and the Enterprise Edition of its DevOps platform, and has urged admins to upgrade their GitLab instances immediately. Researchers at Microsoft observed the activity of Russia-backed Nobelium APT that uses the backdoor after gaining administrative privileges to an Active Directory Federated Services server.

A vulnerability tracked as CVE-2022-31676 in VMware Tools could pave the way for local privilege escalation (LPE) and lead to takeover of virtual machines. Google announced the general availability of VMTD (Virtual Machine Threat Detection), a service that can detect if hackers attempt to use a company’s cloud environment to mine cryptocurrency

LastPass, a Password management solution firm disclosed a security breach. In another data breach event Plex streaming services has  sent out an email to all its users advising them to change their passwords as soon as possible after discovering suspicious activity on one of its databases during this week.

Sephora, owned by French luxury goods giant LVMH has agreed to pay $1.2 million in penalties and take corrective action after falling foul of the California Consumer Privacy Act. Attackers involved in Twilio, MailChimp and Klaviyo, are also compromised more than 130 companies using the same phishing campaign dubbed as Oktapus.

Another break through event, Iran-based threat actor MuddyWater aka MERCURY has been leveraging the exploitation of Log4j 2 vulnerabilities in SysAid applications to target organizations in Israel. Atlassian fixed a critical flaw in Bitbucket Server and Data Center, tracked as CVE-2022-36804 with a CVSS score 9.9, that could be explored to execute malicious code on vulnerable installs.

Zscaler has launched its new cloud native  application protection platform (CNAPP) solution, called Posture Control. A new Red team tool knows as Sliver framework is seen as an alternate for Cobalt Strike emerged in the security community.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter