TheCyberThrone Security week in review – September 3rd 2022

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, September 3rd, 2022.

This week started with the news covering Google announcing the open sourcing of Paranoid, a project for identifying well-known weaknesses in cryptographic artifacts. In another news covering the same Google will start prohibiting Android VPN apps in its Play store from interfering with or blocking advertising, a change that may pose problems for some privacy applications.

Advertisements

In the same week, Google has released stable version of Chrome 105, which comes with patches for 24 vulnerabilities, including 13 use-after-free and heap buffer overflow bugs. following the release, google has shipped an emergency patch for sixth Zero day bug of the year 2022 in its chrome browser which is exploited in wild. Also McAfee has released a report stating malicious chrome extensions that could take over the system if exploited.

Akasa Airlines has suffered a data breach in which PII has been stolen by the threat actors. In another data breach event, Nelnet has suffered a data breach, exposing some 2.5 million records belonging to the Oklahoma Student Loan Authority and EdFinancial Services LLC.

In another data breach event, considered as the second biggest of the year, A data breach in Chinese database storing millions of faces and vehicle license plates resulted in exposure of data in the internet. The database held over 800 million records, representing one of the biggest known data security lapses of the year by scale. In another news, Samsung Electronics has disclosed that it experienced a data breach in which hackers accessed some of customers’ information in U.S and PII got stolen.

PyPI, has warned of an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to the packages in the repository. The U.S. CISA has added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog with a deadline by September 15th 2022.

Advertisements

A Turkish-based cryptocurrency mining malware campaign has been detected called Nitrokod, that infected machines across 11 countries with an XMRig crypto miner. The Federal Trade Commission is suing to stop an analytics company (Idaho-based company called Kochava) from selling geo-location data on over 125 million consumers, including where they live and if they recently visited an abortion clinic

In another event, A cyberespionage group from china dubbed TA423 (aka Red Landon or APT 40) has been seen targetting Australian officials with reconnaissance malware called Scanbox to steal details about the victims hackers could use to execute more targeted strikes. Researchers from microsoft have discovered a vulnerability tracked as from the source CVE-2022-28799 in TikTok’s Android app which could allow attackers to remotely hijack user accounts.

Russia has been in news this week coverage, a wide range of cyberattacks crippled Montenegro and the government is struggling to deal with it. while laying the blame for the damage on Russian state hackers. Yandex Taxi was in center of attack controversy. Since Russia invaded Ukraine, numerous attacks are conducted against Russia.

In ransomware coverage, a new piece of targeted ransomware created in the Go programming language has been customized for maximum impact against individual victims dubbed as Agenda ransomware. Also this week has seen a new ransomware group with name BianLian has become increasingly in action now which is also written in Go language. TAP Air Portugal’s was hit by a cyberattack on Aug. 26, and it claims that it stopped the attack and no airline customer data was compromised. Ragner locker claimed the responsibility.