TheCyberThrone Security week in review – September 10th 2022

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, September 10th, 2022.

This week started with a narration detailing on a phishing campaign targeting American express customers. Numerous vulnerabilities have been identified in WatchGuard and its has patched in two main firewall brands that have been rated between medium and critical severity.

KyberSwap, a DeFi platform has informed that it has suffered an exploit to its front-end web code. By which attackers were able to steal about $265,000 in cryptocurrency funds. Newcastle-based transportation group Go-Ahead has revealed it has been hit by a cyber-attack indicating unauthorized activity had been discovered on its network that resulted in travelers in London experienced more delays

TikTok has denied a claim of a breach after a hacker claimed to have obtained both user data and source code and pasted a screenshot showing about 790 Gigabytes of data got stolen. This week also seen a new Phishing-as-a-Service (PhaaS) named EvilProxy that uses reverse proxy and cookie injection that bypasses security mechanisms was seen for sale in dark web forums.

Ireland’s Data Protection Commission has issued a fine of €405m ($402.2m) against social media site Instagram following an investigation into its handling of children’s data. A false positive bug has been fixed by Microsoft in the Windows Defender that identified the Chromium browser engine and/or Electron JavaScript framework as Hive ransomware and recommended removal.

In another event, Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747with CVSS of 9.8, impacting its NAS devices. The US and Portuguese authorities have shut down a notorious cybercrime marketplace WT1SHOP that made sellers of stolen personal information of six millions, that enabled to earn millions of dollars over the years.

A warning from FBI about Hive ransomware released after the Los Angeles Unified School District (LAUSD), serving about 600,000 students released details of the attack on Monday’s Labor Day holiday. InterContinental Hotels Group PLC, owner of famous hotels like Holiday Inn, Regent, Crown Plaza. has been hit by a cyberattack that resulted in its booking systems being knocked offline.

ThreatLocker has launched its newest software add-on to its Allowlisting solution. A in-cloud learning feature to strengthen their zero trust security posture. A news about Parrot OS surfaced after the release of its new 5.0 version with detailing the new features and improvements

This week, Cisco has fixed numerous security flaws in its product portfolios, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. Savannah College of Art and Design (SCAD) in US has suffered a ransomware attack that leaked the sensitive information of hundreds of people. Avoslocker claims the responsibility.

Users of WordPress websites running BackupBuddy(plugin to take WordPress websites backup) have been urged to update the plugin amid reports of active exploitation of a high severity zero day bug that allows arbitrary file download/read vulnerability. The U.S. CISA added 12 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including four vulnerabilities in D-Link routers, two Chrome zero-day issues, and a recently disclosed flaw in the QNAP Photo Station.

An orchestrated campaign by North Korea-linked Lazarus APT group named MAGICRAT, has been tracked by the researchers, aimed at energy providers aimed at infiltrating organizations and maintain long-term access and exfiltrate data from the victims , including organizations in the US, Canada, and Japan. In another event an Iran-linked APT group DEV-0270 (Nemesis Kitten) has been seen abusing the BitLocker Windows feature to encrypt victims’ devices.

The US federal have sanctioned Iranian government for its cybercrime activities against US targets via a range of APT groups (Muddywater and APT 39) since at least from year 2007. Security researchers have discovered a ransomware campaign from a group called Monti, may be the name derived since it relies almost entirely on leaked Conti code to launch attacks using Log4j exploits and targeting Veeam backups.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter