TheCyberThrone Security Week in Review -September 24th 2022

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, September 24th, 2022.

The week started with a briefing about CrowdStrike journey to the top of the cyberworld. CrowdStrike has become a leading independent security firm just in 10 years. With over $2 billion in annual recurring revenue, nearly 60% annual recurring revenue growth, and nearly $40 billion market capitalization. Above all the brighter part is joining Palo Alto Networks as a gold-standard pure-play cybersecurity firm.

Amazon SNS has announced the public preview of message data protection. Identifying PII data and other sensitive information in transit, the new SNS feature uses pattern matching, machine learning models, and data protection policies to simplify data protection and compliance in applications that exchange high volumes of data

In a series of communication, The U.S. CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog and given October 6th, 2022 as a deadline and added Zoho Manage Engine RCE to the catalog with a remediation timeline of October 13th 2022

Also, this week researchers came with a warning of an arbitrary code execution via FunJSQ, a third-party module for online game acceleration, that impacts multiple Netgear router models. In another event North Korean-based threat actors UNC4034 are using trojanized versions of the PuTTY SSH open-source terminal emulator to install backdoors on victims’ devices.

9 years after GTA 5 was originally launched, finally Rockstar Games is working on the next edition of the insanely popular video game – Grand Theft Auto 6. The recent Grand Theft Auto 6 leaks are absolutely real and Rockstar Games has been demoralized by the massive data infiltration. Later in the week, London police has busted a teen responsible fo the breach. He too believe to have his hand on Uber breach, though Uber pinpointed Lapsus$ gang for the breach.

Wintermute, a leading crypto market maker, has lost about $160 million in a hack, becoming the latest victim in the industry to suffer a breach. In another major event, South Korea levied tens of millions of dollars in fines on Alphabet’s Google and Meta Platforms for privacy law violations.

American Airlines suffered a data breach, a big name in recent days after an unauthorized actor compromised employee inboxes. Australian telco giant Optus has suffered a massive cyber breach, compromising the personal information of millions of Australians.

Security researchers are raising the alarm on the malware tool dubbed ChromeLoader. Initially it’s seen as a consumer-focused, browser-hijacking credential stealer but now prevailing as a widely threat to organizations across multiple industries.

Commvault has announced the general availability of Metallic ThreatWise, a data security service offering for detecting Zeroday threats. Metallic ThreatWise is promoted further redefining data security and reducing the risk of data being compromised.

Palo Alto has introduced the industry’s first runtime context-aware software composition analysis (SCA) system that helps developers identify open-source software components that are safe to use and will be integrated with Prisma Cloud.

2K, a game developer owned by Take-Two Interactive Software, publisher of popular games Borderlands, Civilization and Bioshock, has been hacked. The hack of 2K, involved an unauthorized third party accessing the credentials of a vendor of the help desk platform used by the company.

A new vulnerability in Oracle Cloud Infrastructure (OCI) dubbed AttachMe would allow unauthorized access to cloud storage volumes of all users, hence violating cloud isolation. In another phishing campaign, Slovakian users have been subjected to a malicious campaign using LinkedIn SmartLinks in which phishing operators leverage legitimate services and brands to evade security controls.

Researchers from Trellix said that they discovered a vulnerability in Python’s tarfile module affecting 350,000 open source projects, which provides a way to read and write compressed bundles of files known as tar archives by exploitation.

Microsoft revealed the details about an attack involving malicious OAuth applications that were deployed on compromised cloud tenants to control Exchange servers and spread spam. Microsoft has released a new update that enables new security features to its Windows 11 OS not restricted to Application control enhancements, Vulnerable driver protection, Enhanced identity protection and Simplified password management

Google has  announced the general availability of several security features that will help customers more easily analyze their data and protect it from cyberattacks. The enhancement features are rolling out for the Container Scanning API and Cloud Firewall services.

Researchers issued a warning of a campaign targeting the CVE-2022-24086 vulnerability in Magento2, a open source e-commerce platform owned by Adobe. And the final event of the week, threat actors behind a newly discovered malicious advertising app operation has become more sophisticated, expanding beyond its previous Android-specific attacks into the iOS ecosystem dubbed Scylla.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter