Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, October 1st, 2022.
This week started with an article covering about Indian data protection law regarding the deadline to comply with Indian government’s new data-collection rules fastly approaching, many VPN companies from across the globe have pulled their servers out of the country in a bid to protect their users’ privacy.
Noberus ransomware actors are adding weapons to their malware to steal data and credentials from victim networks. Their tool arsenals, TTP’s are been discussed and it follows the foot steps of Monti ransomware like which it targets Veeam backups. In another ransomware coverage, Threat actors are using FARGO ransomware targeting Microsoft SQL servers.
In next event, security researchers discovered an advanced threat actor dubbed Metador, primarily targeting telecommunications, internet service providers, and universities in several countries in the Middle East and Africa.
This week, also seen Sophos Firewall v19.0 MR1 (19.0.1) and older are affected. Sophos published hotfixes for a variety of them, and has included the fix in v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2), and v19.5 GA.
In another event, Australia will make stringent privacy rules to allow banks to be informed of data breaches in the corporate world, following a huge leak of personal information from the country’s second-biggest telecom Optus.
WhatsApp has published three security advisories for 2022, two of which are related to CVE-2021-24042 and CVE-2021-24043 vulnerabilities discovered in January and February, and the third one is related to CVE-2022-36934 and CVE-2022-27492 fixed in September.
Meta has revealed the method by which two significant disinformation operations Smash and Grab has originated in China and Russia, which attempted to influence public opinion in Western countries.
This week, also seen that Google released Chrome 106 stable channel version with patches for 20 vulnerabilities. Cloudflare is launching a new user validation service called Turnstile that aims to replace CAPTCHA tests.
Illumio announced a new secure solution designed to prevent breaches from spreading to clouds and data centers from laptops with help of Zero trust solution. Researchers have detailed about a cross-platform malware dubbed Chaos, that has infected a wide range of Linux and Windows devices, including small office routers, FreeBSD boxes, and large enterprise servers.
A new bug has been discovered in Kubernetes that could allow Windows workloads to run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
NJVC, that supports the federal government and the Department of Defense, Apparently was victimized by a ransomware attack. Black Cat group claims the responsibility in this attack PII was stolen according to the reports
Researchers has warned about a campaign in which attackers are seen using two zero-day vulnerabilities Proxylogon & Proxy shell (CVE-2022-41040, CVE-2022-41082) to exploit Microsoft Exchange servers. Also this week, VMware releases emergency mitigations and guidance for its vSphere customers after China based threat actor (UNC3886) using a troubling technique to install multiple persistent backdoors on ESXi hypervisors.
As promised earlier in the year, Zscaler has made generally available new integrations with HashiCorp for its recently introduced cloud-native application protection platform Posture Control.
Researchers has spotted a threat actor dubbed Witchetty, using steganography to hide a previously undocumented backdoor in a Windows logo. The group used the backdoor in attacks against Middle Eastern governments. The Shangri-La hotel group has disclosed a data breach in which the threat actors had access to a database containing the PII of customers.