Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, October 8th, 2022.
The week started with detailing about an event, Italian automaker Ferrari came under a cyber attack, resulting in seven gigabytes of information leaked, Cyber group RansomEXX took responsibility for stealing the company’s information, but Ferrari declined the attack. The U.S. CISA added a recently disclosed critical vulnerability in Atlassian’s Bitbucket Server and Data Center to its Known Exploited Vulnerabilities Catalog and set deadline as21st October 2022 for remediation
In another event, researchers have spotted Lazarus Group, North Korean state-sponsored threat approaching individuals with fake job offers from Amazon. Those accepted the offer, and downloaded fake job description PDF files, have had an old, vulnerable Dell driver installed. That opened the doors for the threat actors to compromise the endpoints, and exfiltrate the data.
Google Cloud has introduced new features that will enable companies to secure and manage their cloud environments more easily. Those features are Workforce Identity Federation, GKE Autopilot, Cloud Spanner
Russian threat actors have begun launching cyber-attacks at targets inside their country, in retaliation for what they see as a needless war with Ukraine,
Microsoft added identity theft protection to Defender, a security app that informs users of security threats in real time. Researchers warn on the mitigation proposed by Microsoft for the new Exchange Server zero-day vulnerabilities named ProxyNotShell can be easily bypassed. later in the week another mitigation steps revealed, since the earlier one can be easily bypassed
A former Canadian government employee Sebastien Vachon-Desjardins, 35, from Quebec was sentenced to prison in the US for his role in NetWalker ransomware attacks. Former Uber CSO Joe Sullivan too convicted by US authorities over is role in paying $100,000 to threat actors for keeping quiet about a breach that occurred in the year 2016
The Australian Police has arrested a 19-year-old teen from Sydney for allegedly attempting to use data leaked after the Optus data breach in a fraudulent scheme aimed at extorting victims via SMS scams. He contacted 93 affected customers and threatened with a ransom of $2000 to remain quite not releasing the data.
Researchers have discovered multiple infections through a malicious TOR browser installer. The campaign is dubbed OnionPoison, and the installer is being distributed via a Chinese-language YouTube video about the dark web.
A recently discovered sample of a new malware called LilithBot is linked to the Eternity group. The Eternity group operates a homonymous malware-as-a-service, linked to the Russian Jester Group. Researchers have discovered a android spyware family dubbed RatMilad that is been involved in infecting devices in the Middle East.
Binance Holding, a world largest ranked by trade volume. Its blockchain named BNB Chain is under threat actors’ purview, were cryptocurrencies worth $570 million was stolen. An unpatched code execution vulnerability in the Zimbra Collaboration software is under active exploitation by attackers using the attacks to backdoor servers.
VMware issued patches to address a code execution vulnerability, tracked as CVE-2022-31680 with CVSS score of 7.2 in vCenter Server. VMware also addressed a a null-pointer dereference vulnerability, tracked as CVE-2022-31681 with a CVSS score 3.8, in the VMware ESXi bare metal hypervisor.