Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, November 12th, 2022.
This week started with a coverage on Kaspersky recent Q3 APT trend report highlights the significant growth. APT actors are continuously keep evolving and changing their TTP. In another coverage Japan’s Ministry of Defence announced that it has formally joined NATO’s Cooperative Cyber Defense Centre of Excellence (CCDCOE).
Meta has warned its users about 400 malicious apps listed on the Google Play Store that stole user login information and details. Out of which 4 apps are been highlighted by the researchers. Microsoft has removed a major hindrance faced by the organizations seeking to deploy phishing-resistant multifactor authentication (MFA) by enabling certificate-based authentication in Azure Active Directory.
A malicious Android installation package has been spotted targeting Indian defense personnel since at least July 2021. The APK file, is a decoy copy of a promotion letter to the ‘Subs Naik’ rank, once the victim falls prey to this malicious APK, and upon installation, this app appears as an Adobe Reader application icon on the device. Researchers has uncovered a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware tracked as Laplas.
Researchers has identified three vulnerabilities have been discovered in the UEFI firmware of several Lenovo notebooks. Tracked CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432, affecting various Lenovo Yoga, IdeaPad and ThinkBook devices. Google has addressed a high-severity security bug, tracked as CVE-2022-20465, affecting all Pixel smartphones that could be exploited to unlock the devices.
The US. CISA released a set of documents to guide prioritization of software vulnerability remediation by agencies and other organizations. But use of the guidance is largely contingent on vendors providing the information necessary to conduct such a process.
Access to the internal network at Deutsche Bank is apparently being sold on Telegram by an initial access broker. The broker claims to have access to 21,000 machines and 16 terabytes of data. They are selling it for 7.5 Bitcoin, worth approximately £110,000. Based in Frankfurt, the bank manages assets worth more than $1.3trn.
Medibank, Australia’s largest health insurer, announced that it will not pay a ransom to the hacker behind the recent data theft affecting 9.7 million customers. Citrix is urging customers to install security updates to address a critical authentication bypass issue, in Citrix ADC and Citrix Gateway.
Microsoft patched 65 CVEs(Including OpenSSL released earlier in the month) in its November 2022 Patch Tuesday release, with 11 rated as critical, and 53 rated as important. 6 actively exploited Zeroday vulnerabilities also fixed. Google has released the stable version of chrome version. Numerous bugs have been fixed in this version
Intel has published nearly 2 dozens of advisories as a part of patch Tuesday covering more than 50 vulnerabilities affecting numerous products. A security researcher has disclosed a CSS injection flaw in Acronis software which could be abused for data theft. The vulnerability existed in the Acronis cloud management console a client-side path traversal attack. The software manages Acronis services, including cloud backups and resource monitoring.
VMware has released a new extended detection product designed to significantly improve threat detection and prevention across endpoints and networks. VMware Carbon Black XDR extends VMware’s network visibility and detection to VMware Carbon Black Enterprise EDR by enhancing lateral security through leveraging telemetry within VMware Contexa.
VMware released security updates for three critical vulnerabilities in its Workspace ONE Assist product, which allows IT and help desk staff to remotely support employees.