November 27, 2022

TheCyberThrone

Thinking Security ! Always

TheCyberThrone Security Week In Review – November 19th 2022


Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, November 12th, 2022.

This week started with security issues surrounding FIFA world cup. Privacy experts are calling out the sporting event for threatening the data security of its participants. Two apps are required to attend the world cup: Ehteraz, a COVID-19 tracking system, and Hayya, an app used to allow fans entrance to stadium grounds, schedule viewing, and free public transportation

Thales, a giant in technology was a victim of Lockbit ransomware, Datawas exfiltrated and its leaked online. The French defence and technology group confirmed to be aware that the ransomware group LockBit 3.0 claimed to have stolen some of its data. Thales was added to the victim list on October 31st 2022

Advertisements

Cyber experts from Ukraine discovered a new attack campaign by suspected Russian threat actors that compromise victims’ VPN accounts to access and encrypt networked resources. The Somnia ransomware was being used by the FRwL (aka Z-Team), also identified as UAC-011

A Russian company called Pushwoosh offering data processing services for apps has deceived many international companies by presenting itself as a US entity. While a check on Pushwoosh’s social media channels reveal, that it’s located in Washington, D.C. on Twitter, and Maryland on Facebook and LinkedIn. On the company’s YouTube channel it boasts of 80,000 clients including Unilever, Deloitte, Coca-Cola, McDonald’s, FIBA, Sport1, and SPAR.

GitHub has introduced a new direct channel for security researchers to report vulnerabilities in public repositories. This needs to be manually enabled by repository maintainers and, once active, enables security researchers to report any vulnerabilities identified in their code. Google will set to pay $391.5m towards settling a lawsuit filed by dozens of US attorneys general way back in 2018 over its location tracking practices.

Delhi cyber crime branch has busted a gang of 20 cyber criminals for scamming more than 1,000 people online in the name of Ola scooter booking and making crores. This could be the biggest scam of the year because, so far, this is the first time anyone has ever thought about tricking people on the name of an authorized company. India’s leading central securities depository, Central Depository Services Limited (CDSL), says its systems have been compromised by malware.

Advertisements

Billbug, a chinese state sponsored-hacking group has breached government and defence agencies throughout Asia, as part of a major campaign since March. The gang infiltrated a digital certificate authority, which could lead to Billbug accessing huge amounts of secure internet traffic. A security flaw in Spotify’s open-source, Cloud Native Computing Foundation (CNCF)-incubated project Backstage has been discovered that could lead to threat actors performing RCE.

AWS customers now have access to F5’s AI-driven bot protection through an easy to deploy connector. Most of consumers’ favorite sites, logins, and applications are crawling with them at this very moment and cause havoc on customers and organizations, and impose heavy financial costs. When confronted with attempts to stop them, bots easily retool and resume their attacks.

The U.S. CISA disclosed that an Iranian government-sponsored APT group hacked the Federal Civilian Executive Branch. The breach, which dates to February, was first detected in mid-June, and CISA conducted an incident response engagement with the FCEB through mid-July.

F5 released patches for vulnerabilities affecting its BIG-IP and BIG-IQ networking devices that could result in remote code execution (RCE). The vulnerability CVE-2022-41622 leaves BIG-IP and BIG-IQ vulnerable to unauthenticated RCE via cross-site request forgery because Big-IP’s SOAP API lacked CSRF protection and other typical SOAP API defenses.

Thousands of databases hosted on AWS RDS have been found to be leaking PII data providing a potential treasure trove for threat actors. The exposure comes through a snapshot feature in Amazon RDS that is used to back up the hosted databases. The feature allows users to share public data or a template database with an application, including creating a Public RDS snapshot for sharing without having to deal with roles and policies.

Palo Alto Networks has acquired cybersecurity startup Cider Ltd. The deal value is $195 million and deal is set to be closed by first half of 2023. Researchers from Kaspersky came with a warning about North Korea-linked APT Lazarus using a new version of the DTrack backdoor to attack organizations in Europe and Latin America. SEQRITE, a cyber-security solutions provider, unveiled the new version Endpoint Security EPS 8.0

Advertisements

A report from Microsoft Threat Intelligence reported about a threat actor goes with the name DEV-0569 developed new tools to deliver the Royal ransomware With the temporary name ‘DEV-####’ , meaning they are unsure about its origin or identity, typically relies on malvertising and phishing link vectors.

A new research found the extensions for Google Chrome, those small add-ons that make the popular browser more functional, are actually quite a big security risk Researchers published a new report, based on an analysis of 1,237 Google Chrome extensions available for download at the Chrome Web Store. Atlassian has patched critical vulnerabilities in its Crowd and Bitbucket products. CVE-2022-43781, CVE-2022-43782,

A credential phishing attack campaign impersonating Instagram reportedly targeted thousands students at national educational institutions The email seemed to have come from Instagram support, with the sender’s name, Instagram, and email address matching Instagram’s real credentials. This targeted email attack was socially engineered, to instill a level of trust that this email was a legitimate email communication from Instagram.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitter

%d bloggers like this: