
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, November 26th, 2022.
The week started with a briefing on The Russian cybercriminals behind the Medibank hack have released stolen data about sexually transmitted infections and other health conditions, stepping up the pressure on the nation’s biggest health insurer.
A server misconfiguration at Kentucky-based CorrectCare Integrated Health that provides medical claims processing for correctional facilities exposed sensitive information of nearly 600,000 inmates who received medical care during the last decade while incarcerated. The Indian government has proposed amending the Right To Information (RTI) Act to protect individual privacy by denying any personal information through an amendment in the proposed data protection law.
Researchers discovered a new ransomware variant Axlocker that not only encrypts the victim’s files but also attempts to steal data by enabling a Discord account takeover. Black Basta ransomware group has been reportedly spotted using QakBot malware to create a entry and move laterally within organizations’ networks.
Unit 42 researchers details the disturbing rise of a ransomware group Luna Moth, (aka) the Silent Ransom Group that has invested in call centers and infrastructure to target individual victims. Google Cloud researchers announced to have discovered 34 different Cobalt Strike hacked release versions with a total of 275 unique JAR files across these versions. Researchers developed a set of YARA rules to detect hacked variants in the wild with a high degree of accuracy.
Microsoft fixes the issues surrounding the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates. Security researchers have uncovered more than 1,500 apps leaking the Algolia API key and application ID, potentially exposing user data. 32 applications were found to have critical administrative secrets hardcoded, with 57 unique admin keys were found.
Sports betting site DraftKings has been hit by a credential-stuffing attack, leading to a loss of $300,000. The company assured its customers of a payback.
AirAsia Group recently fell victim to a ransomware attack by Daixin Team. The threat actors, informed that they obtained the personal data of 5 million unique passengers and all employees. Aurora Stealer is an info-stealing malware offered as Malware-as-a-Service by a threat actor known as Cheshire. It had many functionality not limited to data stealing and remote access capabilities.
A security researcher have discovered numerous vulnerabilities and configuration issues on the social media platforms Mastodon. The increased popularity of the platform is leading to increased scrutiny of its flaws.
Security researchers have warned of a password-theft epidemic after revealing that Russian groups are using off-the-shelf info-stealing malware to create havoc The analysis revealed 34 Telegram groups used by threat actors to organize their efforts, and that they’d infected over 890,000 user devices and stolen over 50 million passwords.
A cross-tenant vulnerability in AWS could be exploited and have allowed attackers to abuse AWS AppSync service to assume IAM and gain access to resources in an organization’s account.
Microsoft comes with a warning that a long discontinued web server is being targeted by hackers to gain access to ICS.. It was discontinued in 2005, but it is still being used in IoT devices. Boa web server continues to be implemented by different vendors across various IoT devices and software development kits. With zero development, limited patching in 17 years and full of known vulnerabilities, hackers are targeting devices with Boa installed to gain access to networks and steal information.
A ransomware attack on the AIIMS Delhi server halted normal activities including OPD registrations and blood sample reports at the hospital on Wednesday, according to National Informatics Centre.
Researchers discovered five medium security flaws in Arm’s Mali GPU driver remain unpatched on Android devices for months, despite fixes released by the chipmaker. Researchers are warning about SharkBot malware was found in several file manager Android apps on the Google Play Store, some of them with thousands of downloads.
The European Parliament website was forced offline for around two hours on Wednesday after a pro-Kremlin group Killnet flooded it with traffic. Google has just patched eigth zero-day vulnerability in its Chrome browser. The vulnerability was caused by a heap buffer overflow in GPU, allowing attackers to modify the data stored in the application’s heap, altering the output.
Threat actor are claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers. The dataset contains WhatsApp user data from 84 countries. Threat actor claims there are over 32 million US user records included. Researchers has discovered devices from Dell, HP, and Lenovo using outdated versions of the OpenSSL cryptographic library.
Ukraine has experienced ransomware attacks from a new strain known to be RansomBoggs that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Numerous exploits have been found in the wild targeting Windows Internet Key Exchange Protocol Extensions. The discovered vulnerabilities could have been exploited to target systems. The attacks observed would be part of a campaign that roughly translates to bleed you by a Mandarin-speaking threat actor.
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter