Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, December 3rd, 2022.
This week started with a coverage on researchers are given a warning on using shared container images, after finding 1652 on Docker Hub hiding nefarious content. The threat actors are hiding malware in legitimate-looking images stored in Docker Hub. Although the number of malicious containers it found was a small percentage of the 250,000 analyzed during the research, they illustrate the potential risk to developers.
ConnectWise, a remote management platform has patched a cross-site scripting vulnerability that could lead to remote code execution. Threat actors could exploit it to take complete control of the ConnectWise platform.
Ragnar locker has begun leaking sensitive data that it stolen from Belgian police (Zwijndrecht in Antwerp city), one of the biggest breaches of its kind in the country. Cincinnati State College was added to the leak sites of ransomware groups over the Thanksgiving holiday, continuing a trend of educational institutions being targeted by hackers. The Vice Society ransomware group added the school to its list of victims.
Threat actors has been found selling the user data of more than 5.4 million Twitter users on a hacking forum after exploiting an API vulnerability disclosed in December 2021. The Irish subsidiary of Facebook owner Meta Platforms has been fined €265 million by Ireland’s Data Protection Commission for breaching the EU GDPR over data privacy.
Vice Society has supposedly posted data stolen from IKEA stores in Morocco and Kuwait. Snippets from the ransomware gang’s leak site suggest threat actors got a hold of confidential business data. Washington County is affected by a cyber-attack during this Thanksgiving holiday. Several services and websites remain unavailable. The county is actively investigating with the help of third-party partners.
The US CISA warned organizations that a critical Oracle Fusion Middleware vulnerability patched in early 2022 is being exploited in attacks. The vulnerability tracked as CVE-2021-35587 impacts Oracle Access Manager, which provides the Oracle Fusion Middleware single sign-on solution.
Microsoft has added new features to Microsoft Defender. The new features like Zeek, Firmware vulnerabilities identification will protect devices from advanced attacks and emerging threats. Nvidia patched 29 security flaws in its GPU display driver, out of which 10 are high severity. These flaws could allow an unprivileged user to modify files, and escalate privileges, execute code, tamper with or steal data, or even take over your device.
A zero-day vulnerability has been discovered in the Red Hat build of Quarkus, a full-stack, Kubernetes-native Java framework optimized for Java virtual machines and native compilation. Tracked CVE-2022-4116, the flaw has a CVSS score of 9.8 and can be found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks, potentially leading to remote code execution.
LastPass suffered a data breach in August that enabled a hacker to infiltrate the company again and steal customer information. Mandiant experts shared their findings about the new campaigns, attributing them to a China-based threat actor called UNC4191, that relies on USB devices as an initial infection vector
Google released Chrome 108, a last major feature update for 2022 with this cross-platform web browser. This version as a fix for 29 security flaws. Later in the week google has patched an out-of-band flaw and actively exploited nineth zero-day flaws in its Chrome web browser.
Researchers discovered a new Go-based malware that is used in a campaign targeting Redis servers, which is an open-source im-memory database and cache. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543. Google’s TAG has discovered a Spanish based Variston IT, which claims to offer tailor-made cybersecurity solutions, to an exploitation framework named Heliconia that enables spyware to be installed on targeted devices.
Facebook logins from over 300,000 users were stolen in a Trojan campaign lasting nearly four years. Dubbed as Schoolyard Bully, malware hidden in several applications available on both Google Play and third-party app stores.
The memory safety vulnerabilities in Android dropped from 223 in 2019 to 85 in 2022 as Google gradually transitioned towards memory-safe languages. Google says that 65% of all vulnerabilities across products and the industry were memory safety flaws. This drop coincides with a shift in programming language usage away from memory unsafe languages.