TheCyberThrone Security Week In Review – December 17th 2022

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, December 17th, 2022.

The week started on Sunday 11th Dec 2022, with a coverage on Researchers have uncovered a new campaign conducted by the MuddyWater APT, aka SeedWorm that was targeting MiddleEastern countries.

Intersport, a sports goods maker, has been hit by the Hive ransomware, which leaked records of its customers’ personal data. The breach allegedly happened in November, with details made available only on the dark web. in another attack Hive Ransomware Group has claimed credit for ongoing disruptions to Knox College’s computer systems.

In the Pwn2Own competition hosted by Trend Micro, participants discovered zero-day vulnerabilities in a range of products. The three-day competition, totally paid out $934,750 to contestants. 26 contestants and teams attempted to exploit 66 target products.

Researchers have seen an increase in TrueBot infections, where threat actors have shifted from BEC to other techniques. Two different Truebot botnets were traced, one is distributed worldwide, with a particular focus on Mexico, Pakistan, and Brazil, and the second one is focused on the US.

A new attack strategy named COVID-bit that uses electromagnetic waves breaching air-gapped computers has been discovered, and it has a data transmission range of at least two meters. The transmitted data can be received by a nearby smartphone or laptop, even when the two devices are separated by a wall.

Three new variants of ransomware families were identified by the researchers from Fortinet’s FortiGuard Labs. The names are called out to be  Vohuk, ScareCrow, and AESRT, targeting Windows systems and appearing to be proliferating relatively rapidly on systems belonging to users in multiple countries.

Uber has breached yet another time with a high-profile data leak that exposed sensitive employee and company data by compromising an AWS cloud server used by a third party that provides Uber with asset management and tracking services.

Microsoft patched 48 CVE in its December 2022 Patch Tuesday release, one final time for the year 2022. With seven rated as critical and 40 rated as important and 1 rated as moderate. Microsoft also released a Defense in Depth update (ADV220005) for Driver Certificate Deprecation.

VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022. Apple has released patches to address a new zero-day vulnerability (10th of year 2022), tracked as CVE-2022-42856, which is actively exploited in attacks against iPhones.

Google releases patches for Chrome that resolve eight vulnerabilities, including five reported by external researchers. The vulnerabilities have been tracked as CVE-2022-4436 to CVE-2022-4439 and a medium severity vulnerability tracked as CVE-2022-4440

Citrix has released a patch for a critical flaw affecting Citrix ADC and Citrix Gateway, and it is aware of attacks against the vulnerability in the wild. The vulnerability, tracked under CVE-2022-27518, affects Citrix ADC and Citrix Gateway versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32.

Threat actors have been seen exploiting legitimately signed Microsoft drivers in active intrusions into telecommunication, business process outsourcing, managed security service providers, and financial sectors. CrowdStrike has expanded its Falcon platform to deliver enhanced adversary-driven External Attack Surface Management technology.

Australian telecommunications giant TPG has suffered a major cyber security incident, and it revealed an email hosting service used by up to 15,000 business customers has been breached. Researchers discovered two API security vulnerabilities in BrickLink. The API security flaws could have allowed for large-scale account takeover attacks on customers’ accounts and server compromise.

Threat actors have been exploiting the open-source user interface software kit Flutter to deploy apps with critical security and privacy risks. Dubbed as MoneyMonger, the malicious app has not reportedly been detected in official Android stores. This new variant of the malicious loan campaign has been active since at least May 2022.

The cryptocurrency exchange Gemini, has disclosed a data breach after a threat actor obtained the clients’ data from a third-party vendor, they became the victim of phishing attacks. Numerous posts on hacker forums updated that databases allegedly from Gemini containing email addresses, phone numbers, and other personal data of 5.7 million users

The Agenda ransomware group has been observed using the Rust programming language to develop new malware and use it to breach several companies. It claimed to have breached on its leak site are located in various countries and victims belong to the manufacturing and IT industries. They have a combined revenue of around $550m.

NIST has set the date of Dec. 31, 2030, to remove SHA-1 support from all software and hardware devices. NIST deprecated SHA-1 in 2011 and disallowed using SHA-1 when creating or verifying digital signatures in 2013. Since it became weak and easy to crack candidates.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter