TheCyberThrone Security Week In Review – December 24th 2022

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, December 24th, 2022.

This week started with a coverage about Google has announced that it is introducing end-to-end encryption to Gmail on the web browser. The feature is currently in beta and allows users to send and receive encrypted emails within and outside their domain. The new feature, referred to as client-side encryption, will ensure sensitive data in the email body and attachments indecipherable to Google servers. It will also allow customers to retain control over the encryption keys and the identity service to access those keys.

Researchers reported that the Glupteba botnet is back and reported a surge in the number of infections worldwide. A significant increase of malicious bitcoin addresses along with the increase in TOR hidden service being used as C2 servers. Google in last December 2021, announced that it has taken down the infrastructure operated by the Glupteba botnet.

Microsoft has patched the information disclosure vulnerability in SPNEGO NEGOEX tracked CVE-2022-37958 in September 2022. Now, the vulnerability allows threat actors to conduct an RCE and reclassified the severity as critical.

A misconfigured AWS S3 bucket containing a massive trove of data belonging to a USA-based education publishing firm, McGraw Hill, found leaking the data. McGraw Hill is among the top three educational content publishers in the United States, widely used by educational institutions across Canada, for facilitating online classes.

Australia has been under a prolific cyber attack in recent months. This time, the Australian Fire Rescue from Victoria became a victim of the attack. Fire Rescue Victoria has confirmed that it was the victim of a cyber attack that has caused the service to shut down some of its systems last week.

Researchers have discovered a new malicious package named SentinelOne on the PyPI repository impersonating a legitimate software development kit for SentinelOne. The package is part of the malicious campaign called SentinelSneak. The package claims to provide access the SentinelOne’s APIs, but it contains malicious code to harvest sensitive info from development systems, including credentials, configuration data, and SSH keys.

Researchers have uncovered a new type of threat that evolves in the newly introduces AWS functionality. The attack vector relates to AWS VPC  feature ‘Elastic IP transfer,’ which was announced in October 2022. This feature enables a far easier transfer of Elastic IP addresses from one AWS account to another account.

Epic Games set to pay a total of $520 million in a pair of settlements with the US FTC over claims that the Fortnite developer illegally collected data on children and manipulated millions of players into making unintentional purchases. Play ransomware group is using a new exploit in Microsoft Exchange to breach servers. The exploit chain bypasses ProxyNotShell URL rewrite mitigations to gain RCE on vulnerable servers.

Newspaper giant from Britain, The Guardian has confirmed its systems have been hit by a cyber attack, which it believes is likely a ransomware attack. GitHub repositories belong to Okta were hacked by threat actors and the source code were stolen. Okta temporarily restricted access to GitHub repositories and suspended all GitHub integrations with third-party apps and reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials.

Microsoft has released the details of a vulnerability dubbed Achilles, tracked as CVE-2022-42821, with a CVSS score of 5.5 found in Apple macOS that could be exploited by threat actors to bypass the Gatekeeper security feature. Google has been fined by French data privacy watchdog regulators over cookies handling. France’s Commission Nationale de Informatique et des Libertés (CNIL) – the country’s regulatory body in charge of personal data privacy, said it had fined US technology company Microsoft €60 million over its use of advertising cookies.

Researchers have identified an Android banking trojan dubbed Godfather targeting over 400 banking and crypto applications in 16 countries. It’s believed to be the successor of Anubis banking trojan.

BetMGM, an online casino owned by MGM Resorts, is the latest to suffer a data breach. The data breach resulted in the leaning of data of 1.57 million of its customers. The attacker placed the stolen database up for sale the same day on BreachedForums. DraftKings has suffered a data breach resulting in loss of private data of 68,000 customers. It became a victim of a credential stuffing attack where the attackers used previously leaked credentials to access to’ user accounts’ and steal personal data.

 A critical vulnerability in the Linux kernel has been disclosed by the researchers that let remote and unauthenticated hackers execute arbitrary code. The vulnerability only appears to affect ksmbd, an in-kernel SMB file server that was merged to mainline in the Linux 5.15 release in August 2021; i.e. users running SMB servers via the much more widely deployed Samba, rather than ksmbd, can more likely than not get back their mince pies or other recreational activities unperturbed.

Meta has agreed to pay $725 million to settle class-action claims that it violated users’ privacy by sharing their information with outside developers, including Cambridge Analytica.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter