TheCyberThrone Security Week In Review – January 14th, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, January 14th, 2023.

Last week commenced with a coverage on Threat actors are using ChatGPT to develop powerful hacking tools and create new chatbots designed to mimic young girls to lure targets.

Researchers discovered a phishing campaign targeting Zoom users to deliver the IcedID malware. Researchers released a report it Vehicles from multiple manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners with multiple bugs

Air France informed some of its customers that personal information belongs to them was exposed following a breach of their accounts. Researchers have discovered a new threat group, actively targeting the financial sector in the African continent. The group called Bluebottle makes extensive use of Living off the Land, dual-use tools, and commodity malware, with no custom malware deployed.

Advertisements

Threat actors are seen using rogue websites for Pokemon NFT card games to distribute the NetSupport remote access tool to gain control over the devices of unsuspecting victims. Microsoft patched 98 CVEs in its January 2023 Patch Tuesday Release, with 11 rated as critical, and 87 rated as important.

A security flaw with risk severity of high has been found in the popular JsonWebToken open-source JavaScript package. The attacker could perform RCE on a server verifying a maliciously crafted JSON web token (JWT) request. A new decryptor was released for enabling the victims of the MegaCortex ransomware to recover their encrypted files for free.

New campaign from crooks seen spoofing the AnyDesk site to infect endpoints with Vidar stealer. More than 1,300 domains that impersonate the official AnyDesk site were redirected users to a Dropbox folder that pushes information-stealing malware. The Vice Society ransomware group claimed responsibility for a December 2022 attack on an Australian state fire department that led to a widespread IT outage. Fire Rescue Victoria warned current and former employees and job applicants of data leak.

Cisco has warned its customers of two critical vulnerabilities in the web management interface of some of its small business routers that could allow a remote attacker to gain access to a targeted device. SailPoint announced that it has acquired identity solutions startup SecZetta for an undisclosed sum.

A new APT campaign dubbed Dark Pink targeting countries in Southeast Asia and Eastern Europe for apparent espionage purposes has been spotted by the researchers.British multinational postal and courier service “Royal Mail” has been unfazed by a cyber incident that had a severe impact on its operation. The incident only impacted Royal Mail’s international export services that are temporarily unable to despatch items to overseas destinations.