Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, January 21st, 2023.
Last week started with a coverage on The open-source platform Cacti has been affected by a critical vulnerability that is been exposed in the wild. Researchers discovered that the majority of internet-exposed Cacti servers are vulnerable to the critical flaw tracked as CVE-2022-46169.
Google announced the stable version of Chrome 109 availability and rolled out new upgrades like secure payment confirmation, enhanced screen sharing in video calls, video call controls, and Material You for desktops and also with more bug fixes.
CricleCi has been in limelight due to a recent breach it revealed that disclosed data breach was due to the presence of information stealer malware being deployed on an engineer’s laptop. Norton LifeLock customers have been the victim of a credential-stuffing attack. Threat actors have used a third-party list of stolen username and password combinations to attempt and break into Norton password managers.
The website of ODIN Intelligence, a provider of law enforcement tools was defaced after it was claimed that the company was exposing law enforcement data online. The Qbot Trojan overtook Emotet as the most prevalent malware found in the wild in December 2022, impacting 7% of organizations worldwide. Additionally, the Glupteba malware, a blockchain-enabled Trojan botnet, returned to the top 10 list for the first time since July 2022.
Researchers have discovered three malicious PyPI packages on the PyPI repository that were uploaded by the same actor, Lolip0p. The packages were discovered on January 10, 2023, and the packages “colorslib” and “httpslib” were published on January 7, 2023, while “libhttps” was published on January 12, 2023. A data breach incident has been disclosed by Nissan North America that caused by an outside provider that affected nearly 18,000 customers.The breach notice states that the breach occurred June 21 last year and was discovered on June 26. The breach involves a third-party service provider that does software development services for Nissan
Researchers have urged Zoho ManageEngine users to patch their software against a critical security vulnerability tracked CVE-2022-47966 after designing and releasing a PoC exploit code. GitLab has released patches for two critical security flaws in Git that allows attackers to remotely execute arbitrary code and take advantage of integer overflows.
The Chinese APT group called Vixen Panda has been linked to a new series of attacks targeting the Iranian government during Q3 and Q4 of 2022. Vixen Panda is also known as APT15, Backdoor Diplomacy, KeChang, and NICKEL targeting government and diplomatic entities in North and South America, Africa, and the Middle East. A CSRF vulnerability impacting the source control management service Kudu could be exploited to achieve remote code execution in multiple Azure services. Kudu is the engine behind several Azure App Service features, supporting the deployment and management of code in Azure and extensively used by the Functions, App Service, Logic Apps, and other Azure services.
MailChimp has been a victim of a social engineering attack that threat actors successfully performed on its employees and contractors. MailChimp detected the attack on January 11th after discovering an unauthorized person accessed their support tools. T-Mobile has disclosed yet another data breach, exposing data belonging to 37 million customers. T-Mobile said a threat actor retrieved data through an API on or around Nov. 25. The breach wasn’t detected until Jan. 5, and the access was cut off to the API next day.
PayPal has disclosed a data breach that involved the theft of information from 35,000 customers in a credential-stuffing attack. PayPal said in the fulling the breach occurred between Dec. 6 and Dec. 8 and was detected on Dec. 20. Details believed to have been accessed include names, addresses, Social Security numbers, tax identification numbers, and dates of birth.Ireland’s data protection authority has fined WhatsApp Ireland €5.5 million for breaches of the GDPR relating to its service and told it comply with data processing laws within six months.
Researchers have come up with research on how WordPress vulnerabilities can be used to compromise WordPress sites with multiple infections. Researchers discovered a database injection featuring two different malware embedded together to achieve two entirely different goals. Both the malware could be found scattered over a WordPress database. 300 restaurants in the UK of Yum! Brands closed due to a ransomware attack launched by an unknown malicious group. It owns KFC, Pizza Hut, and Taco Bell fast-food restaurant chains, impacted and were only closed for one day, and are now functional, although the affected systems are not yet fully restored.