TheCyberThrone Security Week In Review – January 28th, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, January 28th, 2023.

This week started with a coverage about Mandiant researches came with a latest report, a Chinese threat actor is using malware and exploiting a previously patched vulnerability found in Fortinet FortiOS SSL-VPN as a zero-day. The malware dubbed BOLDMOVE, was discovered in December 2022. Further probe revealed that the threat actor exploited the vulnerability tracked as CVE-2022-42475.

Another ransomware attack crippled Costa Rica’s government just months after several ministries were affected in a wide-ranging attack by hackers using the Conti ransomware. This time, no ransomware group has taken responsibility until now. Researchers discovered that the threat actor known as Roaming Mantis has added a DNS changer function to its latest mobile app Wroba.o to infiltrate WiFi routers and undertake DNS hijacking.

Advertisements

A new report that published states that the total ransomware revenue dropped 40.3% in 2022 as per the recent estimation, with several indicators signaling a drop in victims willing to pay or, perhaps, report payments. Thoma Bravo is set to acquire Magnet Forensics, a Waterloo-based software maker that is used by defense forces and businesses to investigate cybersecurity threats.

Researchers have disclosed vulnerabilities in Samsung’s Galaxy Store app for Android that could be exploited by an attacker to install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues were tracked as CVE-2023-21433 and CVE-2023-21434. Samsung classified the bugs as moderate risk. An increasing number of threat actors have started relying on the C2 framework Sliver as an open-source alternative to tools such as Metasploit and Cobalt Strike.

Nvidia has announced the details about a digital lab playground for its latest security offering are now available, letting users try out an AI-powered system designed to monitor individual user accounts for potentially hazardous behavior. Apple has released security updates to address a new zero-day vulnerability back in December 2022, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones.

The U.S. FBI has confirmed that in June 2022, the North Korea-linked Lazarus APT group and APT38 stole $100 million worth of cryptocurrency assets from the Blockchain company Harmony Horizon Bridge. Microsoft is planning to block all XLL add-in files downloaded from the internet automatically for its 265 customers by March 2023 to prevent phishing attacks relying on these types of lures.

Advertisements

GoTo Technologies, the parent company of password manager LastPass has informed its customers that threat actors have obtained encrypted backups and an encryption key to access some of them. Kerberos based authentication is a standard security measure for many enterprises, attackers have frequently tried to compromise or bypass the authentication servers using identity attacks that spoof legitimate users. Attackers in on-premises general uses a pair of common identity attacks are the Pass the Ticket and Silver Ticket approaches, for stealing credentials and authenticate with enterprise services. Both attack techniques are dubbed as the Bounce the Ticket and Silver Iodide threat in cloud

Snyk has announced that it secured $25 million from ServiceNow. By this, it brings the total amount Snyk has secured to $1.4 billion since 2020. Snyk, with its developer security platform that helps organizations to mitigate their risk of exposure to software supply chain attack. Riot Games, the developer behind the popular League of Legends game, is the latest victim in the latest attack to target video-game makers.

The infrastructure of the Hive ransomware group was taken offline after a joint operation between law enforcement agencies in North America and Europe.Researchers have discovered that organizations in Taiwan, Hong Kong, Singapore, and China have been recently facing attacks from Chinese threat actor DragonSpark.

Lexmark has released a firmware update to address a remote code execution vulnerability, tracked as CVE-2023-23560 with a CVSS score of 9.0, that impacts more than 100 printer models. Researchers have reported a surge in the number of attacks that attempted to exploit a Realtek Jungle SDK RCE that is tracked as CVE-2021-35394 with a CVSS score of 9.8. Nearly 134 million exploit attempt was made till last month – December 2022.