TheCyberThrone Security Week In Review – February 04th, 2023
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, February 04th, 2023.
This week started with a exclusive narration on ChatGPT, the latest buzzword. here we discussed on Pros,Cons, limitations of AI Powered language model.
Researchers has shared their findings about an operation responding to a Black Basta ransomware compromise has revealed the use of a new wormable PlugX malware variant that can automatically infect any attached removable USB media devices. Meta has paid a bug bounty to a researcher for disclosing the details of a two-factor authentication vulnerability for confirming a phone number, and the email address did not have any rate-limiting protection.
JD Sports, a fashion chain from the UK, has disclosed a data breach that exposed customer data from orders placed between November 2018 and October 2020. This unauthorized access was discovered to a server that contained data related to order placed by 10 million customers. Qnap releases updates to address a critical vulnerability, tracked as CVE-2022-27596 with a CVSS v3 score: 9.8, that affects QNAP NAS devices.
Russian hacktivists DDoS’ed several hospital websites across the US and the Netherlands were down. University of Michigan Hospital and Stanford Health Care Center were among the targeted facilities in the current campaign, which hit a handful of hospitals in the US. Prilex point-of-sale (POS) malware is back with a new improved version, and it has been spotted in the wild. Their new capabilities include blocking NFC credit card transactions. By which the users tend to use the machine to pay, allowing the malicious code to steal credit card details.
Zscaler announced Zscaler Resilience – a set of capabilities that improve the resiliency of its services with the aim of delivering nonstop operations. Notorious ransomware LockBit appears to have added a new variant, LockBit Green, to its dark web code repository, along with an update to malware that targets the widely used VMware ESXi hypervisor. Researchers say this indicates the growing importance of cloud services to cybercriminals.
Google rolls out a new version of Chrome to the Stable channel once in four-week time. However, it is changing its release pace a bit with Chrome 110. Rather than releasing Chrome 110 to Stable four weeks after Chrome 109 for all users, it is rolling out the latest version to a new Early Stable channel one week earlier instead. This means that Chrome 110 will hit Early Stable today three weeks after the release of Chrome 109 and will arrive in Stable next week, as mentioned on Chromium Dash.
ION Trading, a financial service company from the UK, was the latest victim of a ransomware attack that forced traders to manually process trades. The LockBit ransomware gang has claimed responsibility. UK car dealer Arnold Clark notified customers that their data got compromised in a data breach that took place in December 2022.
HPE has issued a critical alert tied to its OneView infrastructure management platform warning of a use-after-free vulnerability that allows remote attackers to execute arbitrary code on targeted systems, leak data, or create conditions ripe for a denial-of-service attack.
VMware has fixed a high-severity privilege escalation flaw, tracked as CVE-2023-20854 with a CVSS score of 7.8, that impacts Workstation. An attacker can exploit the vulnerability to delete arbitrary files on Workstation version 17.x for Windows OS.Researchers have spotted a threat actors quietly mining Monero cryptocurrency on open source Redis servers, using a custom-made malware variant called “HeadCrab” that is virtually undetectable by agentless and conventional antivirus tools.
MITRE has released the Cyber Resiliency Engineering Framework (CREF) Navigator, a free visualization tool for engineers designing cyber-resilient systems.
A zero-day vulnerability in Fortra’s GoAnywhere MFT managed file transfer application is being actively exploited in the wild.CERT-FR warns that threat actors are targeting VMware ESXi servers to deploy ransomware by actively exploiting a bug tracked as CVE-2021-21974
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram