30 September 2022

Cyber security week in review: September, 30


Cyber security week in review: September, 30

New unpatched Microsoft Exchange zero-day bugs actively exploited in the wild

Security researchers are warning about hacker attacks exploiting two unpatched zero-day vulnerabilities in Microsoft Exchange servers to achieve remote code execution on the affected machines.

One of the flaws (CVE-2022-41082) is a code injection issue that allows a remote user with access to PowerShell Remoting execute arbitrary code on vulnerable Exchange systems, while the second bug (CVE-2022-41040) allows a remote attacker to perform SSRF attacks.

The attackers believed to be a China-linked threat group have been observed exploiting the bugs to deploy Chinese Chopper web shells on compromised servers for persistence and data theft, as well as move laterally to other systems on the victims' networks.

Microsoft has acknowledged the issues and provided the mitigations and detections guidance to help customers protect themselves from these attacks.

North Korean Lazarus APT weaponizes open-source software

A North-Korean state-backed hacker group known as Lazarus is weaponizing legitimate open-source software to target employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia.

The threat actor is using malicious versions of open-source applications, including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording. Microsoft believes the campaign is “motivated by traditional cyberespionage, theft of personal and corporate data, financial gain, and corporate network destruction.”

Recently, Lazarus has been observed targeting Apple's macOS users by luring them with fake job opportunities in crypto industry.

Google launches a new tool to request removal of personal info from search results

Google has rolled out a new tool called “Results about you” that will notify users when Google indexes new web pages that contain a user's personal information. Starting next year, users will have the option to request that Google removes new pages with a user’ contact info from search listings.

Multi-million dollar credit card scheme used fake dating websites to scam victims

Security researchers uncovered what they say is one of the largest fraudulent online credit card schemes to date.

Active since 2019, the operation involved a massive network of fake dating and customer support websites, which were used to charge credit cards bought on the dark web. According to the estimates, the scam has amassed tens of millions of dollars from tens of thousands of people.

Ukraine warns of massive Russian cyberattacks on its critical infrastructure

The Main Directorate of Intelligence of the Ministry of Defence of Ukraine (HUR MO) has warned that the Kremlin is planning to carry out massive cyberattacks targeting power grids and other critical infrastructure in Ukraine, as well as institutions of critical infrastructure of Ukraine's allies.

The Kremlin also intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine's closest allies, primarily Poland and the Baltic states, the Ukrainian military intelligence service warned.

Meta takes down large Russian disinformation network that spoofed legitimate news outlets

Social giant Meta, the owner of Facebook and Instagram, took action against disinformation networks consisting of hundreds of fake accounts linked to Russia and China that targeted users in Europe, Ukraine and the United States. The Russia-linked operation began in May 2022 and involved a sprawling network of over 60 websites disguised as legitimate websites of news organizations in Europe, including Spiegel, The Guardian and Bild.

New Erbium info-stealer spreads via fake cracks and cheats for popular video games

The new 'Erbium' information-stealing malware has been discovered that uses fake cracks and cheats for popular video games as a delivery method. The malware is designed to collect sensitive data, including passwords for apps, credit card numbers, web browser cookies (Cyberfox, Firefox, K-Meleon, BlackHawk, Pale Moon, Google Chrome, Thunderbird), auto-complete data, desktop files, machine data, installed software, crypto wallet stealing, etc. It then sends those details to the attacker command and control (C2) domain and can even download additional payloads from the C2 server.

The Erbium stealer malware is being sold on one of the Russian hacker forums at 500 Rubles (approx. $9) per week, 1500 Rubles (~$25) per month, and 10,000 Rubles (~$175) per year.

Leaked LockBit 3.0 builder is already being used in ransomware attacks

Security researchers have discovered a new version of the Bl00Dy ransomware that has been built on the recently-leaked LockBit 3.0 ransomware builder used in an attack that targeted a victim in Ukraine. Bl00Dy Ransomware Gang is a relatively new operation first spotted in May 2022 when they attacked a group of medical and dental practices in New York.

Covert hacker attack targets military contractors

Security researchers shared details on a recent phishing campaign that targeted multiple military and weapons contractor companies, including likely a strategic supplier to the F-35 Lightning II fighter aircraft.

The campaign, dubbed ”STEEP#MAVERICK,” was carried out in late summer 2022 and involved spear-phishing emails containing a malicious attachment.

Back to the list

Latest Posts

Microsoft: Russia combines missile and cyberattacks in Ukraine

Microsoft: Russia combines missile and cyberattacks in Ukraine

In parallel with cyber threat activity Russia would likely conduct influence operations targeting Europe to undermine military and humanitarian assistance to Ukraine.
5 December 2022
Spanish police dismantle 'Black Panthers' SIM swap group

Spanish police dismantle 'Black Panthers' SIM swap group

The scammers stole about €250,000 from nearly 100 victims.
5 December 2022
Google releases emergency security update to fix Chrome zero-day bug

Google releases emergency security update to fix Chrome zero-day bug

With the new update the tech giant fixed the ninth Chrome zero-day since the start of 2022.
5 December 2022