14 October 2022

Cyber security week in review: October 14, 2022


Cyber security week in review: October 14, 2022

Microsoft releases October 2022 Patch Tuesday updates, no fix for Exchange zero-days

Microsoft released its October 2022 Patch Tuesday security updates to address more than 80 security vulnerabilities in its various software products. While the Windows maker did not include fixes for the two recently disclosed MS Exchange zero-day flaws, there was a patch for another zero-day flaw CVE-2022-41033 affecting the Windows COM service.

Public PoC for Fortinet auth bypass vulnerability released

A proof-of-concept (PoC) exploit code has been released for the recently disclosed authentication bypass vulnerability that impacts Fortinet FortiOS, FortiProxy, and FortiSwitchManager products.

Tracked as CVE-2022-40684, the security issue could be used by a remote attacker to compromise an affected device. Fortinet said it detected one instance where this bug was exploited.

New ATM MitM/relay attack discovered

The European Association of Secure Transactions (EAST) has released a European Payment Terminal Crime Report covering H1 2022 which highlights a new type of fraud along with a rise in terminal related fraud attacks. The agency said that there were 501 cases reported involving new type of man-in-the middle/relay attack. Total fraud losses of €97 million were reported, down 5% from the €102 million reported in H1 2021. Most losses remain international issuer losses due to card skimming, which were €80 million.

Novel npm timing attack allows to disclose private packages used by orgs

Security researchers are warning about a novel timing attack against the npm's registry API that allows to potentially disclose private packages used by organizations. By creating a list of possible package names, threat actors can detect organizations’ scoped private packages and then masquerade public packages, tricking employees and users into downloading them.

Google introduces passkey support in Android and Chrome

Google has announced passkey support to both the Chrome web browser and the Android operating system in a move to replace passwords and protect users from phishing attacks.

Android owners can create and use passkeys on Android devices, which are securely synced through the Google Password Manager. Developers can build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms, Google said.

New Chinese attack framework targets Windows, macOS, and Linux systems

Cisco’s Talos research team released a report detailing a new attack framework called “Alchimist” and a new malware dubbed “Insekt” with remote administration capabilities. The attack framework is designed to target Windows, Linux and Mac systems. Alchimist and Insekt binaries are implemented in GoLang.

The framework has a Chinese web interface and packed with assets including resources for the web interface and Insekt RAT payloads compiled for Windows and Linux. The Insekt malware is Alchimist's beacon implant, which has a variety of remote access capabilities that can be instrumented by the Alchimist C2 server.

Chinese hackers IT service providers and telcos in the Middle East and Asia

A new China-linked threat cluster has been discovered that targets telecommunications and IT service providers across the Middle East and Asia

Tracked as WIP19, the threat actor utilizes a legitimate, stolen certificate to sign novel malware, including SQLMaggie, ScreenCap and a credential dumper. Because of its advanced TTPs, WIP19 is an example of the greater breadth of Chinese espionage activity targeting critical infrastructure organizations, security researchers warned.

A new report highlights more than a dozen Chinese-sponsored cyberattacks over the past decade

A new report from Booz Allen Hamilton offers detailed insight into Chinese offensive cyber-espionage operations and provides strategies for cybersecurity responders to help their organizations to better identify and prepare for cyber campaigns orchestrated by Chinese state-sponsored threat actors.

Android leaks VPN traffic even with “block connections without VPN” setting enabled

VPN provider Mullvad found that the Android operating system leaks some of the user’s traffic every time the device connects to a WiFi network. The company discovered that Android leaks connectivity checks outside VPN tunnel in a way that VPN services can't block or prevent. The traffic is leaked even when the “Block connections without VPN” setting is enabled on the device.

Polonium hackers used at least seven different custom backdoors in attacks on Israeli orgs

ESET published a report detailing cyber activities of an advanced persistent threat (APT) group called ‘Polonium,’ which has used at least seven different custom backdoors in their attacks since September 2021.

Polonium is believed to be a cyber-espionage group operating from Lebanon and coordinating with Iran's Ministry of Intelligence and Security (MOIS). The threat actor exclusively targets Israeli entities. The group has attacked more than a dozen organizations in various verticals such as engineering, information technology, law, communications, branding and marketing, media, insurance, and social services.

Illicit carding market BidenCash offers over 1M credit cards for free

Dark web carding marketplace BidenCash is reportedly offering 1,221,551 credit cards for free in an effort to promote the site. The dump contains credit card and associated personal information, such as card number, expiration date, CVV number, holder’s name and address, bank name, email address, SSN, phone number.

New ThermoSecure attack can guess passwords in seconds by analyzing traces of heat left by fingertips

A new AI-driven technique dubbed “ThermoSecure” allows to guess computer and smartphone users’ passwords in seconds by examining traces of heat left by fingertips on a keyboard or screen. By using a thermal camera an attacker can take a picture that shows the heat signature left by users’ fingertips on the area where they touched a keyboard, smartphone screen or ATM keypad.

Caffeine PhaaS makes it easier for hackers to conduct phishing campaigns

Security researchers from Mandiant have shed some light on the inner workings of a relatively new phishing-as-a-service (PhaaS) platform called Caffeine that allows even low-skilled hackers launch phishing attacks. Discovered in March 2022, the platform has an intuitive interface and comes at a relatively low cost while providing a variety of features and tools to orchestrate and automate core elements of phishing campaigns.

UK’s cybersecurity agency issues guidance on how to secure supply chain

The UK National Cyber Security Centre (NCSC) released a guidance meant to help medium and large organizations to asses defences and resilience in their supply chains. The new guidance describes ways that organizations are exposed to vulnerabilities and cyberattacks via the supply chain, defines expected outcomes and offers key steps to help organizations assess their supply chain’s approach to cybersecurity.


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024