25 November 2022

Cyber security week in review: November 25, 2022

Cyber security week in review: November 25, 2022

Google fixes eighth Chrome zero-day

Google has released an emergency security update for its Chrome browser on Windows, Mac, Linux, and Android platforms to fix a zero-day vulnerability (CVE-2022-4135), which is currently being exploited in the wild. The said zero-day is described as a heap-based buffer overflow issue in GPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mobile numbers of nearly nearly 500M WhatsApp users put up for sale on hacker forums

A database containing up-to-date mobile phone numbers belonging to nearly 487 million WhatsApp users has been put up for sale on a hacker forum. The dataset allegedly contains WhatsApp user data from 84 countries, including Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), Turkey (20 million), and the UK (11 million).

975 suspects detained and nearly $130 million seized in a crackdown against cybercrime groups

An Interpol-led law enforcement operation, dubbed “Operation HAECHI III,” has resulted in the arrests of 975 individuals allegedly involved in phishing, romance scams, sextortion, investment fraud, and money laundering criminal operations. In addition, the authorities seized about $130 million worth of money and virtual assets linked to various cybercrimes and money laundering operations, and blocked almost 2,800 bank and virtual-asset accounts linked to the illicit proceeds of online financial crime.

Authorities take action against 'iSpoof' online spoofing service

Law enforcement agencies from several countries have seized the servers and websites of iSpoof, a service widely used by cyber criminals for fraud, as it allowed to make calls and send SMS messages using spoofed identities. The authorities also detained 142 suspects, including an individual believed to be the platform’s leader. According to Europol, iSpoof has made more than €3.7 million, and that the service has caused estimated losses of over €115 million worldwide.

Pentagon releases zero trust framework

The US Department of Defense has released a framework to help agencies implement zero trust strategy on their networks.

US seizes domains linked to “pig butchering” scams

The US Department of Justice announced the seizure of the seven domain names linked to “pig butchering” scams, a type of scam where fraudsters trick victims of romance scams into investing cryptocurrency through fake investment apps.

According to the DoJ, the cybercrime ring that used the seven seized domains tricked five victims into transferring more than $10 million to cryptocurrency deposit addresses immediately emptied by the fraudsters.

Google releases YARA rules to help detect Cobalt Strike abuse

Google’s Cloud Threat Intelligence team has released a set of open-source YARA rules and a VirusTotal Collection of indicators of compromise (IoCs) to help defenders spot Cobalt Strike’s components in their works and disrupt its malicious use.

Earlier this month, Google shared a similar set of signatures for Sliver, an open-source adversary emulation framework for security testing, which has also been observed being used by threat actors as an alternative for Cobalt Strike.

Meta reportedly fired some employees for hijacking user accounts

Facebook and Instagram parent company Meta Platforms reportedly fired or disciplined more than two dozen employees and contracted security guards who exploited an internal tool to take over user accounts. In some cases workers accepted thousands of dollars in bribes from hackers to compromise or access user accounts.

Hackers using Google Ads to distribute Royal ransomware

A new threat actor, tracked by security researchers at Microsoft as DEV-0569, is using Google ads to distribute various post-compromise payloads, including Royal ransomware, which first emerged in September 2022.

Typically, the group relies on malvertising, phishing links that point to a malware downloader posing as software installers or updates embedded in spam emails, fake forum pages, and blog comments. Over the past few months, the researchers observed some changes in DEV-0569’s delivery methods, including the use of contact forms on targeted organizations’ websites to deliver phishing links, and expansion of their malvertising technique by abusing Google Ads.

Chinese cyber spies target governments, research sectors worldwide

A China-linked cyber-espionage group has launched a series of spear-phishing attacks on the government, academic, foundations, and research sectors across the world.

Known as Mustang Panda, Earth Preta, or Bronze President, the threat is believed to have been conducting cyber operations since at least July 2018. The group is known for its use of malware such as China Chopper and PlugX to steal data from compromised environments.

Luna Moth callback phishing extortion campaign targeting businesses in multiple sectors

Palo Alto Network’s Unit 42 published a report detailing a callback phishing extortion campaign orchestrated by a threat actor known as Luna Moth (aka Silent Ransom Group).

Over the past few months the campaign has targeted businesses in multiple sectors, including legal and retail. Callback phishing, also known as telephone-oriented attack delivery (TOAD) is a social engineering technique that requires a threat actor to interact with the target to achieve their goal. This method is more resource intensive, but less complex than script-based attacks, and it tends to have a much higher success rate, the researchers explained.

Back to the list

Latest Posts

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

The new infostealer was observed in attacks targeting Ukrainian organizations.
8 February 2023
CISA releases tool to recover encrypted VMware ESXi servers

CISA releases tool to recover encrypted VMware ESXi servers

According to CISA’s list of bitcoin addresses, over 2,800 ESXi servers have been encrypted to date.
8 February 2023
Threat actors target Ukrainian government agencies with Remcos spyware

Threat actors target Ukrainian government agencies with Remcos spyware

The attack involves a phishing email ostensibly sent by Ukrtelecom, a major Ukrainian internet service provider.
8 February 2023