Cyber security weekly recap (28 Nov. – 04 Dec.)

Syber Security Recap 28 Nov 4 Dec 1024x633

A Cross-Tenant Vulnerability in Amazon Web Services AppSync has been resolved.

A cross-tenant vulnerability that could be exploited by an attacker to gain access to resources has been patched by Amazon Web Services (AWS).

This vulnerability is a form of privilege escalation known as the “confused deputy problem”, in which a less-privileged process convinces a more-privileged process to perform an action that it is not authorized to take.

Datadog informed AWS of the problem on September 1, 2022, and the company released a fix for it on September 6.

As part of a coordinated disclosure, Amazon stated that the vulnerability has not affected the customers and that no action is needed on their part.

CISA Issues Alert Over Actively Exploited Critical Vulnerability in Oracle Fusion Middleware

A critical vulnerability in Oracle Fusion Middleware was added to the Known Exploited Vulnerabilities (KEV) Catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), based on evidence of active exploitation.

Impacted versions of Oracle Access Manager (OAM) include 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. The CVSS score for this vulnerability is 9.8 and it is being tracked as CVE-2021-35587.

If exploited, the remote command execution flaw could allow an unauthenticated attacker with network access to completely compromise and take control of affected Access Manager instances.

In January 2022, Oracle released a Critical Patch Update that fixed the bug.

The “Invisible Challenge” on TikTok is being exploited by hackers to spread malware.

According to new research from Checkmarx, threat actors are using a viral TikTok challenge to trick users into downloading data-stealing malware.

The Invisible Challenge trend entails taking a video of yourself through a filter called Invisible Body, which only shows the silhouette of your body.

However, the fact that the people making these videos could be naked has inspired a malicious scheme in which hackers distribute videos with links to fake software called “unfilter” which promises to remove the filters of the TikTok videos.

Checkmarx researcher Guy Nachshon said in an analysis that the instructions that explain how to get the “unfilter” software deploy WASP stealer malware on the system.  

The WASP stealer (also known as W4SP Stealer) is malicious software created to steal users’ credentials, including those for their Discord accounts and cryptocurrency wallets.

It is estimated that more than a million people watched the videos posted by the attackers on TikTok on November 11, 2022. A suspension has been placed on their accounts.

A malicious app uses compromised devices to set up phony profiles across multiple platforms.

A malicious Android SMS app distributed via the Google Play Store has been detected to secretly collect text messages for the purpose of creating accounts on various services, including Facebook, Google, and WhatsApp.

To do this, the app used the phone numbers linked to the infected devices to steal the one-time password that is typically sent to verify the user when setting up new accounts.

Symoo (com.vanjan.sms) was an extremely popular app that was downloaded over a hundred thousand times and served as a relay for sending text messages to a server that promoted an account-making service.

The app’s creator, Walven, is also associated with a different Android app called ActivationPW – Virtual numbers (com.programmatics.activation), which advertises “virtual numbers to receive SMS verification” from over 200 countries for less than 50 cents.

According to the information that is available, Google has confirmed that the two apps in question have been removed from the Play Store and that the developer has been banned.

A New Security Breach at LastPass Exposed Some User Data

The popular password management service LastPass has reported a second security incident in which attackers gained access to some of its customers’ information. The company is currently investigating the matter.

Earlier this month, LastPass CEO Karim Toubba announced that the company has discovered “unusual activity” within a third-party cloud storage service that is currently used by both LastPass and its affiliate, GoTo.

It is dubbed that the hacker has gained access to certain elements of the company’s customers’ information by using knowledge gained from a previous hack in August 2022.

Unfortunately, it is still unknown how many accounts have been compromised, or if customers of both LastPass and GoTo were affected. Fortunately, no passwords were stolen.

The company announced that it is actively working to determine what information was accessed and has notified authorities of the situation. The company added that it.

KmsdBot, a Cryptocurrency Mining Botnet, was “Accidentally” shut down by Researchers

The KmsdBot cryptocurrency mining botnet was accidentally taken down while being investigated.

The SSH brute forcer known as KmsdBot was discovered by the Akamai Security Intelligence Response Team (SIRT) in the middle of November 2022.

The primary goal of the botnet was to install mining software and corral the compromised hosts into a DDoS bot. The malware attacked both Windows and Linux devices across a wide range of microarchitectures.

Companies in the gaming industry, the tech sector, and the luxury automobile industry were all prime targets for KmsdBot.

Cuba Ransomware has locked the data of more than 100 organizations

As of August 2022, the cybercriminals behind the Cuba (aka COLDDRAW) ransomware have collected over $60 million in ransom payments from over 100 victims around the world.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint advisory, citing an increase in the number of compromised U.S. entities and the ransom amounts.

The ransomware group behind the malware, known as Tropical Scorpius, has been observed expanding its tactics to gain initial access and interact with breached networks while simultaneously targeting financial services, government facilities, healthcare, critical manufacturing, and IT.

[facebook_like]

About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment