Cybersecurity Digest #49: 02/05/2022 – 13/05/2022

Cybersecurity news

• HP has released BIOS updates to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which allow code to run with Kernel privileges.
• Google announced a range of privacy measures that will help users retain more control over how their data is used by Google applications and displayed to the world through search.
• Microsoft has issued fixes for three zero-day vulnerabilities, including one being actively exploited in the wild, as part of its May monthly update round.
• Apple, Google and Microsoft have joined forces to expand support for passwordless logins across mobile, desktop and browsers.
• The National Institute of Standards and Technology (NIST) released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector.
• Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products.

Cybersecurity Blog Posts

• Adeeb Shah, Senior Security Consultant at SpiderLabs told how to avoid headaches when publishing a CVE.
• In the blog of CheckPoint, experts explored the evolution of ransomware from WannaCry to Conti and described how it changed the threat landscape.
• As their strategic role expands, many CISOs around the world are “having a moment,” bolstered by growing top-level support and additional resources to advance their cybersecurity missions. But making the most of this moment will come down to focus across four key areas, which were told by CyberArk team.

Research and analytics

• Researchers from Trend Micro have identified a new sample of the AvosLocker ransomware, which has learned to use unpatched vulnerabilities to disable antivirus programs after penetrating the victim’s network. The malware uses a legitimate Avast Anti-Rootkit Driver (asWarPot.sys ) to disable antivirus protection.
• According to Cybereason, the Chinese cybercrime group Winnti has been stealing intellectual property and other data from American and Asian companies for many years.
• According to the FBI, $43.31 billion was stolen from June 2016 to December 2021 as a result of more than 241,000 incidents. Based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021 followed by Mexico and Singapore.
• The US Cybersecurity and Infrastructure Protection Agency (CISA) mentioned the most common computer vulnerabilities identified in 2021. The most popular vulnerability among hackers was Log4Shell or CVE-2021-44228.
• ThoughtLab announced the findings of study Cybersecurity Solutions for a Riskier World which analyzed the cybersecurity strategies and results of 1,200 large organizations across 16 countries. The research revealed that the pandemic has brought cybersecurity to a critical inflection point. The number of material breaches respondents suffered rose 20.5% from 2020 to 2021, and cybersecurity budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%.
• SpyCloud analyzed the exposed data tied to employees of Fortune 1000 organizations in our database. For this analysis, we examined over 126 million Fortune 1000 employee breach records containing more than 687 million assets, all of which are available to cybercriminals and can be used for malicious purposes.
• Sucuri Security’s 2021 Website Threat Research Report has revealed that payment card skimmers are becoming more common in exploit kits affecting WordPress websites, and that attackers are spending more time customizing them to avoid detection.
• Kaspersky Lab summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop.

Major Cyber Incidents

• Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools.
• The National Cybersecurity Center of Finland has warned about a new malicious campaign that uses SMS and MMS to spread FluBot malware. Malware steals the credentials of its victims’ financial accounts by overlaying phishing pages on top of legitimate banking and cryptocurrency applications.
• The Costa Rican President has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies. Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies.
• Lincoln College, a liberal-arts school from rural Illinois, says it will close its doors, 157 years since its founding and following a brutal hit on its finances from a recent ransomware attack.
• The operators of decentralized finance (DeFi) lending and credit protocol Fortress that about $3 million worth of cryptocurrency was stolen during an attack on third-party infrastructure.
• Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube. The scheme is the old “double your investment” ruse that promises to pay back twice the cryptocurrency amount the victim sends the scammer.