Latest Cybersecurity news


DATE : 27.10.2022


MEDIA BANK DATA BREACH
Australian health insurance firm Medibank data leak
Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack.
In an update to its ongoing investigation into the incident, the firm said the attackers had access to “significant amounts of health claims data” as well as personal data belonging to its ahm health insurance subsidiary and international students.
Medibank, which is one of the largest Australian private health insurance providers, serves about 3.9 million customers across the country.


CYBER ATTACK
Centre Probing if Attack 2-hour—long Outage Of WhatsApp
Union Electronics and Information Technology Ministry is seeking a report from Meta India about the two-hour-long global outage of WhatsApp that affected users on Tuesday, Financial Express reported The Ministry is also probing if the outage was caused by a cyber attack. Meta is expected to send the report to the Ministrys India Computer Emergency Response Team (CERT-In).
DATE : 26.10.2022


VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product.
VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product.
Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open source library.
“Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of ‘root’ on the appliance,” the company said in an advisory.


Vice society spreads ransomware
A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns
A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors.
The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries out extortion using exfiltrated stolen data.
“Shifting ransomware payloads over time from BlackCat, Quantum Locker, and Zeppelin, DEV-0832’s latest payload is a Zeppelin variant that includes Vice Society-specific file extensions, such as .v-s0ciety, .v-society, and, most recently, locked,” the tech giant’s cybersecurity division said.
DATE : 25.10.2022


Apple has rolled out a zero day flaw in IOS
Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild.
The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges.
Successful exploitation of out-of-bounds write flaws, which typically occur when a program attempts to write data to a memory location that’s outside of the bounds of what it is allowed to access, can result in corruption of data, a crash, or execution of unauthorized code.


International crime control organisation Interpol has launched the worlds first global police Metaverse for law enforcement officials to increase cooperation. Users of this Metaverse can interact with each other and even take training courses on forensic investigation and other policing capabilities. Interpol will also create an expert group to represent officials views on security in.
DATE : 24.10.2022


SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan
SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called WarHawk.


Health care data leak
OakBend Medical Center data leaked by a hacker group.
U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country.
One of those attacks was aimed at OakBend Medical Center on September 1, 2022, with the group claiming to have siphoned roughly 3.5GB of data, including over one million records with patient and employee information.
It also published a sample containing 2,000 patient records on its data leak site, which included names, genders, dates of birth, Social Security numbers, addresses, and other appointment details, according to DataBreaches.net.
DATE : 23.10.2022


Google fined Rs. 1338 crore in India for practice anti-competitive practice
The Competition Commission of India (CCI) has imposed Rs. 1337.76 crore fine on Google for abusing its dominant position in multiple markets in Android mobile device ecosystem. Google imposes -unfair condition” on device makers by requiring them to preinstall its apps, the CCI said It added that Google abused its dominant position in search app stores, web browsers and video services to squeeze out competitors


Taylor Swift’s Midnights’ album release crashes
Spotify Crashed Taylor Swift’s Midnights’ album release crashes Spotify Thousands of users worldwide reported problems with accessing Spotify minutes after Taylor Swift released her MidnightS album on Friday, according to outage tracking website Downdetector.
The issue reportedly got resolved within an hour. ‘Midnights’, which is the singer’s 10th studio album, became the most-streamed album in a single day in SpotifYs history, the music streaming platform tweeted.
DATE : 22.10.2022


Server Misconfiguration Led to 65K* Companies’ Data Leak
The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022. by cybersecurity company SOCRadar, which termed the leak BlueBleed The Windows maker did not
reveal the scale of the data leak, but according to SOCRadar, it affects more than 65,000 in 111 countries The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details among others
DATE : 21.10.2022


Exploitation attempts of Apache Commons Text vulnerability
Researchers have detected active exploitation attempts of disclosed critical RCE vulnerability (CVE-2022-42889) in Apache Commons Text.
WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022.
The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library.
It’s also similar to the now infamous Log4Shell vulnerability in that the issue is rooted in the manner string substitutions carried out during DNS, script, and URL lookups could lead to the execution of arbitrary code on susceptible systems when passing untrusted input.
DATE : 20.10.2022


Hackers compromised Hong Kong govt agency
Hackers compromised Hong Kong govt agency network for a year
Researchers at Symantec have uncovered cyberattacks attributed to the China-linked espionage actor APT41 (ak.a. Winnti) that breached government agencies in Hong Kong and remained
for a year in some case.


New Operating System
Google Unveils KataOS for Embedded Devices
KataOS provides a verifiably-secure platform that protects the user’s privacy because it is logically impossible for applications to breach the kerners hardware security protections and the system components are verifiably secure The tech giant pointed out that KataOS is mostly developed in Rust, which makes it more secure because it eliminates buffer overflows and other classes of bugs.
DATE : 19.10.2022


Chinese Hackers Targeting Online Casinos
Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update
An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years.
Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet) and DRBControl, citing tactical and targeting similarities as well as the abuse of secure messaging clients.


Stealthy PowerShell Backdoor Disguising as Windows Update
Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update
Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process.
DATE : 18.10.2022


Baby Al Capone' to pay $22m
Baby Al Capone’ to pay $22m to SIM-swap crypto-heist
A man who lost $24 million in cryptocurrency in an elaborate SIM swapping scam has won a multi- million-dollar judgment against the thief, who was 15 at the time of the hustle. According to court documents [PDF] filed Friday in federal New York City court, Ellis Pinsky agreed to pay Michael Terpin $22 million for his starring role in the SIM swap and crypto heist.


INTERPOL-led Operation Takes Down 'Black Axe'
INTERPOL-led Operation Takes Down ‘Black Axe’ Cyber Crime Organization
The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cyber crime syndicate called Black Axe.
DATE : 17.10.2022


Police tricks DeadBolt ransomware
Police tricks DeadBolt ransomware out of 155 decryption keys
The Dutch National Police, in collaboration with
cybersecurity firm Responders.NU, tricked the DeadBolt
ransomware gang into handing over 155 decryption keys
by faking ransom payments. DeadBolt is a ransomware
operation active since January and known for demanding
0.03 bitcoin ransoms after encrypting thousands of QNAP
and Asustor Network Attached Storage (NAS) devices
(20,000 worldwide and at least 1,000 in the Netherlands
per the Dutch police.)


INTERPOL ARREST
INTERPOL arrests ‘Black Axe’
cybercrime syndicate
INTERPOL has arrested over 70 suspected
members of the ‘Black Axe’ cybercrime syndicate,
with two believed to be responsible for $1.8 million
in financial fraud. The suspects were arrested as
part of ‘Operation Jackal,’ an international law
enforcement operation between September 26
and 30, 2022, in South Africa.
DATE : 16.10.2022


A.I based Age Verification
Insta Introduces AI-powered Age Verification Process In India
Instagram has announced that it is expanding the testing options for its AI-powered age verification feature to India and Brazil. The feature will allow users to upload a video of themselves, which Instagram runs through an AI system to determine whether the user is aged 18 or older. Meta has partnered with Yoti that specialises in AI-based online age verification.


'Make-in-India' record-breaker
Piyush Goyal as phone exports
hit $1 bn in Sept
Union Commerce Minister Piyush Goyal lauded the government’s production-linked incentive (PLI) scheme after a report claimed that India exported mobile phones worth $1 billion in September, setting a new record. “Make-in-India’ record-breaker,” tweeted Goyal. Notably, the previous monthly record for mobile phone exports from India stood at $770 million in December 2021, as per the Economic Times.
DATE : 15.10.2022


Tata Power hacked
Tata Power says hit by cyber attack
Tata Power on Friday said that a cyber attack has hit its Information Technology (IT) infrastructure and affected its systems.
Tata Power Company Limited had a cyber attack on its IT infrastructure impacting some of its IT systems, a BSE filing from the Mumbai-headquartered company said.
DATE : 14.10.2022


Passwordless Login
Google Rolling Out Passkey Passwordless Login Support
Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. “Passkeys are a significantly safer replacement for passwords and other phishable authentication factors,” the tech giant said. “They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks.”


Stealling accounts
Unofficial WhatsApp Android app caught stealing users’ accounts
The YoWhatsApp campaign was discovered by threat analysts at Kaspersky, who have been investigating cases of the Triada Trojan hiding inside modified WhatsApp builds since last year. A new version of an unofficial WhatsApp Android application YoWhatsApp v2.22.11.75 snatches WhatsApp keys, enabling the threat actors to control users’ accounts.


VULNERABILITIES
Govt issues high severity warning to zoom users
The government’s CERT-In issued a ‘high severity’ warningsaying that multiple vulnerabilities have been found in Zoom products which could allow attackers to prevent meeting participants from receiving audio and video. Affected software includes Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 and Zoom Client for Meetings for macOS starting with 5.10.6 and prior to 5.12.0.
DATE : 13.10.2022


INTEL HACKED
Intel conforms leak of alder lake BIOS source code
Chipmaker Intel has confirmed that Unified Extensible Firmware Interface (UEFI) code for Alder Lake CPUS (12th Generation Processor) has been leaked, following its release by an unknown third-party on 4chan and GitHub last week. Intel said the leak doesn’t expose “any new security vulnerabilities as we do not rely on obfuscation of information as a security measure.” Besides the UEFI code, the leaked data dump includes a plethora of files and tools, some of which appear to come from firmware vendor Insyde Software.


Terrorist & Extremist
Russia adds Meta to its list of ‘terrorist & extremist’ organisations
Russia’s financial monitoring agency, Rosfinmonitoring, has added Facebook and Instagram parent Meta to its list of “terrorist and extremist” organisations, AFP and Russia’s Interfax news agency reported. In June, a Russian court rejected an appeal by Meta after it was found guilty of “extremist activity” in the country in March. At the time, Meta’s lawyer had denied the allegation.