Here are this week’s highlights in cybersecurity:

  • A joint security advisory issued by several national cybersecurity agencies described the top 10 attack vectors used to compromise victim networks and some mitigations. More
  •  Tesla Model 3 Phone-as-a-Key passive entry over BLE is vulnerable to Relay Attacks, according to an NCC Group report. Tesla said it’s a known limitation of the passive entry system. More
  • A 55 year-old cardiologist was charged with running a Ransomware-as-a-Service operation and selling Jigsaw v.2 and Thanos ransomware, according to an unsealed US criminal complaint. More
  • Attackers are using the “@” & “#” signs to obfuscate phishing URLs. A browser interprets characters before “@” as credentials and ignore the ones after “#”. Hence an URL like “www.$%^&;****((@bit.ly/123#KsjqUwhP” will be interpreted by the browser as “bit.ly/123”. More
  • A study on the top 100k websites found thousands of instances where user emails are exfiltrated for marketing purposes before a form is submitted or consent is given. 52 websites collected user passwords. More
  • A paper called “Optical Sound Recovery from Lightweight Reflective Objects” presented at BlackHat Asia demonstrates eavesdropping by measuring sound reflection of shiny objects. More
  • Researchers were able to run malware on an iPhone, even when it’s powered off. The issue lies in the iPhone’s Low Power Mode (LPM), as certain chips continue to remain active (Bluetooth, NFC & UWB) from iOS 15. The proof-of-concept installed malware in the phone’s Bluetooth firmware. More
  • VMware patched a critical vulnerability affecting several products. At the same time, CISA released an emergency directive requesting government institutions to apply the patch. More
  • A detailed report about the Wizard Spider ransomware group describes it as one of the wealthiest active group with assets valued at hundreds millions of dollars. Among other things, the group targets hypervisor servers with Conti ransomware. Besides Conti, they use other strains of malware including BazarLoader, QBot and SystemBC as well as common security tools as CobaltStrike, mimikatz, Rubeus, AdFind, PsTools and more. Their infrastructure includes a password/hash cracking server and a VoIP server used to call victims and persuade victims into paying. More
  • Attackers are using chatbots to make phishing attack more interactive and add credibility. More
  • Nikkei, a financial newspaper with a daily circulation of over 3 million suffered from a ransomware attack. The affected server located in Singapore likely contained customer data. More
  • A malicious python package deploys CobaltStrike, a commonly used pen-testing tool. The package name, pyMafka is typo-squatting a popular package used for Apache Kakfa called pyKafka. More
  • Apparently Conti ransomware group shut down their operation, but they’ll probably rebrand into smaller units. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.