Here are this week’s highlights in cybersecurity:

  • CosmicStrand is the latest discovery in terms of sophisticated UEFI firmware rootkits. It was found in Gigaybyte & Asus firmware images, although the initial infection point is unknown. The malware’s infection chain starts in UEFI, installs a hook in the boot manager that modifies the Windows kernel before launch. The kernel hook is called during normal start-up procedures allowing the rootkit to download the actual payload from the Internet. More
  • A hacker is selling a collection of phone numbers and email addresses belonging to 5.4 million Twitter accounts. More
  • A campaign targeting the Middle East exploits a zero day memory corruption in Chrome’s WebRTC to obtain shellcode execution in Chrome’s renderer process. The exploit chain tries to obtain kernel code execution by using another zero day in a driver. More
  • Hackers are targeting websites using PrestaShop, leveraging a previously unknown vulnerability chain to execute code and compromise customer payment information. More
  • According to a Palo Alto report attackers start scanning for vulnerabilities within 15 minutes of a CVE being announced. More
  • In response to Microsoft’s announcements that it would block macros by default in Microsoft Office applications, threat actors began adopting new tactics by using files such as ISO and RAR, and Windows Shortcut (LNK) files in campaigns to distribute malware. More
  • North Korean APT threat actor SharpTongue, deploys browser extension that steals emails directly from web-email sessions. More
  • The average ransomware payment increased 8% from Q1 2022 to $228,125. While the average was pulled up by several outliers, the median ransom payment actually decreased to $36,360, a 51% decrease from Q1 2022. This was a result of attackers targeting the mid market where the risk to reward profile of attack is more consistent and less risky than high profile attacks. Another factor is that large organizations started refusing negotiations when ransomware groups which demand impossibly high ransom amounts. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.