Here are this week’s highlights in cybersecurity:
- Ransomware group hacks UK water supplier, but extorts wrong victim that has more customers. More
- Check Point discovered a set of vulnerabilities that allowed forging of payment packages from an unprivileged Android application on Xiaomi phones. The flaw was demonstrated using WeChat Pay and was fixed in June. More
- Microsoft disrupted a hacking operation linked to Russia-linked APT group SEABORGIUM that targeted NATO countries and focused on exfiltration of intelligence data. More
- Actors associated with Cuba ransomware are using previously undocumented TTPs, including using a new remote access trojan called ROMCOM RAT, a kernel driver for targeting security products and a custom tool for extracting cached Kerberos tickets from the LSASS process. More
- Malware developers already bypassed Android 13 new security feature that Google built to block abuse of the Accessibility API. More
- CS.Money, a CS:GO trading site was hacked and $6 million worth of skins were stolen. More
- iOS VPNs have leaked traffic for more than 2 years. The leak is caused by sessions and connections established before a VPN is activated as they do not terminate and can still send data outside the VPN tunnel while it’s active. More
- DarkTortilla is a complex NET-based crypter active since 2015. It delivers popular information stealers and RATs such as AgentTesla and RedLine. Researchers also identified samples delivering targeted payloads such as Cobalt Strike and Metasploit. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging. More
Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.
