Here are this week’s highlights in cybersecurity:

  • US sanctions Iranian Ministry of Intelligence and Minister over Albania cyberattacks. Threat actor teams worked in tandem to carry out distinct phases of the attacks, from infrastructure recognisance, initial access & data exfiltration to deploying ransomware & wiper malware. More
  • A number of firmware security flaws in HP’s business oriented high end notebooks continue to be left unpatched since public disclosure at BlackHat USA 2022. Exploitation of these vulnerabilities allow installing malicious DXE drivers that can bypass Secure Boot and influence further boot stages. More
  • Dutch police arrested a 39 year old man on suspicion of laundering tens of millions of euros worth of cryptocurrency stolen in phishing attacks. More
  • Leader of tax fraud and identity theft scheme was sentenced to 12 years in prison. The perpetrator sold stolen identities of children to thousands of his customers which caused tens of millions of dollars in fraudulent tax loss. More
  • Fishpig, a vendor of popular Magento-Wordpress integrations was hacked. Attackers injected malware the waits for commands from a C2 in the license verification mechanism of their software. More
  • Uber was hacked again. According to the hacker, after he gained acces to the internal network, he discovered a network share that contained a powershell script with embedded Thycotic (a secrets manager) credentials which lead to further compromise. More
  • North-Korea linked hackers approach victims over WhatsApp and lure them to download a malicious ISO package regarding a fake job offering. Opening the ISO led to the deployment of a backdoor through a trojanized copy of the PuTTY SSH client. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.