Here are this week’s highlights in cybersecurity:

  • Automotive leader Denso suffered a cybersecurity incident, claimed by the Pandora ransomware group. More
  • Tire company Bridgestone confirmed a ransomware attack (LockBit group). More
  • Last week, gaming company Ubisoft confirmed they suffered a cyberattack.
  • Conti ransomware group internal chats were leaked online. See the inner workings of one the most successful ransomware groups. More
  • New reflection and amplification distributed denial-of-service (DDoS) was detected in the wild, with a record-breaking potential amplification ratio of 4,294,967,296 to 1. More
  • Ransomware group adds APT (Advanced Persistent Threat) TTPs (Tools, Techniques & Procedures) to their modus operandi. More
  • Denial of Service vulnerability discovered in OpenSSL by Tavis Ormandy (Google). OpenSSL enters a loop when parsing Elliptic Curve certificates using a non-prime moduli. More
  • NSA and CISA released an updated version of their Kubernetes Hardening Guide. It contains clarifications considering feedback from the security community, additions to logging and threat detection. More
  • Germany’s Federal Office of Information Security [BSI] recommends against using Kaspersky products. The software vendor answered with a press release. More
  • Enterprise software Veeam disclosed an unauthenticated remote code execution vulnerability in their Backup & Replication software. Issue is rated as 9.8 Critical. More
  • Another supply chain issue hits the npm ecosystem. “node-ipc”, a NodeJS dependency with over 1 million downloads/week sabotaged developers to protest the ongoing war. The package checks the external IPs and overwrites files of users located in Russia & Belarus. More
  • CISA & FBI advisory: tactics used by hackers to bypass MFA. They compromised an account with weak credentials, escalated privileges to admin using “PrintNightmare” and blocked access to the MFA servers using the “hosts” file. Without being able to contact it’s servers, and because the Duo MFA service was configured to “fail open”, MFA was bypassed. More
  • New Solaris rootkit dubbed CAKETAP found in key infrastructure belonging to financial institutions. CAKETAP was used to manipulate messages transiting a victims ATM switching network. It is believed this was leveraged as part of a larger operation to perform unauthorized cash withdrawals at several banks using fraudulent bank cards. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.