Each week Zacco tracks the latest cyber security threats, current industry news or trends and insights into the latest protection best practice. The Cyber Security Digest is a weekly compilation of the most significant developments within both cybersecurity and digital protection space, with links to further information on how it might affect you, your company or your clients.
Essential reading for cyber security professionals, as well as the general public, to keep you informed of current events and emerging threats.
A 15-year-old security vulnerability in the PEAR PHP repository could allow a threat actor to carry out a supply chain attack. The attacks could also have gained access to unauthorized access to publish rogue packages and execute arbitrary code.
The Anonymous TV hacking group has claimed to have hacked the Russian Orthodox Church’s charitable wing and leaked 15GB of data along with 57000 emails.
On 29th March, Google released an all-new Chrome 100 for the Stable desktop channel. The update includes a new logo, security improvements, and development features.
An update has been released for the following model LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet which addressed three security issues. The buffer overflow security flaw was discovered by Trend Micro’s Zero Day Initiative team.
Google on Friday has released an update to fix a critical zero-day vulnerability that is being actively exploited in the wild. The vulnerability is related to a type of confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug.
Microsoft has confirmed that they were compromised by Lapsus$ Hacking Group. One of the employee’s accounts was compromised which allowed hackers to steal parts of Microsoft’s source code.
A popular app named “Craftsart Cartoon Photo Tools” with more than 1,00,000 downloads is infected with facestealer malware. Security analysts from Pradeo have requested users to delete the app immediately and the same has been notified to Google Play Store.
A major security tip in the Trojan infiltration has been discovered by Dr Web’s security researchers. In addition to this, they have detected an application in Google PlayStore with over 50000 downloads. The Trojan steals sensitive information from the users’ notifications.
Facebook was fined 18.6 million dollars by the Irish Data Protection Commission (DCP) for violating GDPR rules in the region. According to the press release, Facebook did not have in place the necessary technical and organizational security measures to protect the data of EU citizens.
A new Open-source software dubbed RouterOS Scanner has been released by Microsoft. You can use the scanner to check for indicators of compromise related to TrickBot malware infections.
Earlier this week, the FBI issued a joint cybersecurity advisory warning regarding the AvosLocker ransomware gang targeting US critical infrastructure. The AvosLocker site claims to have hit the United States, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the United Kingdom, Canada, China, and Taiwan.
According to security experts from Abnormal security, hackers are using contact forms on websites to spread malware called Bazarloader and BazarBackdoor. This malware is typically spread via phishing emails.
Samsung confirmed that hackers have stolen their Galaxy device source code, but no data related to customers and employees were affected. In their telegram channel, LAPSUS$ posted 190 GB of data stolen from Samsung.
Microsoft released security patches for 71 vulnerabilities for the month of March. 2022. Out of these 71 vulnerabilities, 68 are classified as important and 3 as critical. It is found that 60% of the vulnerabilities are locally exploitable.
HP security analysts have discovered 16 newly discovered high-severity UEFI firmware bugs that, if exploited, could enable hackers to gain administrative privileges and even evade anti-virus detection tools. Affected devices include HP laptops. Desktop Computers, PoS Systems and HP edge computing nodes.
The TeaBot banking Trojan was available in the Google Play store under the name of the QR code and Barcode Scanner Application. The app also had received good reviews. When the victim opens the application, he receives a pop up saying there is an update when the user clicks install, a dropper is downloaded which infects the victim’s system.
