15 May 2023 Weekly Newsletter

BOCRA website

     

NEWSLETTER

 

Hackers use Azure Serial Console for stealthy access to VMs


                                                     LATEST CYBER HACKS 

 
 
icon

University admission platform Leverage EDU exposed student passports

The popular university admission platform Leverage EDU leaked almost 240,000 sensitive files, including students’ passports, financial documents, certificates, and exam results.

icon

Lacroix Shuts Three Factories For a Week After Cyber-Attack

International electronics manufacturer Lacroix has reportedly intercepted a targeted cyber-attack on its activity sites in France (Beaupréau), Germany (Willich) and Tunisia (Zriba).

icon

Debt Collection Firm Credit Control Corporation Hit by Major Data Breach

Credit Control Corporation (CCC), a debt collection services company, recently fell victim to a cyber attack leading to a data breach that compromised the personal data of numerous healthcare institutions.


                                                      VULNERABILITIES

 
 
icon

Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks

Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks.

icon

Parental control app with 5 million downloads                vulnerable to attacks

Kiddowares 'Parental Control – Kids Place' app for Android is impacted by multiple vulnerabilities that could enable attackers to upload arbitrary files on protected devices, steal user credentials, and allow children to bypass restrictions without the parents noticing.


                                     MALWARES

 
 
icon

RecordBreaker Info-stealer Propagates Via Fake Keygens and Cracks

The RecordBreaker info-stealer, also referred to as Raccoon Stealer V2, has been observed in a new attack campaign targeting Korean users. The malware, which is often distributed disguised as the download of illegal programs such as cracks and keygens, was hidden this time inside fake certificates from a Korean software company.

icon

Attackers Deliver Redline Stealer via Poisoned AI Tools

The popularity of AI-based end-user tools is increasing. Unfortunately, it has also attracted cybercriminals who use various social engineering tricks to lure potential victims. Recently, a malicious advertising campaign was observed abusing the Google Search engine to push malicious executables disguised as popular AI tools such as ChatGPT and Midjourney.

icon

Water Orthrus APT Re-Emerges with Two New Malware Families

A lesser-known Water Orthrus APT has re-appeared after a long time with two new malware families capable of performing multiple malicious activities. The new malware are tracked as Copper Stealth and CopperPhish and have been developed for different purposes, such as injecting network advertisements, acquiring personal information, and stealing crypto assets. Previously,


                               GENERAL NEWS

 
 
icon

WhatsApp allows users to lock sensitive chats

Meta has unveiled Chat Lock within WhatsApp, a feature that allows users to keep sensitive and intimate conversations safe from prying eyes.

icon

Identifying a Patch Management Solution: Overview of Key Criteria

In fact, any application available today will likely need to be updated – or patched – to fix bugs, address vuklnerabilities, and update key features at multiple points in the future.