In this week’s Cyber Weekly Digest we discuss the biggest cyber security news including the ransomware group that claims to have breached Mandiant, and the latest zero-day vulnerabilities exploited by threat groups. Keep reading to stay up to date on the latest cyber security news from around the world.
The ransomware group, LockBit, published a new page on its data leak website this week saying that they would leak 356,841 files belonging to Mandiant. However, Mandiant has stated that they had no evidence of a breach and that the data leaked showed no indication that Mandiant’s data had been disclosed. After LockBit published the files, it looks like this wasn't about files stolen from Mandiant's network but, instead, about the ransomware group trying to distance itself from the Evil Corp cybercrime gang due to the economic sanctions preventing victims from paying ransoms.
This week the Vice Society ransomware group has claimed responsibility for the recent cyber attack on the city of Palermo in Italy, which has caused a large-scale service outage. The attack occurred at the weekend, and all internet-relying services remain unavailable. The attack has impacted 1.3 million people and many tourists visiting the city. Vice Society claimed they were behind the attack on Palermo by posting on their dark web data leak site, stating they will publish all stolen documents by Sunday if a ransom is not paid.
The Emotet malware is now deploying a new module designed to steal credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers. This new development also comes during a spike in Emotet activity, following a 10-month break last year when law enforcement took down the operation.
This week, researchers have discovered that state-sponsored hackers have been attempting to abuse the Follina vulnerability in Microsoft Office, targeting US and EU government targets via phishing campaigns. The malicious emails contain fake recruitment pitches promising a 20% boost in salaries to convince recipients to download an attachment. The malicious attachment targets the remote code execution bug CVE-2022-30190, named Follina, which was discovered last month. If successfully exploited, attackers can use the Follina flaw to install programs, view, change or delete data, or create new accounts in the context allowed by the user’s rights.
Unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released this week through the 0patch platform. The security flaw, named DogWalk, is a path traversal flaw attackers can exploit to copy an executable to the Windows Startup folder when the target opens a maliciously crafted .diagcab. The planted malicious executable would then automatically be executed the next time the victim restarts Windows. Microsoft said that Outlook users are not at risk because .diagcab files are automatically blocked, security researchers and experts argue that exploiting this bug is still a valid attack vector.