Cyber Weekly Digest - 2022 Week #39


In this week’s Cyber Weekly Digest we explore some of the critical vulnerabilities patched by WhatsApp as well as a new actively exploited zero-day in Microsoft Exchange Servers. Keep reading to stay up to date on the biggest cyber security news from the week.


1. WhatsApp releases security updates that address two critical vulnerabilities.

WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934, which has a CVSS score of 9.8, a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions 2.22.16.12. The second vulnerability patched is an integer underflow bug, with a CVSS score of 7.8.


2. American Airlines discovered it was breached via phishing.

The Cyber Security Response Team of American Airlines found out about a recently disclosed data breach from the targets of a phishing campaign using an employee’s compromised Microsoft 365 account. The airline claimed that after receiving these phishing reports, access into the company’s MS 360 environment was discovered by the American’s CIRT. This led to a data breach of around 1700 customers’ and team members’ information, however, it is not evident that the data breach led to any personal information being leaked.


3. North Korean Lazarus group is dropping macOS malware via Crypto.com job offers.

The North Korean APT called Lazarus is now using fake “Crypto.com” job offers to hack developers and artists in the crypto space, likely with a long-term goal of stealing digital assets and cryptocurrency. Crypto.com is one of the internet’s largest cryptocurrency exchange platforms. The Lazarus threat group has been targeting people in the cryptocurrency industry in an operation dubbed “Operation In(ter)ception”, since 2020. These targets become the victims of phishing attacks where the threat actors trick cryptocurrency employees to open malicious files with hidden scripts that gain persistence, this is used later for reconnaissance and data exfiltration to steal digital assets and cryptocurrency.