The aviation industry is a tempting target for cybercriminals. In one such case, a Walmart-controlled flight booking website suffered a security incident. Ransomware actors are targeting everyone everywhere. An investigation is underway as a ransomware attack hit a small U.S. town. Joker and other malware families are once again back on the Play Store. Time to be super cautious! Here’s more from the past 24 hours.

1. Cleartrip, an Indian flight booking site, suffered a data breach as a hacker gained unauthorized access to its internal systems due to a ‘security anomaly.’ Number of victims impacted remains unknown.

2. The Frederick town government, Colorado, was hit by a LockBit ransomware attack. The threat actor has listed the names of the 15,000 residents on its victim list.

3. A hacker posted a trove of internal documents stolen from gaming platform Roblox. The documents contain details of popular games and their creators, along with the PII of several individuals.

4. Pradeo researchers spotted four malicious apps on the Google Play Store, disseminating Joker, Coper, and Facestealer malware families. The apps have been installed by over 100,000 users.

5. The FBI warned financial institutions and U.S. investors against a rise in fake apps that lure consumers into depositing cryptocurrency. The scams have already raked in $42.7 million from 244 victims.

6. The iPhones of 30 pro-democracy Thai activists and supporters were infected by the Pegasus spyware. It was used during street protests in 2020–2021, revealed Thailand’s legal rights watchdog iLaw.

7. A report by Trellix revealed that business services providers (64%) and telecoms (53%) were the most affected industries by ransomware attacks, between Q4 2021 and Q1 2022.

8. A new smishing campaign by Roaming Mantis was found targeting iOS and Android users in France. More than 90,000 unique IP addresses have requested the Android malware XLoader from the main C2 server so far.

9. A newly devised air-gap attack uses Serial Advanced Technology Attachment (SATA) cables as a communication medium (wireless antenna) to transfer radio signals at the 6Hz frequency band.

10. CloudMensis, a new macOS backdoor, was found using public cloud storages, Dropbox, Yandex Disk, and pCloud, to communicate with the attackers.

11. A cyberattack against the Germany-based Knauf Group disrupted its business operations, forcing it to switch off all IT systems. The Black Basta ransomware gang has claimed responsibility for the attack.

12. Recorded Future identified two Magecart campaigns injecting malicious code into the online portals of InTouchPOS, MenuDrive, and Harbortouch. The attackers stole 50,000 payment card details of customers from 300 restaurants.

13. A vulnerability in mental health app Feelyou exposed the email addresses of almost 78,000 users from 177 countries. The platform claimed that no other data has been impacted.

14. The Minister for Foreign Affairs of Belgium claimed that several China-linked APT groups—APT27, APT30, and APT3—targeted the nation’s defense and interior ministries.

15. Research by Unit 42 revealed that APT29, aka Nobelium and Cozy Bear, has resorted to leveraging cloud storages, including Google Drive, to attack multiple Western diplomatic missions.

16. Google’s TAG found that Russia-based Turla APT group was found distributing Android malware masquerading as an app for pro-Ukrainian hacktivists to conduct DDoS attacks.

17. Fortinet captured a new phishing campaign propagating a new variant of QBot via an HTML file that drops a ZIP archive through a snippet of auto-execution JS code.

18. Extortionists are targeting restaurants and eating establishments by posting fake reviews online and offering to remove them in lieu of a gift card, reported Malwarebytes Labs.

19. Machine identity automation platform AppViewX bagged $20 million in Series B round, led by Brighton Park Capital, to help Global 2,000 organizations minimize risks by securing and orchestrating enterprise identities and apps.

20. Washington-based ePlus acquired Texas-based Future Com, for an undisclosed sum. The acquisition aims to strengthen ePlus's growing cybersecurity practice.