A new Group-IB report sheds light on the OPERA1ER threat group, which stole at least $11 million in roughly 30 attacks across Africa. It was aimed at banks, financial services providers, and telecommunications companies. The CISA has issued three ICS vulnerability advisories, advising users to be aware of multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. These bugs endanger user systems by exposing sensitive information and granting file access to arbitrary code execution and the planting of malicious code by hackers.

More bugs have been reported in the last 24 hours, with Cisco and Splunk Enterprise both releasing updates for their problematic products. The vast majority of them are critical security flaws that organizations must address as soon as possible.

Top Breaches Reported in the Last 24 Hours

Criminals are targeting a Boeing subsidiary.

According to Group-IB, the French-speaking hacking group OPERA1ER carried out at least 30 cyberattacks on African financial and telecom firms and services. In those attacks, hackers stole over $11 million. The operators had created a vast network in order to withdraw stolen money.

Criminals are targeting a Boeing subsidiary.

Following a cyberattack, the website of Jeppesen, an American company that provides navigational information and other operational tools, received a breach notification. Flight planning issues were encountered by the wholly owned Boeing subsidiary. The extent of the impact, however, has yet to be determined.

LockBit asserted German automobile manufacturer

Continental, a German multinational automotive parts manufacturing company, has been added to the LockBit ransomware group's leak site. If the negotiations fail, the group has threatened to publish all available data. It has set a November 4 deadline for payment of the ransom.

Top Malware Reported in the Last 24 Hours

The new RomCom RAT campaign

In a new campaign, the operators of RomCom RAT were observed impersonating the official websites of popular software brands in order to distribute malware. According to Palo Alto Networks' Unit 42, it reportedly targeted the websites of SolarWinds Network Performance Monitor (NPM), PDF Reader Pro, KeePass password manager, and Veeam Backup and Recovery software.

Top Vulnerabilities Reported in the Last 24 Hours

CISA issuer advisory for ICS flaws

The CISA issued three ICS advisories regarding multiple vulnerabilities in ETIC Telecom, Delta Industrial Automation, and Nokia software. The most serious were three bugs in ETIC Telecom's Remote Access Server (RAS). A path traversal flaw was discovered in Delta Industrial Automation's DIALink products. Meanwhile, three bugs in Nokia's ASIK AirScale 5G Common System have been discovered.

Cisco addresses a number of issues.

Multiple Cisco product vulnerabilities, including those classified as high-severity, were patched. CVE-2022-20961 is the most serious cross-site request forgery (CSRF) flaw in Identity Services Engine (ISE). Another, CVE-2022-20956, is an authorization bypass flaw that could allow hackers to download and delete files.

Splunk quarterly patch release

Splunk Enterprise has released a new set of quarterly patches that address nine high-severity security holes. With a CVSS score of 8.8, three of them were identified as remote code execution (RCE), cross-site scripting (XSS) bugs, and XML external entity (XXE) injection. With the release of Splunk Enterprise versions 8.1.12, 8.2.9, and 9.0.2, all bugs have been resolved.