A hacker group compromised the computer network of Samsung Electronics, a South Korean company, which is one of the world's largest producers of electronic devices, and stole a large trove of confidential information, including source code related to Galaxy mobile devices.

The culprit behind the breach appears to be Lapsus$, the same data extortion collective that less than a week ago leaked confidential data belonging to an American chipmaker Nvidia.

Last week, Lapsus$ leaked around 190GB of data allegedly stolen from Samsung, including source code for every Trusted Applet installed in Samsung’s TrustZone environment used for sensitive operations, algorithms for biometric unlock operations, bootloader source code for recent Samsung devices, confidential source code from Qualcomm, and full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services.

Samsung confirmed the security breach on Monday and said that the intruders stole “some source code relating to operation of Galaxy devices.” The company said that personal information of customers and employees was not affected.

Romanian gas giant hit by Hive ransomware

Rompetrol, the operator of Petromidia Navodari, the largest oil refinery in Romania, has suffered a “complex cyberattack,” which forced the company to shut down some of its services, including websites, mobile apps, and the Fill&Go service at gas stations. The company said the incident did not impact operations at gas stations.

Rompetrol didn’t share any details on the nature of the cyberattack, or the perpetrators behind it. According to BleepingComputer, the company was hit by the Hive ransomware gang, with the ransomware operators demanding a $2 million ransom from Rompetrol.

Mozilla fixes two Firefox zero-days, Microsoft releases March 2022 security updates

Mozilla rolled out security updates to fix two zero-day vulnerabilities in its Firefox web browser that are already being exploited by hackers. Tracked as CVE-2022-26485 and CVE-2022-26486, the two flaws are use-after-free issues that can lead to remote code execution.

Microsoft released its March 2022 security updates to address a total of 71 vulnerabilities across multiple software products, including Windows OS (41 bugs), Microsoft Defender (4), Exchange, Office (5), Visual Studio, Express Logic, Azure Site Recovery (11), and the Chromium-based Microsoft Edge browser (19).

Other vendors who released security updates this month include Google, Cisco, Adobe, Intel, Juniper Networks,SAP, Schneider Electric, Siemens, and HP.

Russian government websites hacked in anti-war protest

Hackers have compromised websites of a number of Russian government agencies in a protest over Russia’s large-scale invasion of Ukraine. The affected agencies include Russia's Federal Penitentiary Service, Culture Ministry, Ministry of Energy, the State Statistics Agency, and other state agencies.

It appears that the attackers hacked the stats widget that multiple government agencies use to track the number of visitors, and posted an anti-war image on the compromised websites.

In response to Russia’s military actions in Ukraine multiple countries across the world imposed unprecedented economic and technological sanctions against Russia, including the exclusion of select Russian banks from the SWIFT payments system, and measures meant to largely cut off Russia from the global high-end technology sector.

Since the beginning of the war, more than 300 major US and European companies across multiple industries (automotive, energy, food and beverage, finance and investing, etc.) have cut ties with Russia or limited business operations in the country either in compliance with imposed sanctions, or in support of Ukraine. The extensive list (which is growing by the hour) includes Apple, Google, Microsoft, IBM, Meta, Nokia, Visa, Mastercard, Nvidia, Oracle, Reddit, Samsung, Red Hat, Cisco, Sony Group, Ubisoft, Take-Two, CD Projekt Red, Electronic Arts, Activision Blizzard, and Epic, just to name a few.

Access:7 vulnerabilities expose medical and IoT devices to cyberattacks

Cybersecurity researchers have warned of a new set of vulnerabilities collectively referred to as ‘Access:7’ impacting PTC Axeda, a cloud based remote access solution commonly used for devices within the healthcare industry.

Three (CVE-2022-25251, CVE-2022-25246, CVE-2022-25247) of seven flaws were rated critical (CVSSv3.1 score 9.4-9.8), because they allow a remote attacker to execute malicious code and commandeer the device. The remaining vulnerabilities are less dangerous and could be used to gain access to sensitive information, or launch DoS attacks.

The researchers estimate that the Access:7 vulnerabilities potentially affect more than 150 devices from over 100 different manufactures.

What’s next:

Follow ImmuniWeb on Twitter and LinkedIn
Subscribe to newsletter to get the next post automatically
Explore 18 use cases how ImmuniWeb can help
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Application Security Weekly

Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.

Recent Blog Posts:

Nvidia Hit with Cyberattack, Proprietary Data Stolen

$1.7 Million in NFTs Stolen in Phishing Attack on OpenSea Users