Here are the most relevant headlines of the week:

CloudMensis: New malware targeting macOS

A new malware that is being used to implement backdoors and exfiltrate information on macOS devices has been discovered by ESET researchers. It has been named CloudMensis and one of its most notable features is the use of cloud storage services such as DropBox, Yandex Disk, or pCloud to communicate with its command and control (C2) servers.

This malware also executes code on the target system and obtains administrator privileges to execute a second phase that collects information: screenshots, email attachments, document exfiltration,  keystrokes, and other sensitive data.

Luna: new ransomware targeting Windows, Linux, and ESXi

A new ransomware family based on the Rust programming language, named Luna, has been discovered by Kaspersky security researchers. It can encrypt devices running various operating systems, including Windows, Linux, and ESXi systems.

At this stage, Luna appears to be simple ransomware in development and, for the time being, limited to command-line options only, according to Kaspersky experts.  However, its encryption scheme is unusual.

Lightning Framework: new malware targeting Linux environments

A new type of malware targeting Linux environments has been found by researchers at Intezer. They have named it Lightning Framework. Some details of the malware are still unknown but some of its characteristics have been analyzed. The malware installs itself on the victim’s system via a downloader that will download all its modules and plugins. It also includes the manipulation of timestamps and process IDs, the creation of a script with the name “elastisearch” to create persistence, and the implementation of a backdoor by creating its own SSH server.

Cisco fixes multiple vulnerabilities

Cisco releases security patches for 45 vulnerabilities (3 critical, 1 high, and 41 medium) which affect various products.

• Three of the patched flaws, listed as CVE-2022-20857 CVSS 9.8, CVE-2022-20858 CVSS 9.8, and CVE-2022-20861 CVSS 9.8, affected the Cisco Nexus Dashboard data center management solution and could allow an unauthenticated remote attacker to execute arbitrary commands and perform actions with root or administrator privileges.
  
  
• Another high-severity flaw, listed as CVE-2022-20860 CVSS 7.4, is also highlighted in the SSL/TLS implementation of Cisco Nexus Dashboard. This one could allow an unauthenticated remote attacker to alter communications.

Atlassian fixes critical flaw in encrypted Confluence credentials

Atlassian has released a security update that fixes a critical encrypted credential vulnerability in Confluence Server and Data Center that could allow unauthenticated remote attackers to log into vulnerable servers.

The encrypted password is specifically added after installation of the Questions for Confluence application (versions 2.7.34, 2.7.35 and 3.0.2) for an account with the username disabledsystemuser.

The exploitation of this vulnerability, classified as CVE-2022-26138, allows an attacker to log in and access any page to which the confluence-users group has access.

Download here the full report of these attacks and vulnerabilities for more information.