3CX’s NK connection, WordPress Elementor hack, DISH faces lawsuits
More evidence links 3CX supply-chain attack to North Korean hacking group
The supply-chain attack on the enterprise phone company 3CX used hacking code that “exactly matches” malware previously seen in attacks by a notorious North Korean group, according to new analysis. Sophos added more evidence Friday to this attribution, saying that a shellcode loader the attacker used has only previously been seen in incidents attributed to the Lazarus Group. They continued, “it’s clear the perpetrators were able to compromise the installation in a way that users unknowingly downloaded not only the original application but also additional malicious code.” The hackers secretly modified these apps so they executed malicious commands in the background, downloading malware that allowed them to steal sensitive information from the web browsers on users’ computers.
Hackers exploiting WordPress Elementor Pro Vulnerability, leaving millions of sites at risk
Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22. The premium plugin is estimated to be used on over 12 million sites. Successful exploitation of the high-severity flaw allows an authenticated attacker to complete a takeover of a WordPress site that has WooCommerce enabled.
DISH slapped with multiple lawsuits after ransomware cyber attack
Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company’s multi-day “network outage.” These class action lawsuits, filed across different states, allege that DISH “overstated” its operational efficiency while having a deficient cybersecurity and IT infrastructure. The legal actions aim to recover losses faced by DISH investors who were adversely affected by what has been dubbed a “securities fraud.”
LockBit announces leak data stolen from the South Korean National Tax Service
On March 29, 2023, the Lock Bit ransomware gang announced the hack of the South Korean National Tax Service. The group added the South Korean agency to its Tor leak site and announced the release of stolen data by April 1st, in case the ransom was not paid. The National Tax Service (NTS) which is mainly in charge of the assessment and collection of internal taxes was established as an external organization of the Ministry of Finance on March 3, 1966. At the time of this recording the group has yet to publish the stolen data, however, if the hack was real, the stolen data poses a severe risk to the privacy and security of South Korean citizens.
领英推荐
Thanks to this week’s episode sponsor, Normalyze
AlienFox malware targets API keys and secrets from AWS, Google, and Microsoft Cloud Services
A new “comprehensive toolset” called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. SentinenOne calls this “an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns,” The malware is described as highly modular and constantly evolving to accommodate new features and performance improvements. The primary use of AlienFox is to enumerate misconfigured hosts via scanning platforms like LeakIX and SecurityTrails, and subsequently leverage various scripts in the toolkit to extract credentials from configuration files exposed on the servers.
Lewis & Clark College cyberattack claimed by notorious ransomware gang
The Vice Society cybercrime group has taken credit for the attack, posting samples of passports as well as documents that included Social Security numbers, insurance files, W-9 forms, contracts and more. Starting on March 3, the school sent out several urgent messages on social media and on its website notifying students and employees that several of its systems were down. The outages lasted until March 7. The Portland, Oregon, liberal arts college did not respond to requests for comment about whether a ransom was demanded or will be paid.
QNAP fixes Sudo privilege escalation bug in NAS devices
Taiwanese vendor QNAP warns customers to update their network-attached storage (NAS) devices to address a high-severity Sudo privilege escalation vulnerability tracked as CVE-2023-22809. The vulnerability was discovered by security firm Synacktiv, it is a sudoers policy bypass in Sudo version 1.9.12p1 when using sudoedit. An attacker can trigger the vulnerability to achieve privilege escalation by editing unauthorized files after appending arbitrary entries to the list of files to process.
University student uses AI chatbot to get parking fine revoked
When Millie Houlton received the notice from York City Council she said she was tempted to pay rather than spend time compiling a response. However, the 22-year-old asked ChatGPT to “please help me write a letter to the council, they gave me a parking ticket” and sent it off. The authority withdrew the fine notice. Houlton said the fine was wrongly issued for parking on her street – as she has a permit to do so. She said she considered paying the fine simply because she was busy with academic work in the final year of her events and business management degree.
(BBC News)