China ESXi exploit, WooCommerce vulnerability, Lockbit ransom report
China-linked APT group spotted exploiting a VMware ESXi zero-day
Researchers at Mandiant have observed a China-linked cyberespionage group, tracked as UNC3886, exploiting a VMware ESXi zero-day vulnerability tracked as CVE-2023-20867. They first detailed the activity of the group in September 2022 when they discovered a novel malware persistence technique within VMware ESXi Hypervisors. As investigations into the group’s activity continued in 2023, Mandiant discovered that the attacker utilized the zero-day vulnerability to execute commands and transfer files to and from guest VMs from a compromised ESXi host without the need for guest credentials. They state, in their report, “the vulnerability does not generate an authentication log event on the guest VM when commands are executed from the ESXi host.”
Hundreds of thousands of ecommerce sites impacted by critical plugin vulnerability
A critical vulnerability in the WooCommerce Stripe Payment Gateway plugin, tracked as CVE-2023-34000, is described as an unauthenticated insecure direct object reference (IDOR) bug leading to information disclosure. The flaw allows an unauthenticated attacker to view any information that a user provides when placing an order, including name, address, and email address. The issue was resolved on May 30, with the release of WooCommerce Stripe Payment Gateway version 7.4.1., but according to the official WordPress web store, the plugin has more than 900,000 active installations, and hundreds of thousands of them could be vulnerable to attacks based on available version use data.
7-Nation LockBit report shows US paid over $90m in ransoms since 2020
Seven nations – the US, Australia, Canada, the UK, Germany, France, and New Zealand jointly issued an alert yesterday with protection tips and information about LockBit. The advisory includes details of common tools and exploits used by the criminals, along with recommendations to avoid ransomware infections or reduce the impact of future ones. It adds that the group's affiliates remains a global scourge, costing US victims alone more than $90 million from roughly 1,700 attacks since 2020. The alert does not encourage payment of ransoms, but does urge that ransomware incidents be reported.
Hackers create fake GitHub profiles to deliver malware through repositories
Hackers launched an elaborate campaign to deceive cybersecurity professionals on the code-hosting platform GitHub and trick them into downloading malware, according to research published on Wednesday. The group created fake profiles of real security researchers to promote code repositories that appear to house exploits for popular products like Chrome, Exchange, and Discord. According to cybersecurity company VulnCheck, the threat actors behind these repositories have invested substantial effort into making them appear authentic, creating a network of Twitter accounts, masquerading as members of a fictitious company called High Sierra Cyber Security. They even used headshots of genuine researchers employed by major cybersecurity companies.
领英推荐
Thanks to this week’s episode sponsor, Conveyor
EU passes landmark Artificial Intelligence Act
The European Parliament adopted the latest draft of the legislation with an overwhelming majority yesterday. First introduced in April 2021, the AI Act aims to strictly regulate AI services and mitigate the risk it poses. The first draft, which included measures such as adding safeguards to biometric data exploitation, mass surveillance systems and policing algorithms, preempted the surge in generative AI tool adoption that started in late 2022. This latest draft introduced new measures to control “foundational models.” These include a tiered approach for AI models, from ‘low and minimal risk’ through ‘limited risk,’ ‘high risk’ and ‘unacceptable risk’ AI practices.
Cyber Command reshuffles force expansion due to Navy readiness woes
The U.S. military has rearranged a years-long effort to expand the "action arm" of its top cyber forces, according to multiple sources, as leaders try to balance fighting advanced foreign threats like China with maintaining basic readiness. This includes growing its main warfighting corps, known as the Cyber Mission Force (CMF), by 14 teams. Four new teams to be provided by the Navy will focus on training the service’s existing cyber operators first, not acting as additional cyber warriors as originally intended, according to multiple military, civilian and congressional sources with direct knowledge of the process. In all, two Cyber Combat Mission Teams, which conduct digital operations to support U.S. military commands around the world, and two Combat Support Teams that aid the combat teams and others, will bolster the existing teams and lay the groundwork for future squads with the intention that, one day, they will protect computer networks from foreign hackers as intended.
Twitter evicted from its Boulder office over unpaid rent
Twitter owes three months’ rent to its Boulder landlord, and a judge has signed off on evicting the tech giant from its office there, court documents show. In May the Chicago-based LLC that owns the offices at 3401 Bluff St in Boulder took Twitter to court, and on May 31 the judge issued an order that the sheriff should assist in the eviction of Twitter within the next 49 days. As many as 300 employees once worked in Twitter’s Boulder offices, but between layoffs, other firings, and resignations, it is probably less than half of that now.
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on. The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. By carefully monitoring characteristics such as power consumption, sound, electromagnetic emissions, or the amount of time it takes for an operation to occur, attackers can assemble enough information to recover secret keys that underpin the security and confidentiality of a cryptographic algorithm.