Cyber Briefing - 2023.02.22

Cyber Briefing - 2023.02.22

Welcome to?Cyber Briefing , a short newsletter that informs you about the latest cybersecurity advisories, alerts and incidents every weekday.

First time seeing this? Please?subscribe .



No alt text provided for this image

Cyber Alerts

1) MyloBot Botnet: A Threat That Keeps Evolving

The MyloBot botnet, which first appeared in 2017, continues to be a threat to thousands of systems, most of which are located in India, the U.S., Indonesia, and Iran, according to cybersecurity firm BitSight. It uses a multi-stage sequence to unpack and launch bot malware, sitting idle for two weeks before contacting its command-and-control (C2) server to evade detection. MyloBot is also known to use a downloader to retrieve its payload, and is now suspected to be connected to a residential proxy service called BHProxies, leading to suggestions it could be part of a wider threat landscape.


2) Data Centers Under Attack: Malicious Cyber Activity Targets Critical Supply Chain Organizations

Cybersecurity company Resecurity warns of an increase in malicious cyber activity targeting data center service providers globally. In recent months, Resecurity has notified several data center organizations about malicious cyber activity targeting them and their customers, which are a juicy target for nation-state, criminal, and cyberespionage groups. Resecurity expects attackers to increase malicious cyber activity related to data centers and their customers, highlighting the importance of international cooperation and proactive threat intelligence sharing to mitigate such vectors.


3) Google Working to Harden Android Firmware Security Beyond OS

Google is expanding Android device security beyond the operating system, targeting firmware, which interacts with the various processors of a system on a chip. The company aims to harden the security of Android devices' firmware to protect against potential security breaches, especially those that target vulnerabilities in secondary processors. Google plans to use exploit mitigations, memory safety features, and sanitizers to improve firmware security without compromising device performance.


4) Havoc Framework Emerges as a Lucrative Tool for Threat Actors

Security researchers have detected a new cyberattack campaign targeting an unnamed government organization that utilizes the open source command-and-control framework known as Havoc. The Havoc Framework is an advanced post-exploitation command-and-control framework that is capable of bypassing Windows 11 Defender due to its implementation of advanced evasion techniques. The framework comes with a wide variety of features that make it difficult to detect, turning it into a lucrative tool in the hands of threat actors, even as cybersecurity vendors push back against the abuse of legitimate red team software.


5) HHS Will Seek HIPAA Changes for Reproductive Health Data

The Biden administration is considering a proposed rule that aims to strengthen federal privacy rules for reproductive health data. Abortion is now illegal in 12 US states and restricted with varying degrees of strictness in more than a dozen states, causing concerns about medical practices sharing reproductive health patient information with law enforcement. The proposed regulations could be part of a larger package of changes to the HIPAA Privacy Rule expected later this year.


No alt text provided for this image

Cyber Incident

1) Technical Difficulties Interrupt Putin's Address to Parliament

During Russian President Vladimir Putin's address to the country's two houses of parliament on Tuesday, state media websites suffered an outage, preventing access to the All-Russia State Television and Radio Broadcasting Company and the Smotrim live-streaming platform. The VGTRK website claimed "technical works were being carried out," while Smotrim was not loading. The state-run RIA Novosti news agency attributed the outage to a distributed denial of service (DDoS) attack, but Reuters was unable to independently verify the cause of the disruption.


2) Activision Confirms Data Breach Due to SMS Phishing Attack

Video game maker Activision has confirmed a data breach after hackers tricked an employee with an SMS phishing text in early December 2022. The incident did not compromise player details or game source code, but the hackers exfiltrated sensitive workplace documents, including upcoming content release schedules. The hackers also accessed employee details, including full names, email addresses, phone numbers, and salaries, as well as information on upcoming content bundles for 'Call of Duty Modern Warfare II' franchise.


3) Gcore Mitigated Massive DDoS Attacks on a Client's Web Application

Gcore, a global network protection and optimization service, successfully mitigated an L3/L4 DDoS attack on one of its clients' web applications at the beginning of January. The attack was carried out from over 2000 servers belonging to one of the top three cloud providers worldwide, and the malicious traffic peaked at 650 Gbps, which is 60 times the average bandwidth of similar attacks. Gcore's distributed infrastructure, a large number of peering partners, and powerful CDN plan were instrumental in mitigating the attack and ensuring that the client's web application remained available.


4) Hackers steal login credentials for data centers used by major global companies in Asia

Hackers breached data centers in Asia used by some of the world's largest businesses, potentially compromising login credentials and exposing customer support websites, according to Resecurity, a cybersecurity research firm. The two data center operators affected are GDS Holdings in Shanghai and ST Telemedia Global Data Centres in Singapore. The stolen information includes login credentials for customer support websites for companies such as Amazon, Apple, Microsoft, and Walmart, among others.


5) Over 1 Million Patients Affected by Hacks at NJ Healthcare System and Alabama Clinic

CentraState Healthcare System and Cardiovascular Associates reported separate data breaches in December 2022, which exposed the personal and medical information of over a million patients. CentraState detected "unusual activity" in its computer systems on Dec. 29, leading to the discovery of unauthorized access to an archived database containing patient information. Cardiovascular Associates also reported "unauthorized activity" within its network, which an investigation determined allowed an unauthorized third party to access patient information and remove some data from the clinic's network between Nov. 28 and Dec. 5. Both organizations are offering identity monitoring and credit monitoring services to affected individuals, and enhancing the security of their electronic systems and patient data to prevent similar incidents in the future.


No alt text provided for this image

Cyber Advisory

1) Apple updates security advisories to add new iOS and macOS vulnerabilities

Apple has added three new vulnerabilities to its recent security advisories for iOS 16.3 and macOS Ventura 13.2, originally released on January 23. These include a race condition affecting the crash reporter component, and two security holes impacting the "foundation" component that can allow arbitrary code execution. Extended detection and response company Trellix discovered the vulnerabilities, which belong to a new class of bugs allowing attackers to bypass code signing on macOS and iOS systems, potentially granting them access to sensitive information or the ability to install arbitrary applications.


2) U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerabilities include a code execution flaw in IBM Aspera Faspex and two code injection vulnerabilities in Mitel MiVoice Connect. CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by March 14, 2023, to protect networks from potential threats.


3) Critical Vulnerability Found in VMware's Carbon Black App Control

VMware has released patches to address a critical security vulnerability in its Carbon Black App Control product. The flaw is tracked as CVE-2023-20858 and carries a CVSS score of 9.1 out of 10. The vulnerability allows a malicious actor with privileged access to the App Control administration console to access the underlying server operating system.


4) Microsoft Releases February 2023 Optional Cumulative Updates for Windows 11 and Windows 10

Microsoft has released the February 2023 optional cumulative updates for all editions of Windows 11 22H2 and all supported Windows 10 versions. The Windows 11 KB5022905 non-security release includes 13 bug fixes and enhancements, such as an advanced auto-learning feature for facial recognition and fixing an IE mode issue. The preview update is optional and does not contain any security updates, and users can install it manually by going to Settings > Windows Update and clicking the 'Check for Updates' button.


5) VMware releases update to fix boot issues with Windows Server 2022 on vSphere ESXi

VMware releases ESXi update to fix boot issue for Windows Server 2022 VMs. Some Windows Server 2022 virtual machines have failed to boot after installing KB5022842 update, which delivers a new form of digital signature on the EFI bootloader, which UEFI Secure Boot incorrectly rejects. VMware's ESXi 7.0 Update 3k resolves the known issue and will enable admins to recover affected VMs that were no longer booting, but VMware also provides temporary workarounds to help users avoid the issue until the update can be applied.


Subscribe ?and Comment.

Copyright ? 2023?CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn ,?Twitter ,?Reddit ,?Instagram ,?Facebook ,?Youtube , and?Medium .

Shemul Mia

Graphic Artist and Digital Illustrator | Let's Connect

1 年

Great

要查看或添加评论,请登录

社区洞察

其他会员也浏览了