Cyber Briefing - 2023.02.27
Welcome to?Cyber Briefing , a short newsletter that informs you about the latest cybersecurity advisories, alerts and incidents every weekday.
First time seeing this? Please?subscribe .
?? Cyber Alerts
1. PureCrypter Targets Government Entities
Menlo Labs has revealed the discovery of an elusive threat campaign that targets government entities. Dubbed PureCrypter, the campaign leverages a compromised non-profit organization's domain as Command and Control to deliver malware payloads such as Redline Stealer, AgentTesla, Eternity, Blackmoon, and Philadelphia Ransomware. Although the use of compromised infrastructure is an operational security lapse, it offers a trail for analysts to follow. Menlo's Cloud Security Platform detected and blocked the password-protected archive files, prompting an investigation that allowed the threat actor's activities to be tracked.
2. PlugX Malware poses as Debugger
Researchers from Trend Micro have discovered that the PlugX remote access trojan is using a legitimate open-source Windows debugger tool called x64dbg to evade security protections and take over target systems. PlugX is a post-exploitation modular implant that can be used for a variety of nefarious purposes, such as data exfiltration. The malware employs DLL side-loading to load a malicious DLL from the x64dbg tool, which can confuse security tools due to its valid digital signature, allowing threat actors to maintain persistence and bypass file execution restrictions.
3. ChromeLoader Adware Poses As Popular Games
The ChromeLoader browser hijacking and adware campaign is now using VHD files named after popular games to distribute malware, according to security researchers. Previously, such campaigns relied on ISO-based distribution. The malicious files were discovered by the Ahnlab Security Emergency Response Center (ASEC), which found that a network of malvertising sites distributes the malicious files, which appear as legitimate game-related packages, that install the ChromeLoader extension.
4. Clop Ransomware: US Healthcare Sector Warned
The U.S. Department of Health and Human Services' Health Sector Cybersecurity Coordination Center has warned the healthcare sector to boost their defenses against potential Clop attacks after the group's recent alleged mass attacks. Clop claims to have targeted over 130 organizations, including healthcare entities, using the GoAnyWhere MFT flaw, which allows hackers to exploit the software's administrator console without authentication. Healthcare organizations are urged to apply recommended security patches and review their use of file transfer systems.
5. Tesla's Sentry Mode Privacy Issues
Tesla has revised its in-built camera settings following a probe by the Dutch data privacy agency. The agency found that Tesla's Sentry Mode video surveillance setting, which detects "suspicious activity" around a parked Tesla, enabled illegal recording and retention of data. The automaker has since revised the default settings to address privacy concerns by only responding if someone touches the vehicle and not automatically beginning recording.
?? Cyber Incidents
1. CH01 Hacktivists Deface 32 Russian Websites
CH01, a group of hacktivists, has marked the one-year anniversary of the Russian invasion by defacing at least 32 Russian websites in protest. The group joined Anonymous's call to arms against Russia's invasion of Ukraine and uploaded a video showing the Kremlin burning on the defaced websites. It is unclear how the hackers managed to breach the websites, but the message published by CH01 on Twitter suggests that the group intends to continue fighting against Putin's criminal regime.
2. Australian Retailer Hit by Data Breach
Personal information belonging to customers of The Good Guys was compromised in a security breach that involved the retailer's former third-party supplier, My Rewards. The breach, which affected names, email addresses, and phone numbers, likely occurred in August 2021, according to a statement from My Rewards. The Good Guys said it had not suffered a breach, adding that affected customers would be contacted. The incident highlights the importance of organisations scrutinising their suppliers and third parties, said Sumit Bansal, BlueVoyant's Asia-Pacific Japan vice president.
领英推荐
3. News Corp Reveals State-backed Cyberattack
News Corp has disclosed more information about the data breach discovered last year, revealing that a Chinese state-sponsored group was behind the attack. The hackers gained access to a business email and document storage system used by several News Corp businesses, with some personal information possibly compromised. While the media giant claimed that the attack did not appear to be focused on exploiting personal information, it has decided to offer free identity protection and credit monitoring services to affected individuals.
4. Dish Network Outage, likely Cyber Attack
Dish Network, a US-based TV giant and satellite broadcast provider, has suffered a widespread outage that has affected its websites, apps, and networks. Customers have reported authentication issues when signing into TV channel apps and problems with paying their bills or calling customer service centers. An internal email sent to Dish Network's employees reveals an ongoing "VPN issue," and there are reports of a cyberattack causing the outage, leaving remote employees unable to access their work systems. Dish Network has yet to confirm or deny the reports of a cyberattack.
5. Data Breach: Stanford Economics Ph.D. Program
Stanford University has disclosed a data breach affecting 897 individuals who submitted personal and health information as part of the graduate application to its Department of Economics. The breach was caused by a misconfiguration of a folder's settings, allowing unrestricted access to application files beginning in December 2022. The university immediately blocked access to the files and found no evidence that the downloaded information has been misused, and is updating processes and policies related to electronic file storage security.
?? Cyber News
1. Dutch Police Bust Data Theft Ring
Dutch police arrest three in connection with large-scale data theft, extortion, and money laundering operation involving the theft of personal data belonging to tens of millions of individuals from thousands of small and large companies and institutions, both national and international, over several years. The hackers demanded a Bitcoin payment from the affected companies and threatened to publish the stolen information online or destroy the digital infrastructure, racking up millions in damages. The suspects sold the data despite the companies paying up, raising concerns about social engineering attacks and fraudulent activities.
2. Therapy Hack Suspect Extradited to Finland
A hacker suspected of a cyberheist that exposed psychotherapy records has been extradited to Finland from France. The suspect, Aleksanteri Tomminpoika Kivimaki, has been placed on remand and faces charges including aggravated extortion, aggravated computer break-in and aggravated dissemination of personal privacy. Kivimaki was arrested by French authorities after a cyberattack in late 2020 exposed patient records of thousands of Finns who had sought therapy at Psykoterapiakeskus Vastaamo Oy.
3. Military Cyberwarfare Exercise in Europe
The largest cyberwarfare exercise in Western Europe, involving 34 teams from 11 countries, was recently held in Estonia. The seven-day event called Defence Cyber Marvel 2 tested participants' responses to various cyber scenarios, including attacks on networks and industrial control systems. A team from Italy emerged as the winner, followed by Estonia and the UK.
4. Palo Alto Networks Launches OT Security
Palo Alto Networks has announced a new zero trust security solution designed to protect the operational technology (OT) environments of industrial organizations. The Zero Trust OT Security solution includes a new service called Industrial OT Security, which is a cloud-delivered service that provides comprehensive visibility into cyber-physical systems. It uses an ML-powered OT visibility engine to identify over 1,000 ICS/OT applications and provides segmentation and least-privilege access control, continuous risk monitoring, and continuous security inspection capabilities.
5. LA Man Indicted For Influencer Fraud
Amir Hossein Golshan, a 24-year-old man from Downtown Los Angeles, has been indicted on six federal charges related to defrauding female social media influencers. The charges include SIM swapping, wire fraud, unauthorized access to a protected computer to obtain information, and threatening to damage a protected computer. According to the indictment, Golshan targeted social media influencers, hijacking their Instagram accounts, and using them to extort money and engage in sexually explicit video chats. If convicted, Golshan could face up to 20 years in federal prison for each wire fraud count and up to five years for each computer hacking-related count.
Subscribe ?and Comment.
Copyright ? 2023?CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: