Cyber Briefing - 2023.03.06
Welcome to?Cyber Briefing , a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe .
?? Cyber Alerts
Researchers at Metabase Q have discovered a new ATM malware, dubbed FiXS, that is targeting Mexican banks. The malware is vendor-agnostic and can target any ATM that supports CEN XFS. It interacts with crooks via an external keyboard and dispenses money 30 minutes after the last ATM reboot.
GitLab has released important security fixes in versions 15.9.2, 15.8.4, and 15.7.8 for GitLab Community Edition (CE) and Enterprise Edition (EE). These security patches contain fixes for vulnerabilities that could put customer data at risk. As part of good security hygiene, GitLab strongly recommends that all customers upgrade to the latest security release for their supported version immediately.
Researchers from cloud security firm Snyk recently discovered a vulnerability in Gitpod, a popular cloud development environment, which would have allowed attackers to perform full account takeover and remote code execution (RCE). The flaw is tracked as CVE-2023-0957 and falls into a category of issues known as cross-site WebSocket hijacking. The Snyk researchers reported that organizations should properly assess security risks and unique architectures CDEs can introduce, especially since they haven't received much scrutiny from the security community.
Researchers from KTH Royal Institute of Technology have discovered a vulnerability in the encryption algorithm, CRYSTALS-Kyber, which was selected by the US government as one of four post-quantum algorithms that can withstand quantum computing. The vulnerability relates to side-channel attacks on the masked implementation of CRYSTALS-Kyber in the ARM Cortex-M4 CPU. Side-channel attacks extract secrets from a cryptosystem through measurement and analysis of physical parameters such as execution time, supply current, and electromagnetic emission. The researchers used a neural network training method called recursive learning and a new message recovery method called cyclic rotation to recover message bits with a high probability of success.
Wago, a leading German industrial automation solutions provider, has released patches to address four vulnerabilities in its programmable logic controllers (PLCs). Discovered by Ryan Pickren from Georgia Tech's Cyber-Physical Security Lab, the vulnerabilities include two critical flaws that allow unauthenticated attackers to take full control of the targeted device. These bugs can be chained together and weaponized through direct network access or cross-origin web requests, enabling a threat actor to maliciously control actuators, falsify sensor measurements, and disable all safety controls.
The FBI Internet Crime Complaint Center (IC3) has received more than 600 complaints from timeshare owners regarding scams that involve selling or renting their properties. Scammers often pose as sales representatives from timeshare resale companies and use high-pressure sales tactics to convince owners to agree to a sale. Timeshare owners must pay an upfront fee for the transaction to go ahead, but the scammers usually disappear after the fee is paid. To avoid being scammed, owners are advised to be cautious of uninvited calls or emails, do their research, and be wary of high-pressure tactics.
Vesuvius, the global leader in molten metal flow engineering and technology, has been hit by a cyber attack. The attack involved unauthorized access to its systems, and the company has shut down affected systems and is working with cybersecurity experts to investigate the incident. Vesuvius has not yet provided any details on the nature of the attack or the impact on production and contract fulfillment, but shares in the London Stock Exchange-listed company fell 3.8% in early trading.
Cloud security startup Wiz has identified a widespread redirection campaign that has targeted thousands of websites with East Asian audiences. Attackers used legitimate FTP credentials to compromise at least 10,000 sites, often using highly secure auto-generated FTP credentials to redirect visitors to adult-themed content. Although the goal of the campaign could be ad fraud or SEO manipulation, the attackers may also be seeking to increase traffic to destination websites, and may use the access obtained to carry out other nefarious activities.
领英推荐
The City of Oakland, California, has become the latest victim of a ransomware attack. In the aftermath of the incident, the Play ransomware group has leaked a 10 GB archive containing sensitive data, including employee information, passports, and IDs. While Oakland has confirmed that its core functions were not impacted, the leak is a reminder of the dangers faced by organizations in the digital age.
Local media reports reveal that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware, which is rumored to be used by Polish special services to spy on government opponents. The hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware, while the PiS government admitted having used the spyware.
Flutterwave, a leading African fintech company, has reportedly lost $ 6.3 million to hackers who transferred the funds to 28 accounts in 63 transactions. Flutterwave's legal counsel reported the incident to the Deputy Commissioner of Police on February 19, 2023, blaming commercial banks for allowing the money to be moved to other accounts. While police investigations are ongoing, Flutterwave has filed a motion to freeze accounts in 27 financial institutions in Nigeria, including Access Bank, Kuda, Zenith Bank, and OPay, which was later granted.
?? Cyber News
Online payment giant PayPal is facing legal action over a data breach that exposed the personal and financial information of almost 35,000 individuals. The lawsuit alleges that PayPal's negligence was to blame for the December 2022 incident, and that the company failed to implement basic security measures or comply with industry data protection standards. If the case proceeds as a class action, it could potentially represent thousands of affected individuals seeking damages from PayPal, which had a reported user base of 435 million in 2022.
Brave Search, a privacy-centric search engine, has integrated an AI-powered tool named Summarizer that offers summarized answers to users' queries before presenting the search results. Unlike other AI chat tools that generate inaccurate responses, Brave's Summarizer sources data only from web search results, ensuring accuracy and transparency by including citations for data sources used. The tool also employs three large language models trained on separate tasks, making it more reliable and faster.
The US Environmental Protection Agency (EPA) has issued new requirements to boost cybersecurity at public water systems, expressing concern that many facilities have failed to take basic steps to protect themselves from hackers. The new EPA memo requires state governments to audit the cybersecurity practices of public water systems, and to use state regulatory authorities to force water systems to add security measures if existing ones are deemed insufficient. This follows increased scrutiny and warnings from federal agencies about multiple ransomware attacks on the computer networks of water and wastewater facilities across the country.
Over the course of 28 days in January, honeypots operated by cyber insurer Coalition to assess the volume of cyber attacks directed against London were attacked 91 million times by over 101,000 different hackers. Of the 91 million attacks recorded, 77 million were attempts to hack into remote desktop connections used by employees working out of their offices. Russia was the single largest source of attacks followed by Bulgaria, Monaco, and Panama.
Subscribe ?and Comment.
Copyright ? 2023?CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: