Cyber Briefing - 2023.03.07
Welcome to?Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
?? Cyber Alerts
1. Phishing Campaign Deploys Remcos RAT Malware
Phishing Campaign Targets Eastern European Organizations with Remcos RAT Malware Cybersecurity researchers have discovered a new phishing campaign that uses an old Windows User Account Control bypass to deploy Remcos RAT malware to target organizations in Eastern Europe. The campaign uses a technique to bypass Windows User Account Control, which has been known since 2020 but is still effective today. Emails with top-level domains that match the recipient's country, containing invoices, tender documentation, and other financial documents, are sent to lure victims into opening the attachment, which is a tar.lz archive containing the DBatLoader executable.
2. Security Vulnerabilities Found in DJI Drones
A research team from Ruhr University Bochum and CISPA Helmholtz Center for Information Security has discovered 16 serious security vulnerabilities in all four tested DJI drone models. These flaws could allow users to change important drone identification details, override security mechanisms, and even bring down flying drones remotely. DJI was informed of these vulnerabilities before the research team released the information to the public, and the company has since fixed these issues.
3. New Financial Scam Using Fake ChatGPT
Cybercriminals have found a new way to exploit the fame of OpenAI’s chatbot, ChatGPT, by launching a phishing scam targeting users in Ireland, Australia, Germany, Denmark, and the Netherlands. In this financial scam, unsuspecting users receive a scam email containing a link to a fake version of the ChatGPT chatbot, where they are asked to invest at least €250 and enter their banking card details, email address, ID credentials, and phone number. The attackers are delivering a copycat version of ChatGPT that differs from the original chatbot as it offers a few pre-determined answers to the user’s queries, and this chatbot is accessible only through a blacklisted domain.
4. Twitter Experiences Global Outage
Twitter users worldwide are experiencing issues with logging in, sharing tweets, clicking links, and seeing images. Thousands of users have reported issues with Twitter's website, app, and connecting to Twitter servers. The social network has acknowledged the issue, stating that an internal change caused "unintended consequences" and that they are working on fixing it.
5. Pakistan APT Group Targets Android Users
A suspected APT group, Transparent Tribe, has been found to be behind an ongoing cyber espionage campaign targeting Android users in India and Pakistan. The group used a backdoor called CapraRAT to distribute the malware via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp. It is believed that the targets were lured through a honeytrap romance scam, wherein the threat actor approached the victims via another platform and persuaded them to install the malware-laced apps under the pretext of "secure" messaging and calling.
6. Hiatus Malware Targets Business Routers
Lumen Black Lotus Labs has uncovered a new malware campaign named Hiatus, which has been active since July 2022. The attack targets end-of-life DrayTek Vigor router models 2960 and 3900, which are high-bandwidth routers that can support hundreds of VPN connections. Once a router is compromised, the threat actor can remotely interact with the system and turn it into a covert proxy, allowing them to spy on targets and establish a stealthy network. Although only around 100 devices have been impacted so far, it's suspected that the actor is maintaining a minimal footprint to limit their exposure.
1. Ransomware Gang Leaks Cancer Patients' Data
Russian-speaking ransomware gang, BlackCat, has released stolen data from a healthcare group based in Pennsylvania. The group posted a message on its dark leak site, taunting Lehigh Valley Health Network, and claiming to have had time to study their business, and had stolen confidential information. The leaked images include screenshots of patient diagnoses and pictures of breast cancer patients disrobed from the waist up. This escalation of attacks may be due to fewer victims willing to pay the extortion demands, as the rate of ransomware attacks has remained constant over the past three years.
领英推荐
2. Barcelona Hospital Hit by Ransomware
The Hospital Clinic de Barcelona, one of the major hospitals in the Catalan city, suffered a ransomware attack that has affected the facility’s laboratories, emergency room, and pharmacy. As a result, 150 nonurgent operations and up to 3,000 patient checkups were canceled due to the cyber attack. The hospital is diverting new urgent cases to other hospitals in the city and at this time it is unclear when the impacted systems will be recovered.
3. SuprBay Offline: Pirate Bay Users Affected
The official web forum of The Pirate Bay, SuprBay.org, has been offline for several days, leaving its users in the lurch. SuprBay serves as a switch for The Pirate Bay users in case the main site goes offline, making it a crucial resource for the site's followers. While the reason behind the inaccessibility remains unknown, fellow administrator Spud17 suspects the work of an outsider.
4. Denver Public Schools: Employees' Data Stolen
Denver Public Schools (DPS) has disclosed a month-long cybersecurity incident in which the personal data of about 15,000 employees was stolen. A hacker accessed and/or took files stored on the district's computer servers between Dec. 13, 2022, and Jan. 13, 2023, including names, Social Security numbers, fingerprints, bank account numbers, driver's license numbers, passport numbers, and health plan enrollment information. DPS is offering free credit monitoring and identity theft protection services to affected individuals and has implemented additional measures to enhance network security.
5. The Sandbox Game Warns of Malware Attack
The Sandbox, a popular blockchain-based multiplayer game, has alerted its community of a security incident that resulted in some users receiving fraudulent emails impersonating the game, in an attempt to infect them with malware. The game, with over 350,000 active monthly users, allows players to build, own, and monetize interactive content and offers multiple ways to make money. An attacker hacked an employee of The Sandbox to gain access to several email addresses belonging to the company, and then sent emails to users that appeared to come from The Sandbox containing links to malware hosted at another site.
?? Cyber News
1. Germany and Ukraine Arrest Ransomware Hackers
German and Ukrainian authorities have detained two core members of a ransomware group responsible for cyberattacks on hospitals and emergency services across Europe and the US. The suspects, a German and a Ukrainian national, are accused of spreading DoppelPaymer ransomware, which targets victims with phishing and spam messages containing malicious code. Electronics seized in the raids may lead to further arrests of other members of the group. The FBI has also been seeking one of the suspects, who is wanted for his alleged role in administering the Dridex malware. Among the group's victims is the University Hospital in Düsseldorf, which was attacked in September 2020, resulting in the death of an emergency patient.
2. Microsoft and MITRE Create Arsenal Plug-in
Microsoft and MITRE have developed a new plug-in called Arsenal to assist cybersecurity professionals in defending against machine learning (ML) system attacks. The tool integrates various open-source software tools and enables practitioners to emulate attacks on ML systems, without having a deep background in ML or AI. MITRE and Microsoft plan to add new techniques and adversary profiles to the tool as security researchers document new attacks on ML systems.
3. Nvidia Fixing Driver Causing High CPU Usage
Nvidia has acknowledged a driver issue with the GeForce Game Ready 531.18 WHQL driver causing high CPU usage and blue screens of death (BSODs) on Windows systems. After the release of the driver, customers have been experiencing constant blue screens and CPU spikes of 10% or more on Windows systems, which has led to many complaints on the company's forums and social media. Nvidia has said that a hotfix driver will be released tomorrow to address the issue, but until then, users can kill the NVIDIA Container process via the Windows task manager to get rid of the general OS lagginess.
4. Microsoft is Launching a New Canary Channel
Microsoft is launching a new Canary channel for its Windows Insider Program, offering the earliest look at new features and updates. Highly technical users who don't mind dealing with unstable builds and minimal documentation can access the Canary channel's 25000 series builds, which are flighted as soon as they're built. However, Microsoft warns that these builds may include major issues, and users may need to reinstall Windows in rare cases.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: