Cyber Briefing - 2023.03.16
Welcome to?Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
Water Information Sharing and Analysis Center (WaterISAC) has issued an advisory regarding the potential for a mandatory Microsoft DCOM patch to disrupt SCADA. This could result in a loss of critical communications between impacted ICS/OT/SCADA devices. The Distributed Component Object Model (DCOM) is a protocol used for communication between software components on different computers on a network and is embedded in many Industrial Control Systems from companies such as Rockwell Automation, GE, Honeywell, Siemens, etc. Microsoft is set to roll out the final phase of the DCOM hardening as part of a Windows update on March 14, 2023. CISA urges operators to review the WaterISAC advisory and apply recommended compensating controls.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint Cybersecurity Advisory (CSA) warning about multiple cyber threat actors, including an APT actor, exploiting a Telerik UI vulnerability in a federal civilian executive branch agency. The vulnerability in Progress Telerik user interface (UI) for ASP.NET AJAX allowed remote code execution by exploiting the .NET deserialization vulnerability (CVE-2019-18935). CISA, FBI, and MS-ISAC have provided IT infrastructure defenders with methods to detect and protect against such exploitation.
CrowdStrike warns of a new threat targeting Kubernetes infrastructure, as criminals pivot to privacy-focused cryptocurrency Dero. Since February, a campaign of more than 4,000 miner instances has targeted Kubernetes infrastructure on three US-based servers. Unlike traditional cryptocurrencies, Dero’s privacy features make it difficult to track funds, which is proving attractive to cybercriminals.
Mozilla has released security advisories for Firefox ESR and Firefox browsers to address vulnerabilities. The advisories were released on March 14, 2023, and the affected versions are Firefox ESR versions prior to 102.9 and Firefox versions prior to 111. One of the vulnerabilities could lead to a potentially exploitable crash, while the other could result in potential user confusion or spoofing attacks on Firefox for Android. Mozilla has encouraged users and administrators to review the web links provided and apply the necessary updates.
CISA has identified evidence of active exploitation of the Adobe ColdFusion Improper Access Control vulnerability and has added it to its Known Exploited Vulnerabilities Catalog. The catalog is a living list of known vulnerabilities that carry significant risk to the federal enterprise, and federal agencies are required to remediate identified vulnerabilities to protect their networks against active threats. CISA strongly urges all organizations to prioritize timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.
The National Security Agency has released guidelines to help operators improve their identity, credential, and access management (ICAM) capabilities to boost cybersecurity. The adoption of a mature zero trust framework, which requires the integration of seven different pillars, is mandated by the president's executive order on improving the nation's cybersecurity. The user pillar of zero trust covers the management of user access in a dynamic risk environment and refines capabilities associated with the Federal Identity, Credential, and Access Management framework, established in 2009.
Wymondham College, the largest state boarding school in the United Kingdom, announced on Tuesday that it had been hit by a “sophisticated cyberattack”. The school did not explain the nature of the attack, but assured parents that they were not aware of any data breach and the school remains open as usual. Wymondham is the latest educational establishment in the UK to face disruption as a result of a cyber incident, and is working with the National Cyber Security Centre (NCSC) “to ensure an appropriate response,” and has notified the Department for Education.
领英推荐
2. Ransomware group threatens Ring security firm
Home security firm Ring, owned by Amazon, says it has no evidence that it has been hit by a ransomware attack. The statement comes after cyber gang, Alphv, added an entry to their leaks site threatening to release data they claim to have stolen from the company. While the entry did not provide details on the data that may have been compromised, Ring maintains it has not experienced a ransomware event. The Alphv ransomware family is operated by a cybercrime ring that is believed to be linked to the group behind Darkside/Blackmatter ransomware.
3. Tick targets East Asian DLP company
Tick, a suspected China-aligned cyberespionage collective, has been attributed with a high confidence compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities. The group, active since at least 2006, primarily targets government, manufacturing, and biotechnology firms in Japan, but has also gone after Russian, Singaporean, and Chinese enterprises. The attack on the DLP company involved the compromise of internal update servers and trojanized installers of legitimate tools used by the company, resulting in the execution of malware on the computers of the company's customers.
4. ILS System Hack Exposes Patient Data
Miami-based Independent Living Systems (ILS) discovered its systems were hacked on July 5, 2022, with threat actors potentially accessing the personal information of patients between June 30 and July 5. The exposed information includes names, social security numbers, medical information, and health insurance information, potentially leading to social engineering or phishing attacks against those affected.
Researchers from Cybernews discovered that French aerospace firm Safran Group had been leaking sensitive data due to a misconfiguration of its systems. The company, which is ranked as the eighth largest aerospace supplier in the world, was left vulnerable to cyber attacks for more than a year. The leaked information included the Laravel app key, JSON Web Token (JWT) key, MySQL credentials, and Simple Mail Transfer Protocol (SMTP) credentials for the “no-reply” email, and could have made it relatively easy for attackers to gain access to the website’s backend, employee computers, and other servers.
???Cyber News
1. SEC proposes new cybersecurity rules
The Securities and Exchange Commission (SEC) has approved a proposal requiring market entities to report significant cybersecurity incidents to the agency and document policies and procedures meant to address cybersecurity threats. Additionally, the SEC would require market entities, except for small dealer-brokers, to publicly disclose cybersecurity incidents. The proposed rule and others must undergo public comment before facing another round of commissioner voting. The Biden administration has been advocating for more regulatory requirements for private sector cybersecurity in light of the increased risk of ransomware attacks.
2. ChipMixer, a Cryptocurrency Mixing Service Seized
Europol, in coordination with the BKA and FBI, has seized the popular cryptocurrency mixing platform 'ChipMixer,' used by cybercriminals to launder their proceeds. The operation resulted in the seizure of four servers, 7 TB of data, and $46.5 million worth of Bitcoin, making it the largest cryptocurrency asset seizure by the BKA to date. ChipMixer has facilitated the laundering of 152,000 Bitcoins worth approximately EUR 2.73 billion, and the authorities have found further ties to illegal activities, including ransomware groups and illicit goods trafficking.
3. MKS Instruments suffered a $200 million revenue loss
Semiconductor equipment maker, MKS Instruments, has reported a $200 million revenue loss following a ransomware attack in February that suspended operations at some facilities. The Massachusetts-based company is still working to restore affected manufacturing and service operations in its Vacuum Solutions and Photonics Solutions Divisions. In addition to the financial loss, MKS Instruments is also facing a putative class action lawsuit for violating California privacy law after personal information, including social security numbers and bank account details, were potentially exfiltrated by the hackers.
4. NordVPN releases Linux client source code
Nord Security has made its NordVPN Linux client and associated networking libraries open source to increase transparency and improve users' security and privacy concerns. Additionally, Nord is offering its NordVPN MeshNet private tunneling feature free for all users who install their software, even without a paid subscription. The move is aimed at enabling talented coders to scrutinize Nord's code and make its service better while encouraging users to modify the source code to fit their individual needs.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: