Cyber Briefing - 2023.03.21
Welcome to?Cyber Briefing , a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe .
???Cyber Alerts
CatB is a new strain of ransomware and is a rebrand of Pandora ransomware. CatB uses the Microsoft Distributed Transaction Coordinator (MSDTC) to extract and launch the ransomware payload, which makes it harder to detect as MSDTC is a legitimate service. The malware can also harvest sensitive data and append notes to the head of files.
Ubuntu has released Security Notices between March 13 and March 19, 2023, addressing Linux kernel vulnerabilities that impact various versions of Ubuntu, including 18.04 LTS, 20.04 LTS, 22.04 LTS, and 22.10. The Cyber Centre has encouraged users and administrators to review the provided link and apply the necessary updates to protect their systems. Ubuntu Security Notices are issued by developers when they fix a security issue in an official Ubuntu package.
Security researchers have discovered a vulnerability in the Google Pixel Markup tool, which could allow users to recover partially redacted or cropped images. This means that sensitive information that was redacted before being shared or posted online could still be exposed. While Google has released a patch for the flaw, any images that were shared in the past five years could still be vulnerable to the "Acropalypse" attack.
A new malware injector called dotRunpeX is being used to distribute various well-known malware families, such as Agent Tesla, BitRAT, and FormBook, among others. DotRunpeX is an obfuscated and actively developed .NET injector that uses the Process Hollowing technique to infect systems. It is usually deployed through phishing emails or malicious Google Ads, directing unsuspecting users to copycat sites hosting trojanized installers for popular software.
The notorious Emotet malware botnet is back with a new strategy, using Microsoft OneNote email attachments to infect more targets and bypass Microsoft's security restrictions. This new tactic aims to overcome the challenge of automatically blocked macros in Word and Excel documents, which had hindered earlier campaigns. Emotet's VBScript file 'click.wsf' is now hidden under the "View" button, making it more challenging to detect and mitigate, emphasizing the importance of using group policies to protect against malicious Microsoft OneNote files.
The iconic Italian automaker Ferrari has been targeted by an unknown hacker who is demanding a ransom in exchange for certain client contact details. The luxury company has refused to pay the ransom, citing a policy not to fund criminal activity, and has notified its clients of the potential data exposure. With the typical cost of a Ferrari ranging from over $200,000 to more than $600,000, it's likely that the client list includes some of the world's wealthiest individuals.
Cybercriminals broke into servers owned by Datatime, which contained sensitive data collected by QIMR Berghofer, a medical research institute in Brisbane. While QIMR Berghofer continues to recruit Australians for other scientific studies, it has not publicly disclosed the cyber attack, prompting calls for tighter public-disclosure laws. Survey participants, who were promised confidentiality, are left feeling ill and upset, with many expressing concern that they will be contacted again and asked to trust QIMR Berghofer with their data.
领英推荐
Bitcoin ATM manufacturer General Bytes has announced the closure of its cloud services following a security breach that allowed a hacker to access users' hot wallets and sensitive information. The company warned that the attacker could remotely upload and run a Java application on its terminals, stealing user information and sending funds from hot wallets. Although the company did not disclose how much was stolen, on-chain data showed that 56 BTC worth over $1.54 million and 21.82 ETH worth roughly $36,000 were compromised. General Bytes has advised BTC ATM operators to install their own standalone server and invalidate all user passwords and API keys.
Minneapolis Public Schools (MPS) is warning parents that hackers who stole data in a recent system breach have released that information onto the dark web, where users are untraceable. The school district said it was working with cybersecurity specialists to download the data and conduct a review to determine the full scope of what personal information was impacted. Experts warn anyone associated with the district should assume they have been compromised until they've been told otherwise and take action to protect themselves.
The Latin American cybersecurity firm Metabase Q has reported that the Mispadu banking trojan is currently conducting multiple spam campaigns targeting various countries. Since August 2022, Mispadu has been stealing credentials and delivering other payloads, using a variety of techniques such as compromising legitimate websites and utilizing rogue digital certificates. The trojan has been linked to several other banking trojans targeting the region, including Grandoreiro, Javali, and Lampion, and has harvested over 90,000 bank account credentials from more than 17,500 unique websites.
DOCOMO Pacific, a telecomm company, has reported a cyber security incident that targeted some of their servers early Friday morning. While customer data, mobile network, and fiber services were not affected, other services have been impacted, and the company is working to restore them as soon as possible. Affected customers are being encouraged to use DOCOMO Pacific mobile data plans to access other devices at no additional cost until full system restoration, but no ETA has been provided. The incident follows a security breach earlier this month at the Guam Memorial Hospital, which is currently under investigation by the FBI.
???Cyber News
Conor Brian Fitzpatrick, the alleged administrator of BreachForums, a notorious English-language data breach website, has been arrested by federal agents in a small town in New York's Hudson Valley. Fitzpatrick, who went by the alias "Pompompurin," reportedly confessed to his involvement in the cybercrime platform. BreachForums had grown in popularity since the shutdown of its predecessor, RaidForums, and had become a go-to hotspot for English-speaking cybercriminals, boasting 41,500 members and enabling ransomware groups to advertise for affiliates and victims with no restrictions.
Christian Akhatsegbe, a cybercriminal from Atlanta, has been sentenced to over 7 years in prison for his involvement in a multi-million dollar phishing scheme. Akhatsegbe and his brother Emmanuel Aiye Akhatsegbe, who remains a fugitive believed to be residing in Nigeria, engaged in spear phishing, credential harvesting, and business email compromise schemes from August 2019 to November 2020. The scheme involved sending phishing emails to employees of companies and agencies in the United States and the United Kingdom and requesting payment of funds to bank accounts in Hong Kong.
The US Justice Department is reportedly investigating ByteDance, the Chinese company that owns the popular video-sharing app TikTok, over revelations that its employees tracked US and UK journalists to identify who leaked company data to the press. Forbes reported that the Justice Department and US Attorney in the Eastern District of Virginia had subpoenaed information from ByteDance. ByteDance's internal investigation, triggered by news reports of the surveillance, found that employees tracked multiple journalists covering the company. TikTok could face a ban in the US if it does not sever ties with its China-based owners.
A new report reveals that 55 zero-day vulnerabilities were actively exploited by cybercriminals in 2022, with most targeting products from Microsoft, Google, and Apple. These security flaws allowed attackers to gain elevated privileges or perform remote code execution on vulnerable devices, making them highly valuable to hackers. While Chinese state-sponsored actors were responsible for most of last year's zero-day exploits, Mandiant expects the trend to continue upward for 2023. Organizations can take steps to mitigate the impact of zero-day attacks, including implementing network segmentation and utilizing endpoint security tools.
Subscribe ?and Comment.
Copyright ? 2023?CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: