Cyber Briefing - 2023.03.28
Welcome to?Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
Security researchers have discovered new variants of the IcedID loader that have been used in seven campaigns since late last year, focusing on delivering further malware, particularly ransomware. The new versions, called "Lite" and "Forked", have narrower feature sets, making them stealthier and leaner. While some threat actors continue to use the "Standard" variant, the deployment of new IcedID versions is expected to grow, with more variants possibly appearing later in 2023.
Apple has released a security update that addresses an actively exploited zero-day vulnerability on older iPhones and iPads. The WebKit type confusion vulnerability, CVE-2023-23529, can allow potential attackers to trigger OS crashes and gain code execution on compromised iOS and iPadOS devices. While Apple has yet to publish information regarding incidents of exploitation, users of older iPhone and iPad devices are advised to install the security updates as soon as possible to block potential attacks.
The FBI has issued a warning about criminal actors employing fraudulent acquisition schemes to steal commercially available goods from vendors. Using similar tactics to those seen in business email compromise (BEC) attacks, the threat actors are impersonating the email domains of U.S.-based companies to make bulk purchases of items such as construction materials, agricultural supplies, computer technology hardware, and solar energy products. Despite the low level of technical skills required to spoof an email address, the fraudsters are skilled at concealing their activities and knowledgeable in business payments, making it essential for vendors to check the source of any transaction.
A new phishing campaign has been discovered that is using a malware loader called DBatLoader to distribute Remcos RAT and Formbook. The payload is being distributed through WordPress websites with authorized SSL certificates to evade detection engines. The malware is also adopting image steganography techniques to further evade detection. To minimize the risks posed by DBatLoader, users are advised to monitor process executions and configure Windows UAC to always notify.
There have been "unexplainable" incidents that haven't been attributed to a cyberattack or technical error, said Erlend Erstad, a Ph.D. candidate at NTNU. Although there have been no publicly acknowledged cyberattacks that have similarly impacted a ship, the risks of an attack directly affecting a ship are real and demand greater awareness and training among seafarers, the researchers said.
The Wisconsin court system's computer network has been attacked by hackers, court officials confirmed on Thursday. The cyberattack started earlier this week, causing intermittent service and slower than usual response times for online services. While court operations continue as usual statewide, attorneys and self-represented litigants who have difficulty filing documents electronically should contact their respective county clerk of court.
NGS Super, a leading Industry SuperFund in Australia, confirmed that it suffered a cyber attack on March 17th, which resulted in the theft of a small amount of personal data. The superannuation fund immediately shut down its network and launched cybersecurity protocols to contain the incident. The incident has not affected the superannuation savings of its members, NGS Super said in a statement.
领英推荐
Some United States Postal Service employees in the eastern North Carolina and Jacksonville area are missing paychecks due to a cyber attack. The Postal Service is conducting an investigation, but employees are unhappy with the outcome so far. Larisa Covington had $2,000 stolen from her LiteBlue account, which is how the USPS workers are able to set up benefits and direct deposits.
Telecommunications company Lumen has disclosed two cybersecurity incidents, one of which involves ransomware that affected a limited number of its servers. The other incident saw sophisticated attackers gain access to a small number of the company's internal IT systems, allowing them to install malware and extract a limited amount of data. Lumen has implemented enhanced security software and launched an investigation into the incidents, which it does not believe will have a material adverse impact on its customers or business operations.
France's National Assembly website was brought down Monday in a cyberattack claimed by pro-Russian hackers. The hacker group claimed they targeted the French institution because of Macron's highly unpopular pension reform. Russian groups have a history of backing French protests and anti-establishment demonstrations, including by supporting the Yellow Jackets movement.
???Cyber News
Twitter has taken action to remove its proprietary source code and internal tools that were leaked on GitHub, using a DMCA infringement notice to force the removal of the material. The leak could pose a risk to the company, and Twitter is now issuing a subpoena to force GitHub to provide identifying information regarding the "FreeSpeechEnthusiast" user and anyone who accessed and distributed the leaked Twitter source code. It is unknown how many people accessed or downloaded the code, but the leak could lead to Twitter's source code being scrutinized for potentially exploitable vulnerabilities.
First Citizens Bank acquires Silicon Valley Bank deposits and loans, preserving relationships with venture capitalists and accelerating expansion in California and the Northeast. The North Carolina-based bank purchased $72 billion of Silicon Valley Bank assets at a $16.5 billion discount, with all 17 US-based branches operating as "Silicon Valley Bank, a division of First Citizens". First Citizens has a history of growing through strategic acquisitions, and this purchase adds scale, geographic diversity, and digital capabilities.
The French government has banned all "recreational apps" from government-issued mobile devices, citing data privacy and cybersecurity concerns. This ban includes social media apps such as Twitter and Instagram, gaming apps like Candy Crush, streaming apps such as Netflix, and dating apps. The ban is not exclusive to TikTok, but follows a wave of governments, including Italy, the Netherlands, and Norway, considering similar bans.
The US President has signed an executive order limiting the use of commercial spyware by federal government agencies, citing counterintelligence and security risks. The order lists the criteria by which commercial spyware could be disqualified for use by US government agencies, and aims to ensure the government’s use of such tools is consistent with respect for the rule of law, human rights, and democratic norms and values. The move is seen as a recognition that spyware-for-sale plays an important role in intelligence-gathering operations, while also being a growing counterintelligence and national security risk.
Australian non-bank lender, Latitude Financial, has revealed that a data breach in March affected more than 7.9 million Australian and New Zealand driver's license numbers, along with 53,000 passport numbers and other personal data dating back to at least 2005. The company originally estimated that around 100,000 identification documents and 225,000 customer records were stolen. The Australian Federal Police are investigating the incident, while cybersecurity experts are working with Latitude Financial to improve the company's systems.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: