Cyber Briefing - 2023.04.03
Welcome to?Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
Multiple versions of Samba have been found vulnerable to remote control exploitation, prompting the Samba Team to release security updates. Attackers could exploit the identified vulnerabilities and potentially gain control of an affected system. It is highly recommended that users and administrators review the provided announcements and apply the necessary updates to safeguard against these security threats.
On March 30, 2023, Apple announced a security update to address vulnerabilities in Xcode versions prior to 14.3. The exploitation of these vulnerabilities could result in the execution of arbitrary code or unauthorized access to sensitive information. The Cyber Centre advises users and administrators to apply the necessary updates by reviewing the provided link for protection against potential threats.
Security researchers warn of an ongoing high-severity vulnerability in the Elementor Pro WordPress plugin being actively exploited by cybercriminals. The vulnerability affects version v3.11.6 and all versions before it, allowing authenticated users to change a website’s settings and potentially leading to a complete takeover. The exploit is being observed by researchers, with files being uploaded and site URLs being changed. Users of Elementor Pro are urged to upgrade immediately to version 3.11.7 or later to protect their websites from the ongoing attack.
A 10-year-old Windows vulnerability is still being exploited in attacks, with Microsoft's fix remaining optional and removed after upgrading to Windows 11. This flaw allows malicious actors to make executables appear legitimately signed, even when modified. As a result, attackers can distribute trojanized versions of applications through supply chain attacks, such as the recent 3CX incident where two DLLs were replaced with malicious versions that download additional malware to computers. Despite the vulnerability being known for almost a decade, it remains an opt-in fix that must be manually edited in the Windows Registry, putting users at risk.
Trend Micro researchers have identified a new malware called OpcJacker that is capable of keylogging, taking screenshots, and stealing sensitive data from browsers. The malware is being distributed via a network of fake websites that advertise innocuous software and cryptocurrency-related applications, and it specifically targets users in Iran. Given the malware's ability to steal cryptocurrency funds, it is suspected that the campaign is financially-motivated. Meanwhile, a related attack campaign dubbed TACTICAL#OCTOPUS is targeting US entities with tax-themed lures to infect them with backdoors to gain access to victim systems.
A new ransomware gang named 'Money Message' has emerged, demanding million-dollar ransoms not to leak data and release a decryptor. The group has already targeted victims worldwide, including an Asian airline with annual revenue close to $1 billion. Although the encryptor used by the group does not appear sophisticated, it has successfully encrypted devices and stolen data during their attacks, introducing an additional threat that organizations need to watch out for.
The use of web tracking technologies by healthcare organizations has been added to the list of reportable data breaches to federal authorities. The latest organizations to admit web tracker usage incidents are New York-Presbyterian Hospital, UC San Diego Health, and Brooks Rehabilitation. The disclosures come as more hospitals scrutinize their patient portals for the presence of web tracking technology, and regulators warn healthcare entities that trackers in patient websites may violate privacy law.
领英推荐
TMX Finance and its subsidiaries have disclosed a data breach that impacted 4.8 million customers. The breach was detected in February 2023, but hackers gained unauthorized access to the system as early as December 2022. The stolen data included sensitive personal information such as social security numbers, financial account information, and more. TMX has implemented security measures and is offering impacted individuals free identity protection services for a year.
BMW has confirmed that its systems were not breached in a recent ransomware attack, which was claimed by the Play ransomware group on its leak site. In a statement, a BMW Group spokesperson said that the attack only affected the computer systems of an independent dealer in France, and that no intrusion was detected within BMW Group or BMW France systems. The Play group has been linked to damaging attacks on various targets, including cities and car dealerships in recent months.
Portland's Lewis & Clark College suffered a ransomware attack this month that has been claimed by the Vice Society ransomware group, which has attacked several K-12 schools and colleges in the past year. The school has not confirmed whether a ransom was demanded or paid. The school's outages lasted from March 3 to March 7, and the school is continuing to investigate the scope of the attack, which involved systems and services across its campuses.
Dutch companies have been affected by a major data leak originating from Nebu, a software company specializing in customer survey software. So far, at least 2 million people in the Netherlands have been affected by the breach, with several companies and organizations confirming that their customer data has been leaked. While the leaked information mainly concerns names, email addresses, and phone numbers, those affected should remain vigilant as the potential for personalized phishing scams cannot be ruled out.
???Cyber News
The Cyber Police of Ukraine, in collaboration with Czech law enforcement officials, has apprehended several members of a cybercrime ring that defrauded European Union citizens of $4.33 million using phishing campaigns. The group established more than 100 phishing websites to gather bank card data and banking account credentials from foreigners. The cybercriminals also created two call centers as part of their fraudulent scheme, attempting to trick customers into making purchases.
Twitter has announced that it's open-sourcing the code behind its recommendation algorithm, excluding parts that could compromise user safety and privacy, and its ability to protect the platform from bad actors. The code made public doesn't include advertising recommendations or training data, but the goal is to show 50% of relevant tweets from followers and 50% from people not in their network based on what the user would find interesting. Twitter CEO Elon Musk promised to make the Twitter algorithm public via tweets, and the source code will be available from March 31st.
The US FDA has announced that medical device makers will need to comply with specific cybersecurity requirements when submitting an application for a new product. The new guidelines, effective from March 29th, require submissions for new medical devices to include specific cybersecurity-related information, such as a plan for identifying and addressing vulnerabilities and exploits in a reasonable time, as well as details on postmarket updates and patches that address security issues. The guidelines do not apply to submissions prior to March 29, 2023, and the FDA will not reject applications solely on this requirement until October 1.
Italy's data protection agency has banned ChatGPT temporarily, alleging the AI tool illegally collected user data and lacked age verification. Failure to comply with GDPR may lead other EU countries to take action. OpenAI has 20 days to remedy or justify the allegations, or face a fine of up to €20 million.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: