Cyber Briefing - 2023.04.04
Welcome to?Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
Cybersecurity researchers are warning of a group of hackers using tax-related email lures to spread dangerous malware. The group, known as TACTICAL#OCTOPUS, is using seemingly valid tax documents to trick people into downloading malware that gives the hackers wide-ranging access to devices. The attacks are part of a trend of annual tax-related scams that ramp up at the beginning of each year, with the IRS identifying $5.7 billion in tax fraud schemes last year alone.
The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 Zimbra Collaboration XSS vulnerability is the latest in a list of known Common Vulnerabilities and Exposures (CVEs) that pose significant risk to federal enterprises. While the Binding Operational Directive (BOD) 22-01 only applies to Federal Civilian Executive Branch agencies, CISA recommends that all organizations prioritize timely remediation of Catalog vulnerabilities to reduce their exposure to cyberattacks.
The malicious SFX files are password-protected, and the passwords are provided by the threat actors. The attackers add instructions to run PowerShell, command prompt, and task manager after the target extracts the archived text file. Researchers at cybersecurity firm CrowdStrike recommend users pay close attention to SFX archives and use appropriate software to check the content of the archive and look for potential scripts or commands scheduled to run upon extraction.
The Cyber Centre has urged users and administrators to apply the necessary updates after Ubuntu published Security Notices to address vulnerabilities in the Linux kernel. The affected products include Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It is highly recommended to review the provided web link and take action accordingly to prevent security issues.
The Bank of England has issued a stern warning to financial firms to improve their cybersecurity measures against a potential major cyber attack by Russian-linked hackers. The warning follows concerns that ransomware gangs will increasingly target crucial financial companies, causing widespread chaos. The Bank of England has instructed firms to wargame their response to a severe attack and improve their systems and emergency response plans by March 2025, while also urging them to invest in mitigants to better manage risks to financial stability during an incident. The warning serves as a timely reminder for firms to review their cybersecurity measures and take proactive steps to protect against a potential attack.
Capita, the largest outsourcing company in the UK, experienced a cyber incident causing an IT outage last Friday. Although not all of Capita’s employees were affected, staff attempting to log in were told their passwords were incorrect, sparking concerns of a cyberattack. While the nature of the incident has not been disclosed, Capita provides services to the British government, including the Ministry of Defence, making it a potential target for state-sponsored espionage groups.
Service NSW has suffered a data breach exposing the personal information of customers who were logged in to their MyServiceNSW account between 1.20pm and 2.54pm on March 20. The update released to the “My services” dashboard caused the data breach, which affected around 3,700 customers. Personal information exposed included driver’s licence and vehicle registration details, contact information and children’s names, but Service NSW said it believed the personal information available during the 94-minute window was not searchable and was isolated to the website.
领英推荐
Data storage device maker Western Digital has disclosed a "network security incident" which allowed unauthorized access to its systems. The breach occurred on March 26 and the company has taken several services offline as a precaution. It is currently working to determine the extent of the breach and has enlisted the help of cybersecurity and forensic experts for the investigation.
A group called Midnight is threatening to publish or sell allegedly stolen data from US companies unless they receive payment. The group sometimes adds the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with instructions. Kroll and Arete confirm the fraudulent emails and report the group targets organizations that have been victims of ransomware attacks.
The Jefferson County School System has become the latest victim of a ransomware attack. The system's technology team responded quickly and is working with outside cybersecurity experts and law enforcement officials to investigate and contain the incident. At this point, there is no indication of a data breach, but the investigation is ongoing, and the school system will notify stakeholders if any compromised data is discovered.
Kaspersky has reported that Russian hackers deployed the Gopuram backdoor to target a small number of cryptocurrency companies. Gopuram is a versatile backdoor that is designed to connect to a command-and-control (C2) server, which then allows the attacker to interact with the victim's file system. The backdoor is linked to North Korea as it co-existed on victim machines with AppleJeus, a backdoor attributed to the Korean-speaking Lazarus group. The targeting of cryptocurrency companies is another telltale sign of the Lazarus Group's involvement given the group's recurring focus on the financial industry to generate.
???Cyber News
Multichain token bridge Allbridge suffered a hack which resulted in a $573,000 loss, and now the platform is incentivizing the attacker to return the stolen funds by offering them an undisclosed bounty and legal immunity if they come forward as a white hat. Allbridge has also announced that it is working with law enforcement, law firms, and affected projects to track down the attacker. The protocol is also developing a web interface to allow liquidity providers to withdraw their assets, and has suspended its bridge protocol to prevent any further exploits on its other pools.
As remote work becomes more prevalent, so do the security risks associated with it. A new report from Lookout, Inc. highlights the growing threats faced by organizations utilizing remote work and bring your own device (BYOD) policies. The report found that many employees are not following data security best practices, increasing the risk of phishing attacks, identity theft, and sensitive data theft. As the lines between work and personal tasks blur, IT and security leaders must be aware of the risks and take action to protect their organizations.
The US Department of Justice has seized six virtual currency accounts containing over $112 million in funds stolen in cryptocurrency investment schemes. The criminals behind these cryptocurrency fraud scams approach their victims via various dating platforms, messaging apps, or social media platforms, build trust, and introduce them to investment schemes which eventually allow them to empty the targets' crypto wallets. The FBI also warned in a public service announcement issued last month of a spike in 'pig butchering' crypto investment schemes that resulted in over $2 billion worth of cryptocurrency losses in 2022, according to US victims' reports.
SoftBank's Eric Gan will replace Cybereason co-founder Lior Div as CEO, after SoftBank invested $100m into the endpoint security vendor. Div will remain with the company as an adviser. The leadership change comes after a tumultuous year for Cybereason, which conducted two rounds of layoffs and lost its chief security officer.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: