Cyber Briefing - 2023.04.07
Welcome to?Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
Red Hat has released security updates for several of its products to address vulnerabilities in the Linux kernel. The updates include multiple versions and platforms of Red Hat CodeReady Linux Builder, Red Hat Enterprise Linux, Red Hat Enterprise Linux Real Time, and Red Hat Enterprise Linux Server. Users and administrators are advised to review the provided web link and apply the necessary updates to ensure their systems are protected against potential security threats.
Cisco announces patches for multiple vulnerabilities, including high-severity bugs impacting Secure Network Analytics and Identity Services Engine products. One bug allows an authenticated, remote attacker to achieve arbitrary code execution by sending crafted HTTP requests, while another could lead to privilege escalation by sending crafted CLI commands. Cisco has also addressed multiple medium-severity flaws in its Webex Meetings, Unified Contact Center Express, and other products.
Automotive cybersecurity experts Ian Tabor and Ken Tindell have warned car owners that thieves can use a hacking device to steal a wide range of car models. Thieves use a method called CAN injection, which allows them to unlock the vehicle and drive away. The researchers have issued recommendations to prevent these types of attacks, urging vehicle makers to take action.
A vulnerability in Tesla's Retail Tool (TRT) application allowed a security researcher to take over accounts of former employees by exploiting the fact that TRT did not differentiate between internal and external identity providers. The TRT app stores various enterprise information, including financial details, building plans, contact information, network circuit details, and local utility account logins. The flaw was reported to Tesla and fixed within two days, with a potential payout of between $3,000 and $15,000.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued eight ICS advisories that detail critical vulnerabilities in Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx products. Hitachi Energy's MicroSCADA System Data Manager SDM600 was affected by the top vulnerability (CVE-2022-3682), allowing remote control of the product. CISA has recommended updating systems and minimizing network exposure to reduce potential risks.
MSI (Micro-Star International), a Taiwanese PC parts manufacturer, has been listed on the extortion portal of a new ransomware gang known as "Money Message," which claims to have stolen source code from the company's network. The threat actor has posted screenshots of what they claim to be MSI's databases and files containing software source code, private keys, and BIOS firmware. Money Message now threatens to publish all these allegedly stolen documents in about five days unless MSI meets its ransom payment demands.
ACRO, the UK's criminal records office, has taken its customer portal offline following a cyber security incident. The agency manages people's criminal record information and exchanges data with other countries for use by employers vetting potential hires and embassies processing visa applications. ACRO confirmed there is no conclusive evidence that personal data has been affected, but it has informed users of the situation and is working to resolve the matter.
领英推荐
The Open University of Cyprus (OUC) has become the latest victim of the Medusa ransomware gang, which has demanded a $100,000 ransom for the return of stolen data. The attack disrupted the university's operations and caused several central services and critical systems to go offline. The hackers have posted OUC on its data leak site, threatening to sell or publish sensitive student and financial information unless their demands are met.
Play, the group behind the Oakland ransomware attack, has released a second batch of information, including confidential files from the Oakland Police Department and medical records of city staff. The first release in March included city employee rosters and police records. Oakland police union has demanded $25,000 per officer for the damage caused by the breach and urged the city to enhance its security. The city hasn't revealed Play's demands, but their decision not to pay the ransom indicates that they're not willing to encourage further attacks.
The Royal Dutch Football Association, which runs the main soccer leagues, the KNVB Cup, and the Dutch national teams, has confirmed that hackers have stolen the personal information of its employees during a cyberattack. It is unclear if this incident involved ransomware or how many employees were affected. This is not the first cyberattack on soccer institutions, with a range of attacks being reported in recent years, including a ransomware attack on a Premier League team that severely damaged its corporate systems, a business email compromise that nearly allowed hackers to steal $1.2 million from another Premier League club, and a similar scheme that was successfully conducted on an Italian Series A soccer club official's email account.
???Cyber News
Microsoft has reminded its customers that the Home, Pro, Pro Education, and Pro for Workstations editions of Windows 10, version 21H2, will reach end-of-service on June 13, 2023. After this date, devices running these editions will no longer receive security and monthly quality updates, and Microsoft will direct customers to update to the latest version of Windows 10 or upgrade to Windows 11. Meanwhile, Windows 10 22H2 and Windows 11 22H2 are now broadly available to eligible devices, with automatic updates to keep devices secure and productive.
Microsoft and Fortra have initiated a legal crackdown on servers hosting cracked copies of Cobalt Strike. The makers of the tool have been careful to license only for lawful use, but the spread of malicious actors have led to Cobalt Strike becoming one of the most widely used tools in cyberattacks. The takedown is expected to significantly hinder the monetization of illegal copies and slow their use in cyberattacks, forcing criminals to re-evaluate and change their tactics.
The FBI and Europol have announced a major crackdown on Genesis Market, a notorious cybercrime destination selling stolen passwords, cookies, and digital fingerprints. The site, which had approximately 80 million stolen credentials and fingerprints from over two million people, also offered malware-infected bots to customers for their own hacking schemes. The operation resulted in 119 arrests and 208 property searches across 17 countries, including 24 arrests in the UK.
Google has announced plans to improve user trust on its Android platform by requiring developers to enable data deletion both from the app and online. The new data deletion policy will allow users to request account and data deletion without reinstalling the application. Once in effect, developers will have to delete both the account and the data associated with it when a request is received, with users being able to choose to have only selected data erased.
Cybercriminals are increasingly using Telegram to sell phishing kits and recruit unpaid helpers, according to cybersecurity company Kaspersky. A community has formed around phishing, with services ranging from offering advice to offering free initiation instructions. Sellers offer all types of phishing material, including pre-packaged tools to create fake pages, subscriptions to tools, guides, and technical support. The platform lowers the entry barrier for aspiring phishers, easing access into this crime space.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: