Cyber Briefing - 2023.04.10
Welcome to?Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These vulnerabilities include information disclosure, privilege escalation, and command execution flaws affecting Microsoft Windows and Arm Mali GPU Kernel Driver. The Known Exploited Vulnerabilities Catalog is a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. While the Binding Operational Directive (BOD) 22-01 only applies to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly urges all organizations to prioritize timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.
The FBI has warned that for-profit companies linked to sextortion activity are pressuring victims into paying for "assistance" services that are provided for free by non-profit agencies and law enforcement. These companies use threats and manipulation, feeding victims false information to persuade them into paying exorbitant fees. While they offer to send cease and desist orders, these "services" are not legally enforceable, and they may discourage victims from contacting law enforcement. The FBI urges victims to seek assistance from law enforcement and non-profit agencies that provide support at no cost.
Hackers are using a free QuickBooks account to create and send fake invoices to victims in a new phishing scheme discovered by cybersecurity company Avanan. The attackers send a fake invoice from a legitimate QuickBooks domain, which passes standard email authentication checks, making it difficult to detect. Avanan refers to this scheme as business email compromise (BEC) 3.0 and warns that it requires a new wave of education for users as all the typical phishing hygiene tricks are thrown out the window.
A recently discovered vulnerability in the VM2 library has raised concerns over its use in software to run code securely. The flaw, with a maximum severity score of 10.0, could allow a threat actor to bypass sandbox protections and gain remote code execution rights on the host. The library is used by a range of software, including function-as-a-service solutions, integrated development environments and pen-testing frameworks, and has over 16 million monthly downloads. Proof-of-concept exploit code has been released, showing that VM2's sandbox protections can be bypassed, and there is no workaround available.
NetScout, an application performance management firm, has revealed that cyber attacks have skyrocketed with the involvement of the Killnet hacker group. The company's new study, Unveiling the New Threat Landscape, has said that the US national security sector experienced a 16,815% increase in DDoS attacks in the second half of 2022, with many of them being associated with Killnet. These included spikes after President Joe Biden's public remarks at the G7 Summit in June 2022 and after his continued support of Ukraine with French President Emmanuel Macron in December 2022.
The two vulnerabilities, tracked as CVE-2023-28205 and CVE-2023-28206, were discovered by security researchers at Google's Threat Analysis Group and Amnesty International's Security Lab. The bugs allow arbitrary code execution and out-of-bounds writing, making them a severe threat to the entire system's security. Experts suggest that attackers may have chained the two vulnerabilities to exploit them to take over the entire device, sidestepping the App Store's strict walled-garden rule.
The Camden County Police Department in New Jersey has confirmed that it was hit with a ransomware attack on March 13th. The attack locked several criminal investigative files and day-to-day internal administration abilities, according to several law enforcement officials. Investigations into the incident are ongoing, with the FBI, NJ State Homeland Security's office, and the New Jersey attorney general's office all involved in the case.
领英推荐
Hackers have leaked 16,000 Tasmanian education department documents on the dark web, including personal information of school children. The data was accessed via a third-party file transfer service, which was hacked by the Cl0p hacker group, believed to be of Russian origin. The state government has set up a helpline for concerned Tasmanians, and the situation is being treated as a serious incident response.
Security company Sucuri has reported that over one million WordPress websites have been compromised in a long-running campaign that exploits all known and recently discovered theme and plugin vulnerabilities. The Balada Injector campaign aims to redirect users to fake tech support pages, fraudulent lottery wins, and push notification scams. Sucuri notes that defending against Balada Injector attacks may differ from one case to another, but keeping all website software updated, using strong, unique passwords, implementing two-factor authentication, and adding file integrity systems should work well enough to protect sites from compromise.
The publisher of the Neue Zürcher Zeitung (NZZ) is still grappling with the effects of a cyber attack that occurred two weeks ago. Central systems for newspaper production remain shut down and the attackers are demanding a ransom. As a result of the attack, the size of the print edition has been reduced and newspapers from CH-Media-Verlag, which obtains IT services from NZZ, also appeared on a reduced basis on Saturday. The NZZ is currently working with external specialists on corrective measures.
Rochester Public Schools in Minnesota will be closed on Monday as a precautionary measure after the district detected "unusual activity on the district's network". The district shut down almost all core technology systems and network, while staff began investigating the matter. Superintendent Kent Pekel said that the district expects to resume classes on Tuesday with limited network access.
???Cyber News
Microsoft Edge has launched Image Creator, a feature that utilises AI technology from OpenAI to allow users to create images that do not exist yet. The feature, which is available to Edge users worldwide, can help users find precise visuals for social posts, presentations, or other purposes. Users enter a prompt, choose from four different image options, and can download or upload the images to any platform.
Amazon has banned the Flipper Zero, a portable multi-tool for pen-testers, which was identified as a card-skimming device. The Flipper Zero is a compact and programmable pen-testing tool that can help experiment and debug various digital and hardware devices via various protocols. The device can activate doorbells, conduct replay attacks to unlock cars and open garage doors, and clone a wide range of digital keys.
Sentiment managed to retrieve stolen funds from a recent hack by offering the hacker a $95,000 bounty. After receiving the bounty offer, the hacker returned 414 Ether, worth approximately $771,000, with more sent after that. The lending protocol managed to retrieve funds lost during the hack, estimated at $1 million, and has now urged companies to offer more significant bug bounties to avoid future hacks.
An Estonian man has been arrested for allegedly helping the Russian government and military to buy US-made electronics and hacking tools. The man used several Estonian-based business entities to purchase goods that would have been unavailable to Russian end-users, according to court filings. He faces a maximum of 20 years’ imprisonment if convicted.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: