Cyber Briefing - 2023.04.12
Welcome to?Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
The US Cybersecurity and Infrastructure Security Agency (CISA) has released an updated version of the Zero Trust Maturity Model (ZTMM) to help federal agencies transition to a zero-trust architecture. The ZTMM offers a roadmap for federal civilian agencies as they move towards a zero-trust architecture and provides a gradient of implementation across five distinct pillars to facilitate federal implementation. CISA encourages state, local, tribal, and territorial governments, as well as the private sector, to use the ZTMM as a baseline for implementing zero-trust architecture.
Ubuntu has released two security notices to address vulnerabilities in the Linux kernel that affect Ubuntu 16.04 ESM and Ubuntu 20.04 LTS. The Canadian Cyber Centre is encouraging users and administrators to review and apply the necessary updates to ensure their systems remain secure. Be sure to stay vigilant and keep your systems up-to-date to prevent potential attacks.
IBM has released security advisories addressing vulnerabilities in multiple products, including critical updates for Automation Assets and Platform Navigator in IBM Cloud Pak for Integration (CP4I) across multiple versions. The Cyber Centre has recommended that users and administrators review the provided links and apply necessary updates to secure their systems. The IBM Security Bulletin 6982851 contains further details on the updates.
Cybersecurity researchers have discovered a "by-design flaw" in Microsoft Azure that could be exploited by threat actors to gain unauthorized access to storage accounts, move laterally, and execute remote code. The flaw is related to Shared Key authorization, which is enabled by default on storage accounts, and could enable attackers to acquire subscription privilege escalation. Microsoft has recommended disabling Shared Key authorization and using Azure Active Directory authentication instead to mitigate the risk of an attack.
Cybercriminals are offering to add malicious Android apps to Google Play for a price ranging from $2,000 to $20,000. These apps are designed to steal user credentials and data, conduct financial fraud, and deliver unwanted ads. The services are offered through hacking forums and Telegram channels, allowing the threat actors to customize the malware according to the cybercriminals' requirements. To stay safe, Android users are advised to carefully review app permissions, check user comments, and avoid installing APKs from third-party sites.
Hackers can access your information via USB ports, warns FBI. In a tweet from the official account, the bureau warns users to avoid using public charging stations, and instead carry their own chargers and use an electrical outlet. Criminals can use this information to access online accounts, warns the FCC.
South Korean cryptocurrency exchange GDAC was targeted by hackers, resulting in the loss of nearly $13 million, which accounted for almost 23% of its crypto assets. The hackers transferred the stolen funds to an unidentified wallet. The exchange has already notified authorities and is working to retrieve the stolen funds. The exchange has suspended all deposits and withdrawals as it investigates the incident, and has requested other cryptocurrency exchanges to block transactions coming from suspicious addresses. The attack is the latest in a string of high-profile crypto exchange hacks over the past year, including the Ronin Bridge exploit, SushiSwap hack, Sentiment hack, and Euler Finance exploit.
领英推荐
German life science company Evotec has taken all of its IT systems offline following unusual activity in one of its IT systems. A forensic examination is being conducted, and Evotec has informed the relevant authorities about the incident. The company confirmed that business continuity is upheld at all of its global sites and solutions will be implemented to keep all services available to its partners, but certain delays or slower responses might occur.
The Kodi Foundation revealed that hackers stole their forum database containing 3 million posts, usernames, email addresses, and hashed passwords. The media player software platform advised all forum members to assume their credentials and any private data shared with other users via the user-to-user messaging system are compromised. They also plan to commission a new forum server, run penetration tests, and are sharing a list of exposed email addresses with Have I Been Pwned data breach notification service subscribers.
Baldor Specialty Foods suffered a data breach, resulting in confidential consumer information being compromised. The incident occurred between February 7 and February 25, 2023, with sensitive data, such as names, addresses, dates of birth, social security numbers, and insurance-related information being accessible to the unauthorized party. If you are among those affected, it is crucial to understand what is at risk and how to protect yourself from becoming a victim of fraud or identity theft.
German shipbuilder Lürssen, known for building military vessels and luxury yachts, has been hit by a ransomware cyberattack during the Easter holiday period. The attack has disrupted operations at Lürssen's shipyard, according to local news outlet Buten un Binnen. With a history dating back almost 150 years and notable projects like the world's largest superyacht, Dilbar, Lürssen is now grappling with the aftermath of the cyberattack, which has encrypted files and potentially put sensitive information at risk.
???Cyber News
The US Federal Trade Commission has fined The Bountiful Company for “review hijacking,” a practice in which an organization uses fake reviews and ratings to deceive consumers. The maker of Nature’s Bounty vitamins, Bountiful, used Amazon’s product variation feature to make its newer supplements appear more popular than they were in reality. The FTC accused the company of abusing this feature to boost the ratings and reviews of its new products. The company was fined $600,000 and barred from using similar tactics in the future.
FTX, a once-popular cryptocurrency exchange, suffered from abysmal cybersecurity practices, according to its latest bankruptcy report. Despite managing billions of dollars in crypto assets, the company did not have a cybersecurity team, did not use cold storage, and kept cryptographic keys in plaintext documents. FTX executives, including former CEO Sam Bankman-Fried, have been accused of lying about the company's use of cold storage, and the exchange's overall approach to security has been described as "disorganized" and "grossly deprioritized."
VoIP communications company 3CX has confirmed that a North Korean hacking group was responsible for last month's supply chain attack. The attackers infected 3CX systems with malware known as Taxhaul, which deployed a second-stage malware downloader named Coldcat by Mandiant. The malware achieved persistence on compromised systems through DLL side-loading via legitimate Microsoft Windows binaries, making it harder to detect.
OpenAI, a leading AI research company, has announced the launch of a new bug bounty program via Bugcrowd, allowing registered security researchers to discover and report vulnerabilities in its product line and receive rewards based on severity, ranging from $200 to $20,000. OpenAI aims to recognize and reward the contributions of security researchers in keeping their technology and company secure, while also encouraging the responsible reporting of bugs, flaws, and vulnerabilities. While the OpenAI API and ChatGPT are included in the program, model safety issues and certain exploits are requested to be reported separately for appropriate handling, as OpenAI seeks to continually improve the security of its AI systems.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: