Cyber Briefing - 2023.04.25
Welcome to?Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
The Cyber Centre has issued a warning about vulnerabilities found in the Linux kernel that affects several Ubuntu versions including Ubuntu 14.04 ESM, 16.04 ESM, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 22.10. Ubuntu has released Security Notices to address the issue and users are advised to apply the necessary updates.
Dell has released a Security Advisory to address critical vulnerabilities in Dell EMC Data Protection Central and PowerProtect DP Series Appliance. The Cyber Centre advises users and administrators to apply the necessary updates after reviewing the provided web links. Dell has also issued a Security Update, DSA-2023-143, for these vulnerabilities.
Researchers at Fortinet FortiGuard Labs have discovered a new info stealer called EvilExtractor that is being advertised for sale on dark web cybercrime forums. EvilExtractor is modular and exfiltrates data via an FTP service. It was developed by a company called Kodex, and while it was initially intended for educational purposes, cybercriminals have been actively using it as an info stealer. The malware can steal sensitive data from the infected endpoint and also has a ransomware function called “Kodex Ransomware”.
Print management software provider PaperCut has confirmed ongoing exploitation of the CVE-2023-27350 vulnerability, which allows authentication bypass and code execution in the context of the system. The domain hosting the attack tools, windowservicecemter[.]com, was registered on April 12, 2023, and also hosted a variant of the TrueBot malware. The link between the PaperCut exploitation and TrueBot malware is concerning, as the access gained through the vulnerability could be used as a foothold for ransomware deployment.
Kaspersky's latest analysis reveals that Tomiris, a backdoor associated with the Russian state-sponsored group Nobelium, primarily targets government and diplomatic entities in Central Asia for the theft of internal documents. The group employs spear-phishing attacks using a variety of low-sophistication "burner" implants and a custom malware arsenal that includes downloaders, backdoors, and information stealers. While there are similarities between Tomiris and Turla, another Russian-speaking hacking group, differences in their targeting and tradecrafts suggest that Tomiris may be a separate entity or possibly a false flag operation.
ESET researchers have found that enterprise network equipment that is discarded, but not destroyed, may reveal sensitive corporate information. Purchasing used routers for testing purposes, the researchers discovered that many previously used configurations had not been wiped. Data found on the devices could be used to identify previous owners, providing a potential way for threat actors to breach their networks. This highlights the importance of adopting proper procedures to dismiss enterprise network equipment, such as routers, due to the significant amount of information they can contain.
The US Department of Health and Human Services (HHS) is investigating the network shutdown of the Guam Memorial Hospital (GMH) in March 2023 due to unauthorized access. The investigation comes after a whistleblower filed a complaint alleging that GMH violated federal standards for privacy and security during its response to the breach. The HHS is seeking a list of patients potentially harmed by the network shutdown and investigating cases where patients received the wrong medication or no medication due to the system's downtime.
KuCoin's official Twitter account was hacked for 45 minutes, leading to the promotion of a fake giveaway scam that resulted in the theft of over $22.6K in cryptocurrency. While the exchange has promised to reimburse all verified losses caused by the hack, users are urged to contact the support team and ignore advice from other channels. Scammers have found that hacking official Twitter accounts of cryptocurrency exchanges can lead to quick cashouts, as posts from official handles appear trustworthy and thus more likely to trick many people, even in a short time.
Medtronic's InPen App, designed for diabetes management, has disclosed personal and health data of its users to Google. The data disclosure was caused by the use of Google Services' tracking and authentication technologies, including Analytics, Crashlytics, and Firebase Authentication. Medtronic has removed Google Analytics from the latest version of its app, and is assessing how to reduce the risk of possible unintended disclosures of protected health information in the future.
Microsoft is investigating an issue that is affecting search functionality for users of multiple Microsoft 365 services, including Exchange Online, SharePoint Online, Microsoft Teams, and Outlook desktop clients. The cause of the problem has yet to be determined, but Microsoft is working to develop a mitigation plan. The company is also addressing an issue with its Teams communication platform that is causing users to see error screens when starting the software.
Fincantieri Marine Group, a US-based commercial and defense shipbuilder, suffered a ransomware attack that affected its email server and network operations. The incident caused temporary disruption to some computer systems, including critical Computer Numerical Control manufacturing machines. While the company has no evidence of data theft, the attack highlights the potential impact of cyber attacks on industrial control systems, underscoring the need for robust detection mechanisms.
???Cyber News
Huihui Wu and Hung Man Cheng were indicted for money laundering, accused of channeling cryptocurrency stolen by North Korean hackers into hard currency and goods. The two traders are alleged to have converted virtual currency into fiat currency directly or through front companies to pay for goods such as tobacco and communications devices. Meanwhile, Hyon Sop Sim, a North Korea national based in China, received $24 million worth of laundered virtual currency, at least half of which came from the salaries of outsourced North Korean IT workers.
California-based Stack Identity has raised $4m in seed funding co-led by WestWave Capital and Benhamou Global Ventures. The firm is developing identity and access management (IAM) governance tools to eliminate cloud data threat vectors and solve the problem of shadow access. Stack Identity's algorithm detects and eliminates unauthorized shadow access to prevent cloud data breaches, and its technology delivers a live data attack map that reveals cloud identity and access vulnerabilities.
Several cybersecurity companies specializing in industrial control systems have joined hands to create ETHOS, an open-source information-sharing platform designed to serve as an early warning system for critical infrastructure. The platform is designed to share anonymized real-time threat information across various industries, including indicators of compromise such as IP addresses, hashes, and domains. Founding members of ETHOS include 1898 & Co., ABS Group, Claroty, Dragos, Forescout, NetRise, Network Perception, Nozomi Networks, Schneider Electric, Tenable, and Waterfall Security.
The IRS is ramping up its global efforts to fight cybercrime by deploying four agents to Australia, Singapore, Colombia, and Germany. These agents, who specialize in investigating cybercrime, will be working to combat crimes such as cryptocurrency-related crimes, decentralized finance, and crypto laundering services. The expansion represents a significant increase in the IRS’s global efforts to fight cybercrime and marks an important step towards streamlining international investigations.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: