Cyber Briefing - 2023.04.26
Welcome to?Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
Bitsight and Curesec have discovered a way to abuse the Service Location Protocol (SLP) to conduct high amplification factor DoS attacks using spoofed source addresses. The vulnerability, identified as CVE-2023-29552, allows an unauthenticated remote attacker to register arbitrary services. Administrators should consider disabling or restricting network access to SLP servers, as many SLP services visible on the internet appear to be older and likely abandoned systems. Organizations are urged to review Bitsight’s blog post and CISA’s article on Understanding and Responding to Distributed Denial-of-Service Attacks for guidance on reducing the likelihood and impact of DoS attacks.
CISA, the US Cybersecurity and Infrastructure Security Agency, has issued two Industrial Control Systems (ICS) advisories highlighting security issues and vulnerabilities in ICS. The advisories focus on the Keysight N8844A Data Analytics Web Service and Scada-LTS Third Party Component. CISA urges ICS users and administrators to review the advisories for technical details and recommendations to mitigate the risks associated with these vulnerabilities.
On April 25th, VMware released a security advisory stating that versions of their Workstation and Fusion products prior to 17.0.2 and 13.0.2, respectively, contain vulnerabilities that could lead to arbitrary code execution. These vulnerabilities have since been addressed in the latest updates, and the Cyber Centre is urging users and administrators to apply the necessary updates to their software. The provided web links offer more detailed information on the vulnerabilities and how to update the affected products.
The Mirai botnet has recently been observed exploiting the CVE-2023-1389 vulnerability in TP-Link Archer A21 Wi-Fi routers. The flaw, an unauthenticated command injection vulnerability in the locale API of the router's web management interface, was patched by TP-Link in March. However, threat actors have started exploiting the vulnerability since the public release of the fix, with initial attacks focusing on Eastern Europe before spreading globally. The Mirai botnet is using the vulnerability to download malicious payloads and launch distributed denial-of-service attacks, including against game servers.
Google Cloud Security and Project Zero researchers have teamed up with Intel experts to conduct a nine-month audit on the Intel Trust Domain Extensions (TDX). The hardware-isolated virtual machines (VMs) called trust domains (TDs) are designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software. The review resulted in ten confirmed security issues, including arbitrary code execution in a privileged security context, cryptographic weaknesses, and temporary and permanent denial of service.
Security researchers have discovered a new macOS malware, dubbed RustBucket, which is believed to have been developed by the BlueNoroff advanced persistent threat (APT) group. Experts from security firm Jamf detected the malware in recent attacks and said it is designed to allow operators to download and execute various payloads. The RustBucket malware was contained within an unsigned application called Internal PDF Viewer.app, which can only be executed by manually overriding Apple's Gatekeeper security measure.
French automobile brand Peugeot, owned by Stellantis, has leaked access to its user data in Peru, compromising sensitive information, including the user's full MySQL database URI, username, and password to access it. Additionally, the company leaked the JWT passphrase and the locations of private and public keys, and the link to the git repository for the site. The cybersecurity failure highlights how big and well-known brands fail to secure sensitive data, with user information from a breach like this being very valuable to malicious actors, warns Cybernews researchers.
领英推荐
Check Point has discovered that Iranian threat actors are using a new wave of phishing attacks against Israel, utilizing an updated version of the backdoor called PowerLess. The activity is being tracked by Check Point under the mythical creature handle Educated Manticore, which has strong overlaps with hacking groups such as APT35, Charming Kitten, and Cobalt Illusion. The attackers are using ISO images and other archive files to initiate infection chains, with the aim of expanding their functionality and resisting analysis efforts.
Cloud security firm Aqua Security has identified thousands of exposed cloud software registries and repositories containing more than 250 million artifacts and over 65,000 container images. Aqua's research focused on identifying software supply chain weaknesses that could allow threat actors to exploit registries. Misconfigured registries, Aqua says, belonged to small, medium, and large organizations worldwide, including ten Fortune 500 companies.
Unknown attackers posted a vast amount of personal data of over 630 million Chinese users, including sensitive information such as bank card numbers, national ID numbers, and home addresses, on a Russia-linked forum. The attackers claim that the data was stolen in April 2023, but do not reveal the source of the breach. The incident highlights the danger of losing personal information, which can be used for identity theft, phishing, and fraud.
A recent cyber security incident on a Canadian gas pipeline has been claimed by Pro-Russia hacking group Zarya, who allegedly said the attack could have caused an explosion. According to leaked U.S. intelligence documents, the group shared screenshots with Russia's Federal Security Service, which showed the attacker had the capability to increase valve pressure, disable alarms and make emergency shutdowns. Although Canada's prime minister Justin Trudeau confirmed the attack, there was no physical damage to any Canadian energy infrastructure, yet the event still highlights the growing threat of pro-Russia hacktivist groups targeting critical infrastructure.
???Cyber News
Preventing and disrupting cybercrime now takes precedence over simply securing courtroom victories, according to the United States' second-highest-ranking prosecutor, Lisa Monaco. Monaco said that recent actions taken by the Department of Justice have put victims at the center of its cybercrime response, including recovering ransom payments made by Colonial Pipeline and accessing infrastructure used by the Russian military to delete malware. Monaco called for greater collaboration between the public and private sectors to prevent future cyberattacks.
Google Authenticator, a popular two-factor authentication (2FA) app, has announced an update that allows users to securely backup their one-time codes (OTPs) to their Google Account, addressing the issue of lost or stolen devices. This update provides added convenience and security, ensuring users can retain access to their accounts even if their device is lost. Google continues to prioritize user protection by offering multiple options for secure authentication, including Google Password Manager and Sign in with Google, and collaborating with industry partners for more convenient and secure offerings.
Google Cloud has unveiled Security AI Workbench to deliver intelligence that's trusted, relevant, and actionable, taking advantage of the latest advances in AI to augment incident analysis, threat detection, and analytics. The suite of AI-powered tools includes VirusTotal Code Insight, Security Command Center AI, and Mandiant Breach Analytics for Chronicle. The Security AI Workbench is built on Google Cloud's Vertex AI infrastructure, which allows customers to control their data with enterprise-grade capabilities such as data isolation, data protection, sovereignty, and compliance support.
San Jose-based startup Sonet.io has secured $6m in seed funding to accelerate customer acquisition and expand its security-as-a-service (SaaS) platform. Founded by former Symantec executives, Sonet provides secure access to resources and helps implement zero trust security policies. Its innovative solution allows for comprehensive observability of remote workforces via a unified dashboard, eliminating the need for device agents.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: