Cyber Briefing - 2023.04.28
Welcome to?Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe .
???Cyber Alerts
Security researchers have discovered vulnerabilities in the Illumina Universal Copy Service v2.x, which could be exploited by an attacker to gain full control over a system. The UCS is bound to an unrestricted IP address, allowing an unauthenticated attacker to listen on all IP addresses, including those accepting remote communications. This could allow them to impact settings, configurations, software, or data on the affected product.
Swiss cybersecurity firm PRODAFT has discovered a new politically-motivated surveillance campaign by a Russian-speaking cyber-espionage group, Paperbug, targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set has been attributed to Nomadic Octopus (aka DustSquad), which was first uncovered by ESET and Kaspersky in 2018. The cyber offensives have involved the use of custom Android and Windows malware to strike a mix of high-value entities such as local governments, diplomatic missions, and political bloggers, raising the possibility that the threat actor is likely involved in cyber surveillance operations.
The RTM ransomware-as-a-service (RaaS) has expanded its services by offering a locker ransomware that targets Linux, NAS, and ESXi systems. This new variant of the encryptor uses a combination of asymmetric and symmetric encryption to encrypt files, making it impossible to decrypt without the attacker's private key. The group operates below the radar, avoiding targeting prominent companies and critical infrastructure to attract as little attention as possible.
Google Ads have been used by cybercriminals to distribute LOBSHOT malware, which has gone undetected and continues to infect unsuspecting victims. The malware is being distributed through fake websites disguised as legitimate software updates and applications. Once installed, LOBSHOT has the ability to steal cryptocurrency assets from 32 Chrome extensions, nine Edge wallet extensions, and 11 Firefox wallet extensions. The malware has hVNC capabilities that allow direct and unobserved access to infected machines, making it highly effective in bypassing fraud detection systems.
PrestaShop, an open-source e-commerce platform, has released a new version that addresses a critical vulnerability. The flaw allows any user, regardless of their permissions, to modify the online store’s database, potentially causing significant damage or service outage to impacted businesses. All PrestaShop website owners are recommended to upgrade to the latest version as soon as possible to mitigate the risk of exploitation.
The City of Lowell in Massachusetts has suffered a cyberattack that has impacted its computer systems, according to City Manager Tom Golden. The city's phones, emails, and other systems were down as a result, though 911 and other emergency numbers were unaffected. Though the incident is not being described as a ransomware attack, Lowell officials have alerted law enforcement to the breach, which could take days to fully investigate and repair.
Albertsons, a supermarket chain, revealed in regulatory notices filed in several states that a cyberattack may have led to the exposure of thousands of its workers' personal data. The breach, which occurred in December, impacted nearly 33,000 employees, according to the regulatory notice. Albertsons has offered affected individuals with credit monitoring and identity protection services, according to the company's statement.
领英推荐
The “Medusa” ransomware gang, which hacked the Minneapolis public school system in March, has leaked sensitive personal data of students online. The leaked data includes students’ birthdays, social security numbers, mental health records, and documents detailing allegations of abuse against members of the district’s staff. The gang has published the documents to multiple websites and social media platforms, using strategic leaks to goad the victims into paying a ransom. NBC, which reviewed the leaks, reported that it was not able to independently verify them.
Hackers have released sensitive data of Israeli students, allegedly stolen from a prominent school network. The hacker group, named "Sharp Boys," published 200,000 records, including full names, ID numbers, addresses, and email addresses of students. The leaked documents also included personal documents, matriculation certificates, and police certificates required for workplaces working with minors, while the hackers claim to have data on over 500,000 students and teachers dating back to 2009.
Anonymous Sudan, a pro-Russian hacktivist group, has launched a massive cyberattack on Israel, targeting over 40 organisations, including the Mossad and Prime Minister Benjamin Netanyahu's site. The group claimed that the attacks were in response to Israel's actions against Palestine. The politically motivated gang was also able to take down the Israeli police, the official government website of Israel, and other critical government services. The group has been known to work with fellow pro-Russian hacker gang KillNet and uses Distributed Denial of Service (DDoS) attacks as their weapon of choice.
A group of 38 Minecraft-like games on Google Play was discovered to contain adware that generated revenue for its creators. The adware, named HiddenAds, was found to have infected approximately 35 million Android users globally. While the games themselves were playable, users may have experienced increased battery consumption, overheating, and data usage, which are symptoms of the malicious activity.
???Cyber News
Microsoft has confirmed that Windows 10, version 22H2, will be the last feature update for the operating system. All editions of Windows 10 22H2, including Home, Pro, Enterprise, Education, Pro Education, Pro for Workstations, and IoT Enterprise editions, will reach their end of servicing in October 2025. Users and organizations who must remain on Windows 10 are advised to upgrade their devices to Windows 10 22H2 to keep receiving monthly security update releases through October 14, 2025, when Windows 10 reaches its end of support. The announcement is likely to push more users towards upgrading to Windows 11.
Google has said it blocked 173,000 developer accounts last year to prevent fraud rings and malware operations from infecting Android devices with malicious apps. It also stopped 1.5 million apps associated with policy violations from reaching the Google Play Store. Meanwhile, the Google Play Commerce security team prevented fraudulent transactions that could have cost more than $2bn.
Microsoft has resolved an issue that impacted Outlook for Microsoft 365 clients from accessing group mailboxes and calendars. The faulty version, which was released in March, is being fixed in Outlook Desktop Version 2304 Build 16327.20214. A workaround involved users reverting to an unaffected version or using Outlook Web Access until the update was resolved.
Cybersecurity firm Aadya Security has raised $5 million in Series A funding led by Left Lane Capital, with participation from 645 Ventures, Gaingels, Firebrand Ventures, and Invest Detroit. Aadya's all-in-one cybersecurity solution, Judy, leverages machine learning and artificial intelligence to protect data and streamline security through automation. The new investment will help the company expand its sales team, grow its MSP channel program, and increase its SMB market share.
Subscribe ?and Comment.
Copyright ? 2023?CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: