Cyber Briefing - 2023.05.12

Cyber Briefing - 2023.05.12

The latest in cybersecurity: Netgear, Andoryu Botnet, Linux, Babuk, Essential Addons, Bl00dy Ransomware, WhizComms, SchoolDude, ABB, TikTok, Twitter, Akamai.

Welcome to?Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please?subscribe .



No alt text provided for this image

???Cyber Alerts


1. Netgear Router Vulnerabilities Exposed

Researchers from Claroty have disclosed the technical details of five vulnerabilities that can be chained together to compromise certain Netgear router models. These vulnerabilities, demonstrated during the Pwn2Own Toronto hacking competition, allow attackers to monitor internet activity, hijack connections, inject malware, and gain control over networked smart devices. Netgear has released firmware updates addressing the issues and urges users to update their devices promptly to mitigate the risks.


2. Andoryu Botnet Exploits Ruckus Flaw

The Andoryu botnet has been found to exploit a critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices. The flaw leads to unauthenticated remote code execution and a complete compromise of wireless Access Point equipment. The botnet is known to weaponize remote code execution flaws in GitLab and Lilin DVR for propagation and actively expands its exploit arsenal to ensnare more devices into the botnet.


3. Babuk Ransomware: Linux Attacks Surge

An increasing number of ransomware operations are adopting the leaked Babuk ransomware source code to target VMware ESXi servers with Linux encryptors, according to SentinelLabs researchers. This trend is especially prominent among threat actors with limited resources, who are less likely to heavily modify the Babuk code. The use of the Babuk builder has made it more challenging to attribute attacks to specific actors, complicating identification efforts.


4. Critical Vulnerability in Essential Addons for Elementor

The popular WordPress plugin "Essential Addons for Elementor" has been found to have a serious vulnerability that allows unauthenticated remote attacks to gain administrator rights on affected sites. The flaw, tracked as CVE-2023-32243, affects versions 5.4.0 to 5.7.1 of the plugin and allows an attacker to reset the password of any user, including the administrator, by exploiting the plugin's password reset functionality. The consequences of this vulnerability are significant and can lead to unauthorized access, website defacement, malware distribution, and damage to the brand's reputation. The plugin vendor has released a patch with version 5.7.2, and all users are advised to update to the latest version promptly.


5. Eastern Europe Targeted: Red Stinger APT

The popular WordPress plugin "Essential Addons for Elementor" has been found to have a serious vulnerability that allows unauthenticated remote attacks to gain administrator rights on affected sites. The flaw, tracked as CVE-2023-32243, affects versions 5.4.0 to 5.7.1 of the plugin and allows an attacker to reset the password of any user, including the administrator, by exploiting the plugin's password reset functionality. The consequences of this vulnerability are significant and can lead to unauthorized access, website defacement, malware distribution, and damage to the brand's reputation. The plugin vendor has released a patch with version 5.7.2, and all users are advised to update to the latest version promptly.


6. Education Sector Targeted: Bl00dy Ransomware

U.S. cybersecurity and intelligence agencies have issued a joint advisory warning about targeted attacks carried out by the Bl00dy Ransomware Gang. The threat actors exploited vulnerable PaperCut servers, specifically targeting the education facilities sector in the United States. These attacks, which occurred in early May 2023, led to data exfiltration, encryption of victim systems, and ransom demands for file decryption. The Bl00dy Ransomware Gang leveraged a critical security flaw (CVE-2023-27350) to gain unauthorized access and deploy additional malicious payloads, including Cobalt Strike Beacons and cryptocurrency miners.


No alt text provided for this image

???Cyber Incidents


7. Data breach at WhizComms affects 24k customers

Approximately half of WhizComms' customer base, totaling around 24,000 individuals, fell victim to a data breach where an external party gained unauthorized access to the company's web server and obtained scanned images of customers' personal information. The stolen data primarily consisted of scanned images of NRICs, with some work permits and visa approval documents also being compromised. However, the broadband service provider assured customers that contact information and payment details remained secure, and immediate actions were taken to block further unauthorized access and initiate a police investigation.


8. Millions Impacted: SchoolDude Data Breach

Paragraph: Brightly Software, a subsidiary of Siemens and a leading U.S. tech company, has issued a notification to its customers regarding a recent security incident. Attackers successfully gained unauthorized access to the SchoolDude online platform, a widely used cloud-based system for managing work orders in educational institutions. Over 2.9 million SchoolDude customers and users have been affected, with stolen information including names, email addresses, passwords, phone numbers, and school district details. Brightly Software has taken immediate action by resetting passwords and involving law enforcement and third-party experts to investigate the breach.


9. Medical Results Breach: Ambulance Victoria

Ambulance Victoria, in a significant breach, exposed the drug and alcohol test results of graduate paramedics, accessible to all staff members. Approximately 600 test results, including around 30 positive outcomes, were affected, leading to widespread concern. The breach has prompted calls for urgent action, including notifying impacted individuals, conducting an audit, and suspending all drug and alcohol screening until the issue is resolved.


10. ABB Hit by Black Basta Ransomware

ABB, the renowned Swiss technology provider, has fallen victim to a devastating ransomware attack carried out by the Black Basta group, causing significant disruptions to its operations. With a global presence and partnerships with major companies and governments, ABB's industrial control systems and SCADA systems are critical components in various sectors. The attack has led to project delays and factory interruptions, prompting the company to take immediate action by severing VPN connections with customers to prevent further spread of the ransomware.


No alt text provided for this image

???Cyber News


11. Google Expands Dark Web Monitoring for Gmail

Google has expanded access to its dark web monitoring feature, allowing all Gmail users in the United States to search for their email addresses on the dark web. Previously, this feature was only available to Google One subscribers. The upcoming release will also include users from select international markets. Once an email address is discovered on the dark web, Google will prompt users to enable two-step authentication for added account security. This move aims to help users protect themselves and take necessary actions in response to potential exposure of their personal information on the dark web.


12. Twitter Introduces Encrypted DMs

In a move towards enhanced security, Twitter is introducing support for encrypted direct messages (DMs), initially available to verified users. The latest version of the Twitter app generates private and public keys for devices, ensuring encryption of messages and stored content. While Twitter plans to open-source its implementation, limitations include support for single recipients only, lack of encryption for media attachments, and a maximum of 10 registered devices for encrypted DMs.


13. Former Ubiquiti Developer Sentenced for Data Theft

A former senior developer of Ubiquiti, Nickolas Sharp, has been sentenced to six years in prison for stealing company data, attempting to extort his employer, and spreading false information that caused significant financial losses. Sharp posed as an anonymous hacker, demanding a payment of 50 Bitcoin from Ubiquiti after the data breach. When the company refused, he contacted the media to spread misinformation about the incident. The spread of false information led to a 20% drop in Ubiquiti's stock price, resulting in market capitalization losses of over $4 billion.


14. Austria Bans TikTok Over Privacy

Austria has become the latest EU country to ban TikTok on government devices due to privacy concerns. While politicians and employees can still use the app on personal devices outside of government offices, it will be prohibited on work mobile phones. Austria joins other Western nations, including the US, UK, Canada, and France, in banning TikTok over security fears and data privacy issues. TikTok has been under scrutiny globally, with concerns that the Chinese-owned app collects vast amounts of data that could potentially be accessed by the Chinese government.


15. Akamai Restructures: Cloud & Security Focus

Akamai, the digital experience vendor, has announced plans to downsize its workforce by 3% in a strategic move to shift resources from its declining content delivery business to focus on cloud computing and security, areas poised for growth. With a goal to sustain profitability in a challenging economic environment, the Boston-based company will reduce its staff by approximately 299 positions, alongside cost-cutting measures such as optimizing real estate and trimming third-party cloud technology expenses. CEO Tom Leighton emphasized the importance of prioritizing investments to maximize future growth and deliver increased value to shareholders.


No alt text provided for this image

Subscribe ?and Comment.

Copyright ? 2023?CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn ,?Twitter ,?Reddit ,?Instagram ,?Facebook ,?Youtube , and?Medium .


要查看或添加评论,请登录

社区洞察

其他会员也浏览了