Cyber Briefing - 2023.05.16
The latest in cybersecurity: Dell, RA Group, CopperStealer, New Mac malware, Microsoft SQL, PharMerica, Philadelphia Inquirer, airBaltic, USDOT, WhatsApp.
Welcome to?Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
Dell has issued security advisories addressing critical vulnerabilities in various products, including Dell NetWorker Management Console (NMC), Dell Unity Operating Environment (OE), Dell UnityVSA Operating Environment (OE), Dell Unity XT Operating Environment (OE), and RecoverPoint Classic. These vulnerabilities pose a significant risk to users and systems, and Dell urges users and administrators to review the provided web links and promptly apply the necessary updates. The Cyber Centre emphasizes the importance of taking immediate action to protect against potential exploits and maintain the security of Dell products.
Israeli cybersecurity firm OTORIO revealed multiple security vulnerabilities in cloud management platforms associated with industrial cellular router vendors, posing a risk to operational technology (OT) networks. The vulnerabilities, presented at Black Hat Asia 2023, allow for remote code execution and full control over numerous devices and OT networks. Sierra Wireless, Teltonika Networks, and InHand Networks were specifically affected, with weaknesses found in their cloud-based management solutions.
A new ransomware gang called RA Group is using leaked Babuk source code to target companies in the U.S. and South Korea, according to Cisco Talos researchers. The group has already compromised several organizations and is expanding operations rapidly, using a double extortion model and running a data leak site to sell stolen data. The ransomware supports intermittent encryption and uses curve25519 and hc-128 algorithms for encryption, appending the file extension ".GAGUP" to encrypted files.
Security researchers have detected the reappearance of CopperStealer malware with two new campaigns, CopperStealth and CopperPhish. The financially motivated group behind the malware, known as Water Orthrus, is also behind the Scranos campaign. The new CopperStealer campaigns use installers for free tools on Chinese software-sharing websites and PPI networks to propagate the malware, while CopperPhish is a phishing kit that harvests credit card information.
Security researchers at SentinelOne have identified an increase in Geacon payloads, a Golang implementation of Cobalt Strike, indicating potential threats to Apple macOS systems. While some instances may be red-team operations, there are indications of genuine malicious attacks. Cobalt Strike, a popular red teaming tool, has traditionally focused on Windows, but Geacon's emergence suggests a shift toward targeting macOS.
A new campaign targets poorly managed Microsoft SQL (MS SQL) servers using CLR SqlShell malware, enabling threat actors to execute commands and carry out malicious activities. AhnLab Security Emergency response Center (ASEC) warns that this strain of malware supports various features, including the deployment of cryptocurrency miners and ransomware. By exploiting vulnerabilities in MS SQL servers, attackers can install CLR stored procedures to download and execute next-stage payloads, posing a significant threat to organizations' data and security.
The Illinois Department of Healthcare and Family Services (HFS) and Department of Human Services (IDHS) have disclosed a data breach in the State of Illinois Application for Benefits Eligibility (ABE) system's Manage My Case (MMC) portal. The breach involved unauthorized accounts created in the ABE system, linking to existing customer accounts and accessing personal information such as names, social security numbers, and addresses. Potentially affecting individuals receiving state-funded benefits, the breach highlights the need for robust cybersecurity measures to safeguard personal data.
Pharmacy network PharMerica has begun notifying over 5.8 million individuals about a data breach that occurred in March. The breach compromised personal information, including names, addresses, Social Security numbers, and medication details. The incident is believed to be the work of the Money Message ransomware group, who claimed responsibility and leaked stolen data.
The Philadelphia Inquirer, one of Pennsylvania's largest news organizations, faced a significant disruption in its operations due to a cyberattack, causing the newspaper's Sunday print edition to be halted. While the website remained functional, updates were slower than usual. The attack, the most significant in 27 years, prompted investigations into the extent of the breach and the involvement of specific targets.
A rural Utah healthcare provider, Uintah Basin Healthcare, has notified over 100,000 individuals of a hacking incident that occurred on its network. The incident, detected in November, potentially exposed patient data for those who received care between March 2012 and November. The healthcare center has taken steps to address the incident, including a global password reset and the deployment of an endpoint detection and response tool.
Latvia's flag carrier, airBaltic, has acknowledged a "technical error" that led to the exposure of reservation details of some passengers to others. The airline, which operates flights to 80 destinations and is 97% government-owned, confirmed that a small percentage of customers were affected but did not disclose the total number. No financial or payment data was compromised, according to airBaltic, but concerns have been raised over the exposure of sensitive booking details that could potentially be misused.
In a significant security incident, the personal information of 237,000 federal government employees has been exposed in a data breach at the US Transportation Department (USDOT). The breach targeted systems used for processing transit benefits, but it remains unclear if the compromised information has been misused for illicit activities. USDOT has launched an investigation into the breach, temporarily freezing access to the affected transit benefit system while ensuring that transportation safety systems remain unaffected. This breach comes in the wake of previous cyberattacks targeting federal employees and agencies, highlighting the ongoing cybersecurity challenges faced by government institutions.
???Cyber News
Meta, the parent company of WhatsApp, has launched a new privacy feature called 'Chat Lock' that enables users to block access to their most private conversations. By creating a locked folder with password or biometric authentication options, users can ensure the confidentiality of their one-to-one or group chats. The feature not only hides locked chat details in notifications but also allows users to easily view and authenticate themselves to access locked chats.
Dallas officials have stated that it will likely take weeks for the city's government systems to fully operate following a ransomware attack by the Royal gang. The attack has caused significant damage to systems managing critical infrastructure, police, fire departments, courts, and more, forcing police officers to take handwritten notes and firefighters to operate without crucial digital information. While progress has been made in restoring some systems, city experts estimate that it will take weeks and months to complete the cleanup and restore full functionality.
Google has expanded the capabilities of VirusTotal Code Insight, an AI-powered code analysis feature, to include support for additional scripting languages such as Batch, Command Prompt, Shell, VBScript, AutoHotkey, and Python. This enhancement allows for a more comprehensive analysis of potentially malicious scripts and improves the identification of actual threats. Code Insight has also received updates in terms of file size limit, user interface, and explanatory capabilities, making it a valuable tool for developers and security professionals alike.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: