Cyber Briefing - 2023.05.18
The latest in cybersecurity: Cisco flaw, Credentials auctions, SideWinder, OilAlpha, Espionage, Belkin, Bitcoin Theft, Darknet, FTC fines, NATO new members.
Welcome to?Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe .
???Cyber Alerts
Cisco has issued a warning to its customers about four critical remote code execution vulnerabilities affecting multiple Small Business Series Switches. These security flaws, with maximum severity ratings, can be exploited by unauthenticated attackers to execute arbitrary code with root privileges on compromised devices. The vulnerabilities stem from improper validation of requests sent to the switches' web interfaces, enabling attackers to exploit them through crafted requests without user interaction. Although proof-of-concept exploit code exists, there have been no reported instances of active exploitation yet.
Threat actors have been actively offering access to energy sector organizations, including industrial control systems (ICS) and operational technology (OT) systems, according to a new report. The report highlights how cybercriminals are targeting energy companies, including oil and gas and renewable energy firms, by auctioning off initial access to their environments. Prices range from $20 to $2,500 depending on factors such as target size, location, and the potential for supply chain attacks. The report emphasizes the need for continuous monitoring and threat modeling to protect critical infrastructure in the energy sector.
Russian-speaking ransomware groups, stemming from the Conti group, are maintaining close collaboration and drawing inspiration from each other, according to a report by Red Sense. The Royal ransomware group, a spinoff from Conti, has been refining its downloader malware, taking cues from post-Conti groups. Royal's small-sized loader, with a specific purpose of deploying Cobalt Strike, demonstrates the group's evolving tactics.
Cybersecurity researchers have uncovered previously undocumented attack infrastructure used by SideWinder to target entities in Pakistan and China. The network of 55 domains and IP addresses were used for phishing and mimic various organizations in the news, government, telecommunications, and financial sectors. SideWinder, a state-sponsored group, has been active since 2012, primarily using spear-phishing as an intrusion mechanism to obtain a foothold into targeted environments.
A hacking group known as OilAlpha, suspected to have ties to Yemen's Houthi movement, has launched a cyber espionage campaign against development, humanitarian, media, and non-governmental organizations in the Arabian peninsula. The group employs encrypted chat messengers like WhatsApp and URL link shorteners for social engineering attacks. Their focus is primarily on Arabic-language speakers using Android devices. Recorded Future suggests that OilAlpha acts on behalf of the Houthi movement, but it's unclear if Yemeni operatives or external threat actors are behind the attacks.
The second generation of Belkin's Wemo Mini Smart Plug has been found to have a critical buffer overflow vulnerability, allowing threat actors to remotely inject arbitrary commands. Israeli IoT security company Sternum discovered the issue and reported it to Belkin, stating that the flaw exists in the device's firmware. Despite the vulnerability, Belkin has decided not to address it, as the affected device is reaching end-of-life status.
Franklin County Public Schools closed Monday following a ransomware attack that impacted the school division. The school system engaged third-party experts to assist in the remediation efforts and was able to stop the progress of the attack. According to the FBI’s Internet Crime Complaints Center, ransomware is a type of malware that encrypts data on a computer, making it inaccessible to its owner until a ransom is paid.
领英推荐
Credit Control Corporation (CCC), a debt collection services company, recently experienced a cyber attack resulting in a data breach that potentially compromised the personal data of numerous healthcare institutions. The breach occurred between March 2nd and March 7th, and sensitive information including names, addresses, Social Security numbers, and account details were stolen. The fallout from this breach primarily affects healthcare institutions that relied on CCC’s debt collection services, including major organizations like the VCU Health System and the UVA Health System.
ScanSource, a technology provider and cloud service company, has experienced a ransomware attack that has affected its systems, operations, and customer portals. The incident, which occurred on May 14, has led to disruptions in services and potential delays in North America and Brazil. ScanSource is actively working to restore affected systems and minimize the impact on its business while cooperating with law enforcement and cybersecurity professionals for investigation and mitigation.
The Bloomfield Township Police Department is investigating a significant Bitcoin theft amounting to $204,024 from a resident. The incident occurred when the victim's personal cell phone was hacked through a SIM swap, a technique in which hackers take control of someone's mobile number and gain access to online accounts associated with that number. The victim reported the incident on May 9, stating that a substantial sum of Bitcoin had been withdrawn from their Coinbase account.
Patients seeking crucial injections at a local allergy, asthma, and immunology clinic are facing a chaotic situation as the clinic remains closed due to a cyber security breach. The clinic, grappling with the aftermath of the attack, has lost access to its email, phones, and electronic medical records, leaving staff to resort to pen and paper. Patients, unaware of the situation, continue to receive text messages for appointments while they line up outside, hoping for resolution and worried about their medical files and future care.
???Cyber News
The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) welcomed Ukraine, Ireland, Japan, and Iceland as its newest members, marking the organization's 15th anniversary. With these additions, the CCDCOE now has 39 members, including non-NATO countries, fostering increased cooperation in addressing cyber attacks. The center conducts research, training, and exercises in various cyber defense areas to enhance collective defense capabilities and protect critical infrastructure from state-sponsored threats.
An Illinois man, Michael Mihalo, has pleaded guilty to multiple criminal charges related to his role in a darknet carding conspiracy. Mihalo admitted to leading a group that sold stolen financial information on darknet markets, including Skynet Market and AlphaBay. Under the alias "ggmccloud1," he made over $1 million in cryptocurrency between 2016 and 2019. Mihalo now faces a maximum prison sentence of 75 years and must forfeit at least $4.5 million.
Capita, the UK outsourcing firm recently hit by a ransomware attack, has been accused by Colchester City Council of “unsafe storage of personal data” dating back several years. Another council, Rochford District Council, has issued a statement saying it is “very disappointed” and is working with Capita to investigate the matter. Capita has already been hit by expenses attributed to “recovery and remediation costs” following the ransomware attack in March, which could cost the company up to £20m ($25m).
Premom, the fertility logging app, has reached an agreement with the U.S. Federal Trade Commission (FTC) to cease sharing user information with advertisers. The app's developer, Easy Healthcare, will pay a $100,000 fine and request the deletion of user data from advertising and analytics companies. The FTC accused Easy Healthcare of misleading users by falsely claiming not to share their data with advertisers, leading to a violation of privacy.
Subscribe ?and Comment.
Copyright ? 2023?CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: