Cyber Briefing - 2023.05.22

Cyber Briefing - 2023.05.22

The latest in cybersecurity: Cisco, Samsung, TurkoRat, Fin7, CapCut, ChatGPT, Midjourney, KeePass, Sysco, Luxottica, Gentex, ASUS, Dish, Google, China, Micron.

Welcome to?Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please?subscribe.



No alt text provided for this image

???Cyber Alerts


1. Active Exploited Vulnerabilities: Urgent Remediation

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities Catalog, including three newly identified vulnerabilities that are actively being exploited. These vulnerabilities are CVE-2004-1464, affecting Cisco IOS and causing denial-of-service, CVE-2016-6415, affecting Cisco IOS, IOS XR, and IOS XE and leading to information disclosure in IKEv1, and CVE-2023-21492, impacting Samsung Mobile Devices and allowing the insertion of sensitive information into log files. These vulnerabilities serve as common attack vectors for malicious cyber actors and pose substantial risks to the federal enterprise. CISA emphasizes the importance of timely remediation of these vulnerabilities for all organizations to enhance their vulnerability management practices and protect against active threats.


2. Malicious npm Packages Contain TurkoRat

Security experts have uncovered two malicious packages, nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository. These packages were found to be harboring the TurkoRat open-source info-stealer. TurkoRat is a potent information-stealing malware that targets sensitive data such as login credentials, cryptocurrency wallets, and website cookies. The discovery highlights the risks associated with supply chain attacks and emphasizes the importance of vigilance in package management and anomaly detection for developers and organizations alike.


3. FIN7 Resurfaces with Clop Ransomware

FIN7, a financially motivated cybercriminal group known as Sangria Tempest (ELBRUS), has resurfaced after a period of inactivity, deploying Clop ransomware in opportunistic attacks. Microsoft threat analysts have linked FIN7 to these attacks, which involved the use of POWERTRASH malware dropper and the Lizar post-exploitation tool to gain access to victims' networks. The group has a history of targeting various industries, including banks and point-of-sale terminals, and has been associated with other ransomware strains like REvil and Maze.


4. CapCut Impersonation Malware Targets Users

A concerning malware distribution campaign has emerged, with threat actors impersonating the popular video editing tool CapCut to distribute various strains of malware to unsuspecting victims. CapCut, known for its features and millions of downloads, has become a target for hackers who create malicious websites disguised as CapCut installers. Cybersecurity researchers have discovered two separate campaigns distributing malware, including the Offx Stealer and Redline Stealer, which aim to extract sensitive data from victims' devices. To stay safe, users are advised to download software exclusively from official sources and exercise caution when searching for software tools online.


5. Imposter AI App Pages in BatLoader Campaign

A concerning BatLoader campaign has been discovered, utilizing Google Search Ads to redirect users to imposter web pages promoting fake AI-based services like ChatGPT and Midjourney. These rogue pages aim to trick visitors into downloading fake apps of popular AI services. The threat actors behind the campaign deliver the Redline Stealer using BatLoader in the form of MSIX Windows App Installer files. This recent campaign highlights the persistent attempts by malicious actors to exploit the popularity of AI tools and underscores the need for heightened vigilance in detecting and mitigating such threats.


6. KeePass Flaw: Master Password Vulnerability

A proof-of-concept (PoC) has revealed a security flaw in KeePass versions 2.x that could allow attackers to recover a victim's master password in cleartext. The flaw, tracked as CVE-2023-32784, is expected to be patched in the upcoming release of KeePass 2.54. The vulnerability, discovered by security researcher "vdohney," exploits how the program handles user input, allowing the password to be retrieved from the program's memory. Users are urged to update to the latest version once it becomes available to mitigate the risk.


No alt text provided for this image

???Cyber Incidents


7. Sysco Cyberattack Exposes Employee Data

Sysco, a major food distributor, experienced a cyberattack that compromised the personal information of over 125,000 current and former employees. The breach, which occurred in January and lasted nearly three months before being discovered, potentially exposed sensitive data such as names, social security numbers, and account numbers. The company is working with cybersecurity experts and law enforcement to investigate the incident and is offering affected individuals identity protection services for 24 months. Additionally, Sysco disclosed that certain company data and customer information were also accessed by the hackers.


8. Luxottica Data Breach: 70M Customers Exposed

Luxottica, the world's largest eyewear company and owner of popular brands like Ray-Ban and Oakley, has confirmed a data breach in 2021 that exposed the personal information of 70 million customers. The breach involved a leaked database that was recently posted for free on hacking forums, making the data more accessible to threat actors. The company is currently investigating the incident, which is believed to have originated from a third-party contractor holding customer data.


9. Gentex Data Breach by Dunghill Ransomware

Gentex Corporation, a technology and manufacturing company based in Michigan, has confirmed a data breach following an attack by the Dunghill ransomware gang. The breach, which occurred several months ago, exposed sensitive corporate data, including emails, client documents, and personal information of 10,000 employees. While the exact date of the breach is unclear, it appears that the incident was not previously disclosed by Gentex. Dunghill has claimed to have made the stolen data publicly available on the dark web and has allegedly shared it with manufacturers from China, India, and the U.S.


10. ASUS Router Connectivity Issue Resolved

ASUS has issued an apology to its customers after a server-side security maintenance error resulted in network connectivity problems for a range of impacted router models. Reports of the issue circulated on social media and discussion platforms, with users expressing confusion and frustration over the lack of communication from the vendor. The problem was attributed to an error in the configuration of a server settings file, causing interrupted network connectivity. ASUS has since addressed the server issue, and affected routers should now return to normal operation, with manual rebooting or factory resets recommended in some cases.


No alt text provided for this image

???Cyber News


11. Dish Network Suspected of Ransom Payment

Dish Network, an American television provider, is suspected of paying a ransom following a ransomware attack in February. The wording used in data breach notification letters suggests that Dish received confirmation of the data's deletion, which typically happens after a ransom is paid. While Dish has not confirmed the payment, the circumstances strongly indicate that they may have complied with the ransom demand.


12. Google Phasing Out Third-Party Cookies in Chrome

Google has announced its plans to gradually phase out support for third-party cookies in its Chrome browser, with a goal of completely turning them off in the second half of 2024. In the first quarter of 2024, Google intends to disable third-party cookies for 1% of Chrome users worldwide, allowing developers to conduct real-world experiments without relying on such cookies. The initiative, known as Privacy Sandbox, aims to limit covert tracking while still delivering personalized content and ads in a privacy-preserving manner. The timeline is subject to stakeholder discussions, feedback, and testing, with regulatory oversight from the U.K.'s Competition and Markets Authority.


13. Cloudflare Launches Secrets Store for Secure Management

Cloudflare has launched Secrets Store, a solution designed to help organizations securely store and manage secrets across their platform. Secrets, such as credentials and cryptographic keys, need to be stored securely to prevent data breaches and ensure application integrity. The Secrets Store offers streamlined development processes, enhanced security, and ease of use for developers to efficiently build applications while adhering to security best practices. Cloudflare aims to provide a comprehensive secrets management solution for its customers, enabling them to manage sensitive information across various environments, including the cloud and local infrastructure.


14. Unmasking Golden Chickens' Developer

eSentire, a cybersecurity firm, claims to have discovered the identity of 'Jack', the second developer behind the Golden Chickens malware suite. The suite, offered as malware-as-a-service (MaaS) since 2018, has been employed by the financially motivated cybercrime groups Cobalt Group and FIN6, causing over $1.4 billion in financial losses. Jack, a Romanian based in Bucharest, has been active in cybercrime forums since 2008 and built a notorious reputation as a ripper and scammer before creating Golden Chickens.


15. China Bans Micron Products over Security

The Chinese government has imposed a ban on products manufactured by Micron Technology, a leading US memory chip giant, citing national security concerns. The ban, which applies to Micron's products used in key infrastructure projects, comes after a network security assessment identified serious potential network security issues in the company's offerings. While China emphasizes the importance of collaboration with foreign manufacturers, compliance with Chinese laws and regulations is deemed essential. This move marks a significant development in the ongoing dispute between China and the US regarding technological sovereignty and national security.


No alt text provided for this image

Subscribe?and Comment.

Copyright ? 2023?CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn,?Twitter,?Reddit,?Instagram,?Facebook,?Youtube, and?Medium.


要查看或添加评论,请登录

CyberMaterial的更多文章

社区洞察

其他会员也浏览了