Cyber Briefing - 2023.05.23
The latest in cybersecurity: CISA, Apple, GUI-vil, Fingerprints hacked, ALPHV Ransomware, CloudWizard APT, Capita, Crypto stolen, Zivame, ?Meta fined, Pentagon.
Welcome to?Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe .
???Cyber Alerts
The Cybersecurity and Infrastructure Security Agency (CISA) has identified and added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, including sandbox escape, out-of-bounds read, and use-after-free flaws in Apple's WebKit, present significant risks to the federal enterprise. While the Binding Operational Directive (BOD) 22-01 specifically applies to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly advises all organizations to prioritize the prompt remediation of vulnerabilities listed in the catalog to reduce their exposure to cyberattacks.
A financially motivated threat actor known as GUI-vil, originating from Indonesia, has been discovered utilizing Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances for illicit cryptocurrency mining operations. Identified by cloud security company Permiso P0 Labs, GUI-vil shows a preference for GUI tools such as S3 Browser to conduct their initial operations, gaining AWS Console access and continuing their activities directly through web browsers. The threat actor employs attack chains involving the weaponization of AWS keys in publicly exposed source code repositories and targeting vulnerable GitLab instances for remote code execution, demonstrating a concerted effort to blend in and persist within victim environments while pursuing their financial goals.
Researchers from Tencent and Zhejiang University have revealed a practical attack called "BrutePrint" that can bypass biometric fingerprint checks on Android smartphones. The attack, detailed in a research paper, is cost-effective and scalable, allowing unauthorized access to devices and authorization of payments. With the ability to defeat spoof detection and rate limits, BrutePrint has been successful on various Android devices, highlighting the need for closer collaboration between smartphone manufacturers and fingerprint sensor makers to develop stronger countermeasures.
ALPHV, also known as BlackCat, has been using signed malicious Windows kernel drivers to bypass security software detection. The group has improved upon the POORTRY malware, previously detected in ransomware attacks, by using stolen keys from Microsoft's Windows Hardware Developer Program. The new driver, named 'ktgn.sys,' allows the hackers to elevate their privileges and terminate security processes, making it harder to detect their malicious activities.
Microsoft has raised the alarm on the increasing use of residential IP addresses by cybercriminals in business email compromise (BEC) attacks. By utilizing local IP addresses, hackers can make their fraudulent emails appear more authentic and bypass detection systems. The tactic allows threat actors to mask their login attempts, obscure movements, and conduct further attacks, making it crucial for organizations to implement strong authentication methods, educate employees about spotting fraudulent emails, and deploy secure email solutions to safeguard against BEC scams.
Startling revelations regarding a hacker group involved in cyber attacks targeting entities within the Russo-Ukrainian conflict area suggest its existence dates back much further than previously believed. The threat actor, known as Bad Magic or Red Stinger, has recently expanded its scope to target individuals, diplomatic entities, and research organizations in Western and Central Ukraine. Utilizing a sophisticated modular framework named CloudWizard, the group's activities involve capturing screenshots, recording audio, logging keystrokes, stealing passwords, and extracting Gmail inboxes, exposing their persistent commitment to cyber espionage over a span of 15 years.
Multiple local British councils have revealed that their data was exposed due to an unsecured AWS bucket, further exacerbating the ongoing troubles for tech provider Capita. Colchester City Council was the first to raise the issue, stating that Capita had left residents' benefits data vulnerable on the public internet. Other councils, including Coventry City Council and Rochford District Council, have since confirmed similar incidents, prompting calls for investigations and apologies from Capita.
领英推荐
A cryptocurrency phishing and scam service known as 'Inferno Drainer' has siphoned off over $5.9 million worth of cryptocurrency from nearly 5,000 victims. The operation, identified by Web3Anti-Scam firm 'Scam Sniffer,' has deployed hundreds of fraudulent websites since March, with a surge in activity observed after May. Inferno Drainer's targets include popular brands like Pepe, Bob, MetaMask, OpenSea, and Collab.Land, among others. Cryptocurrency users are urged to exercise caution, employ multi-factor authentication, and refrain from sharing personal information online to safeguard their digital assets.
A major data breach has exposed the personal details of 1.5 million users, primarily women, of popular e-commerce retailer Zivame. The compromised information, including names, email addresses, phone numbers, and addresses, is being sold by hackers for a hefty price of $500 in cryptocurrencies. India Today's Open Source Intelligence (OSINT) investigation confirmed the sale and even obtained a sample dataset, prompting concerns over the privacy and security of Zivame's customers. This incident serves as a stark reminder for individuals to remain vigilant about their online information and reinforces the urgent need for robust cybersecurity measures to safeguard sensitive data.
Clarke County Hospital (CCH) has finally disclosed a data breach, one month after being targeted by the Royal ransomware gang. The hackers resorted to a brazen extortion tactic, leaking data on a public site and even claiming to possess a video of a patient collapsing. While CCH states that there is no evidence of information misuse, personal details including names, addresses, and medical records of current and former patients may have been acquired by unauthorized third parties, raising concerns about the security of sensitive medical data.
???Cyber News
Dallas has been listed on the leak site of the Royal ransomware group, indicating a breakdown in communication or refusal to pay the ransom. The threat actor claimed to possess sensitive personal information of employees and threatened to release extensive documents from court cases and government files. Despite Dallas officials maintaining that there is no evidence of data compromise, the weeks-long outage caused by the attack has disrupted police operations and impacted court proceedings.
The European Union has delivered a record-breaking fine of $1.3 billion to Meta for unlawfully transferring European user data to the US. This hefty penalty marks the largest fine since the implementation of the GDPR. Meta, formerly Facebook, faces the consequences of its actions as it disputes the decision and warns of potential repercussions for other companies involved in EU-US data transfers.
A 35-year-old U.K. national, Tejay Fletcher, has been sentenced to 13 years and 4 months in prison for operating the iSpoof online phone number spoofing service. iSpoof allowed fraudsters to mask their phone numbers and impersonate representatives from banks and tax offices to deceive victims. The scam resulted in total losses of over £48 million ($59.8 million) in the U.K. alone, while Fletcher himself amassed illicit proceeds and enjoyed a luxurious lifestyle with high-end possessions.
Highly realistic AI-generated images of an explosion near the Pentagon circulated on Twitter, causing a momentary dip in the stock market. The viral image, shared by verified accounts including Russian state media and an impersonation of Bloomberg, was eventually exposed as a hoax. This incident raises concerns about the dangers of Twitter's pay-to-be-verified system, allowing accounts to gain trust through a blue checkmark by paying a fee.
Chirag Patel, a computer hacker from Virginia, has been sentenced to 51 months in prison for his involvement in stealing credit card numbers and reward points from a Phoenix-based hotel company. Patel hacked into the company's computer system between 2017 and 2020, stealing credit card numbers and using them for fraudulent purchases, as well as redeeming reward points for free hotel stays and gift cards. He also kept a folder of screenshots containing personal information of hotel customers. Patel was ordered to pay restitution totaling $87,522 for his crimes.
Subscribe ?and Comment.
Copyright ? 2023?CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: