Cyber Briefing - 2023.06.09
The latest in cybersecurity: Asylum Ambuscade, Kimsuky, Social Engineering, Barracuda advisory, Stealth Soldier, Pflegia, Honda, Cortina Watch, TikTok, Kia.
Welcome to?Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
On June 8, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) took swift action by releasing two crucial advisories pertaining to Industrial Control Systems (ICS). These advisories aim to equip users and administrators with vital information regarding the latest security concerns, vulnerabilities, and potential exploits surrounding the Atlas Copco Power Focus 6000 and Sensormatic Electronics Illustra Pro Gen 4 systems. To ensure the safety and integrity of ICS, CISA urges everyone to thoroughly review these newly released advisories, which include detailed technical insights and recommended mitigations.
According to security researchers, Asylum Ambuscade, a hacking group believed to have ties to the Belarusian government, has been engaging in a blend of cybercrime and cyberespionage activities. Unveiling this unprecedented behavior, a recent report from Eset reveals that the group primarily targets individual banking customers, cryptocurrency traders, and small to midsize businesses in North America and Europe. While their motivation for targeting cryptocurrency traders is clear, the exact monetization strategy for gaining access to small and midsize businesses remains uncertain, although the possibility of selling the access to other crimeware groups is speculated.
The North Korea-linked APT group, Kimsuky, has launched a social engineering campaign targeting experts in North Korean affairs, aiming to steal Google and subscription credentials of a reputable news and analysis service focusing on North Korea. SentinelLabs researchers uncovered the campaign, which forms part of a broader cyber espionage effort outlined in a joint advisory by US intelligence. Kimsuky's modus operandi involves establishing rapport with targets before initiating malicious activities, employing spoofed URLs, mimicked websites, and weaponized documents to deceive victims. Increased awareness and robust security measures are necessary to mitigate the persistent threat posed by Kimsuky.
Barracuda, a leading network security solutions provider, has issued a warning to its customers regarding a zero-day vulnerability (CVE-2023-2868) that was exploited by threat actors targeting its Email Security Gateway (ESG) appliances. The vulnerability, affecting the module for email attachment screening, has been patched with security updates released in May. However, given the potential impact on hundreds of thousands of organizations globally, Barracuda advises immediate replacement of the affected ESG appliances. The company, supported by Mandiant, uncovered incidents dating back to October 2022, indicating the exploitation of the flaw for deploying persistent backdoor access and malware infiltration.
A highly-targeted espionage operation in North Africa has unleashed a new custom backdoor known as Stealth Soldier, according to cybersecurity company Check Point. The backdoor, which operates as a surveillance tool, has the ability to record screens and microphones, log keystrokes, and steal browser information. The ongoing campaign, characterized by the use of command-and-control servers that mimic sites belonging to the Libyan Ministry of Foreign Affairs, marks the potential re-emergence of a threat actor that previously targeted Egyptian journalists and human rights activists.
Aix-Marseille University, one of France's oldest and largest institutions, experienced a cyberattack from a foreign country, leading to the network being taken offline and staff unable to access it. The university's quick response prevented significant damage, according to Clara Bufi, the director of communications. While the nature of the attack and potential data breaches remain unconfirmed, the university's website is now back online, and a gradual restoration of services is underway.
A German healthcare recruitment platform, Pflegia, has inadvertently exposed hundreds of thousands of files containing personal and sensitive user data, including names, addresses, and emails. Job seekers who used Pflegia's services are now faced with the distressing realization that their resume information has been compromised. The exposed files were discovered by the Cybernews research team on an open Amazon Web Services (AWS) cloud instance, which has since been closed to the public. Despite attempts to contact Pflegia for comment, the company has not responded as of the time of publishing.
A researcher has uncovered serious vulnerabilities in Honda's ecommerce platform used for equipment sales, which could have allowed attackers to access customer and dealer information. The flaws were discovered earlier this year by Eaton Zveare, who promptly notified Honda and received acknowledgement but no bug bounty reward. The vulnerabilities included a password reset API flaw and an insecure direct object references (IDOR) vulnerability, providing the researcher with access to over 21,000 customer orders and 1,500 dealer sites that could have been compromised.
Ascension Seton, a hospital system in Austin, disclosed a data breach of its legacy websites, Seton.net and DellChildrens.net, which occurred in March. The breach, managed by third-party vendor Vertex, prompted an investigation by forensic experts and law enforcement. While the specific details of the compromised information are yet to be determined, personal data including names, addresses, Social Security numbers, credit card numbers, and insurance information may have been at risk.
领英推荐
In another cybersecurity incident in Singapore, luxury retailer Cortina Watch has fallen victim to a hacker named Bassterlord, who claims to have stolen 2GB of data from the company. Bassterlord, believed to be the head of the hacker group National Hazard Agency, shared a sample of the data on Twitter, which includes customer contact details. Cortina Watch's servers were compromised, and the hacker is reportedly demanding ransom, warning that the addresses of wealthy clients may become public.
The U.S. State Department is offering a substantial reward for information leading to the arrest of Maximilian Rivkin, a Swedish national who administered an encrypted communication service used by global criminal networks. Rivkin is wanted by U.S. authorities for his role in distributing Anom devices, which were secretly operated by law enforcement agencies to monitor criminal activity. These devices were sold to over 300 criminal syndicates, enabling law enforcement to gather crucial intelligence on drug trafficking, money laundering, and violent threats. The operation, known as Trojan Shield, involved the cooperation of a criminal turned informant and proved instrumental in tracking and identifying key individuals involved in illicit activities.
Federal prosecutors in the U.S. unsealed indictments against six Houston-area men for an alleged six-month spree of business email compromise thefts, resulting in losses of nearly $6 million. The Department of Justice charged the men with conspiracy to commit wire fraud and conspiracy to commit money laundering. The suspects, who now face up to 40 years in prison, targeted various organizations, including a hospital, a labor union, a law firm, a real estate closing company, and a logistics company, by impersonating customers through deceptive emails.
Google Chrome is rolling out several new security features for its built-in Password Manager, aimed at enhancing user password management and safeguarding against account hijacking threats. These updates include a dedicated desktop shortcut for easy access and management, biometric authentication for an extra layer of security, the ability to save custom notes with login credentials, the option to import passwords from other managers, and an enhanced Password Checkup tool for iOS. While storing passwords in a browser carries inherent risks, Google's efforts to strengthen Password Manager security are a welcome step in bolstering account safety for millions of users.
In a significant move, Microsoft is integrating OpenAI's powerful language models, including GPT-4 and GPT-3, into its Azure Government cloud service, allowing federal agencies to leverage the capabilities of these advanced language models. The rising popularity of large language models, fueled by the success of OpenAI's ChatGPT, has prompted businesses of all sizes to harness their potential for various applications.
In a lawsuit filed against Kia and Hyundai, New York City accuses the automakers of negligence for failing to install anti-theft devices in their vehicles, leading to a surge in car thefts related to a viral TikTok challenge. The challenge involved stealing Kia and Hyundai vehicles after thieves discovered a method to hotwire the cars using a common screwdriver and USB cable. The lawsuit claims that the rise in thefts diverted valuable resources of the New York City Police Department, costing the city millions of dollars. Several other US cities have also taken legal action against the automakers over similar complaints.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: