Cyber Briefing - 2023.06.12
The latest in cybersecurity: AitM Phishing, BEC attack, MOVEit, Ransomware, Microsoft Sharepoint, University of Manchester, HWL Ebsworth, Call of Duty, Infotel JSC, Bing Chat, Blackpoint Cyber.
Welcome to?Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe .
???Cyber Alerts
Microsoft has revealed a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack that specifically targets banking and financial services organizations. The attack, known as Storm-1167, originates from a compromised trusted vendor and utilizes an indirect proxy to carry out the sophisticated phishing campaign. The attackers tailor phishing pages to their targets, steal session cookies, and gain unauthorized access to email inboxes for orchestrating BEC attacks.
Researchers have discovered an actively exploited vulnerability in Microsoft Windows, tracked as CVE-2023-29336, which allows attackers to gain system privileges. The flaw, residing in the Win32k component, can be chained with a code execution bug to facilitate malware distribution. The exploit was reported by cybersecurity firm Avast Antivirus, and although it has been patched, it poses a significant risk to older systems. "According to security researchers, Asylum Ambuscade, a hacking group believed to have ties to the Belarusian government, has been engaging in a blend of cybercrime and cyberespionage activities.
In a recent advisory, Progress Software warned customers about newly discovered critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer solution. These security bugs, identified with the help of cybersecurity firm Huntress, pose a risk of data theft as attackers can exploit them to compromise Internet-exposed servers and extract or modify customer information. Progress has released a patch to address these vulnerabilities and urges all MOVEit Transfer customers to apply it promptly. While no evidence of exploitation has been found thus far, the Clop ransomware gang has claimed responsibility for targeting the previously exploited flaw, emphasizing the importance of securing affected systems.
Obsidian, a cybersecurity firm, has uncovered a sophisticated ransomware attack targeting Sharepoint Online (Microsoft 365) through a Microsoft Global SaaS admin account. The attack, attributed to the group known as 0mega, involved the creation of a new Active Directory user with elevated privileges and the removal of existing administrators. Rather than encrypting the stolen files, the attacker opted for data theft and uploaded PREVENT-LEAKAGE.txt files as a means of communication and extortion. Obsidian predicts a growing trend of such attacks, highlighting the need for stronger SaaS security programs and the use of multi-factor authentication (MFA) to mitigate risks.
Researchers at the North Carolina State University Raleigh have discovered a privacy risk in the popular fitness-tracking app, Strava, which could potentially reveal users' home addresses through its heatmap feature. By analyzing publicly available heatmap data and correlating it with user metadata, the researchers were able to identify individual residence addresses. They suggest several mitigation strategies, such as excluding home locations from the heatmap and allowing users to set privacy zones. Strava has yet to respond to the findings and disclose any plans for addressing the issue.
Fortinet has released new firmware updates for Fortigate devices that address a critical pre-authentication remote code execution (RCE) vulnerability in SSL VPN. The updates, which include versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 of the FortiOS firmware, were quietly released to address the undisclosed vulnerability. While specific details about the flaw are not yet available, security professionals have warned that it could allow malicious actors to interfere with VPN connections, even if multi-factor authentication (MFA) is enabled. Administrators are urged to apply the updates promptly, as Fortinet devices are popular targets for attacks and the bug affects all previous versions.
The University of Manchester, one of the largest universities in the UK, has announced a cyber incident where hackers accessed and likely copied data. The university expressed regret for the concern this may cause and stated that it is working to determine the extent of the data breach with the help of an external support company. While the nature of the incident is still under investigation, the university has alerted its 40,000 students and 12,000 staff to be cautious of phishing emails and has reported the incident to relevant authorities.
Australian law firm HWL Ebsworth has confirmed a cyberattack on its network after the ALPHV ransomware gang leaked data they claim to have stolen from the company. The law firm, one of Australia's largest, with over 2,000 employees and multiple offices nationwide, had 1.45 terabytes of data, containing over a million documents, published by the cybercriminals. The ALPHV gang is now demanding ransom and threatening to release more data if their demands are not met, putting the firm and its clients at risk.
Multiple players have reported a concerning exploit in Call of Duty: Black Ops Cold War, where hackers can gain access to another player's IP address, leading to game crashes. The issue has garnered attention from the gaming community, including prominent Call of Duty YouTuber Xclusive Ace, who confirmed the exploit is exclusive to Black Ops Cold War. Activision and Treyarch have yet to address the problem or provide a timeline for a fix, leaving players vulnerable. In the meantime, players are advised to use a VPN or avoid playing the game altogether to protect their personal information and privacy.
According to Pennsylvania State Police, a hacker successfully manipulated bank information, resulting in the theft of $47,000 meant for Lehigh Carbon Community College. The incident occurred on April 28 at 2:16 p.m. when the perpetrator accessed a vendor's network and altered the college's deposit details. The investigation is currently underway to identify and apprehend the hacker responsible for the wire fraud, which resulted in a loss of $46,745.50 for the educational institution.
Pro-Ukraine hacking group Cyber Anarchy Squad has taken credit for a targeted attack on Infotel JSC, a Russian telecom provider crucial to the country's banking system. The assault had severe consequences for major banks, as the disruption in connectivity resulted in payment processing and communication interruptions across Russia. In a display of their cyber offensive, the hackers not only breached Infotel JSC but also defaced multiple websites with messages showcasing the counteroffensive of the Armed Forces of Ukraine, escalating tensions between the two nations.
???Cyber News
领英推荐
Microsoft has introduced voice command capabilities for Bing Chat, allowing users to ask questions using their voice instead of typing. By clicking on the microphone icon in Bing Chat, users can now speak their queries, expanding the chat-based version of Bing search engine. Bing Chat currently supports several languages, including English, Japanese, French, German, and Mandarin, with more languages to come. Additionally, Bing Chat now supports text-to-speech answers, providing responses in its own voice.
Russian nationals Alexey Bilyuchenko and Aleksandr Verner are facing charges for hacking the cryptocurrency exchange Mt. Gox in 2011 and stealing approximately 647,000 bitcoins, as well as laundering the stolen funds. The U.S. Department of Justice also accused Bilyuchenko of conspiring to operate the unlicensed BTC-e Bitcoin trading platform. The indictment revealed that the hackers gained unauthorized access to Mt. Gox's server and transferred the majority of the stolen bitcoins, leading to the exchange's eventual shutdown in 2014. The defendants are also alleged to have used various means, including other exchanges and a Bitcoin brokerage service, to launder the stolen funds.
Cybersecurity firm Blackpoint Cyber has secured $190 million in a growth funding round led by Bain Capital Tech Opportunities, with participation from Accel. The company's Managed Detection and Response (MDR) technology helps managed service providers (MSPs) identify and isolate threats at the early stages of a breach, while its Security Operations Center (SOC) ensures real-time threat neutralization. With the new funding, Blackpoint Cyber plans to expand its security solutions and simplify the security stack for MSPs in response to the growing sophistication of cyber-attacks.
Google has introduced the Secure AI Framework (SAIF) to establish a comprehensive security ecosystem for the development, use, and protection of AI systems. SAIF focuses on six core elements to maximize AI security, including expanding existing security controls, extending threat detection and response to AI, automating defenses, harmonizing platform-level controls, adapting controls for AI deployment, and contextualizing AI system risks within business processes. By sharing its 10 years of experience in AI development, Google aims to promote secure and responsible AI practices, fostering a foundation for the industry's adoption of secure AI methodologies.
Subscribe ?and Comment.
Copyright ? 2023?CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: