Cyber Briefing - 2023.06.23
The latest in cybersecurity: Phishing, India, 美国军队 , Mirai Botnet, Cryptojacking, GitHub , BlackLotus Guidance, National Security Agency , CalPERS, MOVEit, DuckDuckGo , Discord , 谷歌 .
Welcome to?Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
A new phishing campaign dubbed MULTI#STORM has emerged, targeting India and the U.S. The campaign utilizes JavaScript files to deliver remote access trojans (RATs) on compromised systems. The attack chain involves the activation of multiple unique RAT instances, including Warzone RAT and Quasar RAT, serving as command-and-control during different stages of the infection chain. The attack begins with a password-protected ZIP file hosted on Microsoft OneDrive, leading to the execution of PowerShell commands and the deployment of various malicious payloads. Vigilance is crucial, particularly in response to phishing emails that emphasize a sense of urgency, caution researchers.
The U.S. Army's Criminal Investigation Division has issued an alert, urging military personnel to stay vigilant against unsolicited smartwatches received in the mail, as they could potentially be compromised with malware. The army reported instances where these smartwatches automatically connected to Wi-Fi and linked with cell phones without user prompt, thereby gaining access to sensitive user data. The malware-infected smartwatches could enable unauthorized access to personal information, including banking details, contacts, and login credentials, while also granting hackers access to conversations and device cameras. It remains uncertain whether this targeting is specifically directed at American military personnel, as the smartwatches may also be part of illegal brushing scams.
In a recent report by Unit 42 researchers of Palo Alto Networks, it has been revealed that a new variant of the Mirai botnet is actively targeting nearly two dozen vulnerabilities in devices from popular brands such as D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek. The malware aims to gain control of these devices to carry out distributed denial-of-service (DDoS) attacks. The campaigns, which began in March and have seen spikes in April and June, indicate ongoing development and expansion of the botnet's capabilities.
In a recent discovery, Microsoft reveals that cybercriminals are hijacking Internet-exposed Linux and Internet of Things (IoT) devices through brute-force attacks, as part of an ongoing cryptojacking campaign. Once gaining access to a system, the attackers deploy a trojanized OpenSSH package to backdoor compromised devices and steal SSH credentials, ensuring persistence. This attack method involves intercepting passwords and keys, enabling root login over SSH, and concealing the intruders' presence, making detection more challenging. The threat actors employ various techniques, including the deployment of rootkits and the use of an IRC bot with DDoS capabilities, to execute their malicious activities and target Linux-based systems for cryptomining.
Millions of GitHub repositories are at risk of supply chain attacks due to a vulnerability known as RepoJacking, according to AquaSec's security team. Their analysis of 1.25 million repositories revealed that approximately 2.95% of them were vulnerable, potentially affecting around 9 million projects across GitHub's entire repository base. RepoJacking occurs when attackers register usernames and create repositories that were previously used by organizations, allowing them to inject malware into dependencies and compromise unsuspecting users.
The U.S. National Security Agency (NSA) has recently issued crucial guidance aimed at helping organizations detect and prevent infections of BlackLotus, an insidious UEFI bootkit. BlackLotus, a sophisticated crimeware solution, exploits a known Windows flaw to bypass Secure Boot protections and gain control over the booting process. By hardening user executable policies and monitoring the integrity of the boot partition, infrastructure owners can take proactive steps to safeguard their systems against this persistent threat.
Hawaii Community College is grappling with a ransomware attack, resulting in the shutdown of its network and the involvement of federal authorities. The college, part of the state school system, has campuses in Kona and Pālamanui, serving over 2,500 students annually. While cybersecurity experts are working to mitigate the incident, the NoEscape ransomware group claims responsibility and threatens to leak stolen data.
Car mount and mobile accessory maker iOttie warns of a data breach that lasted almost two months, resulting in the theft of customers' credit card and personal information. The popular manufacturer of mobile device car mounts discovered the compromise on June 13th, revealing that malicious scripts were active on its online store between April 12th and June 2nd. The attack, known as MageCart, targeted the checkout pages, allowing threat actors to steal sensitive data during the payment process.
The largest public pension fund in the U.S., California's Public Employees' Retirement System (CalPERS), has fallen victim to a breach involving the MOVEit file transfer tool. Hackers exploited the vulnerability to access data held by a third-party vendor, potentially compromising personal information such as names, dates of birth, and Social Security numbers. While active CalPERS members are unaffected, retirees and beneficiaries are being offered credit monitoring and identity restoration services, with federal law enforcement notified of the incident.
领英推荐
Employees of the San Luis Obispo County Office of Education and affiliated districts are urged to monitor their bank accounts following a cyber attack that may have exposed their financial information. While there is no evidence of leaked employee data such as payroll or human resources information, the breach has prompted the office to shut down all services temporarily. Payroll is being managed manually, and employees are offered up to a year of credit monitoring as a precautionary measure.
???Cyber News
Progress Software is facing the fallout from a significant data breach that impacted numerous private and public sector organizations using its MOVEit file transfer software. The breach has led to a class action lawsuit filed by affected individuals, accusing Progress of inadequate security measures and delayed notification, which increased the risk of identity theft. The lawsuit alleges that Progress failed to properly monitor and implement data security practices that could have detected the breach earlier.
DuckDuckGo has launched its privacy-focused browser for Windows, now available in a beta version with no restrictions. The browser aims to safeguard users from third-party tracking, targeted ads, search query logging, and profiling, offering default data protection and security features. With features like tracker blocking, smart encryption, cookie pop-up management, and a built-in "Fire" button to erase browsing history, DuckDuckGo's browser aims to create a less intrusive and cluttered internet experience. The developer also claims that the browser consumes about 60% less data than Chrome, potentially providing faster browsing.
In an effort to combat the rising number of cyberattacks and address the shortage of trained professionals, Google CEO Sundar Pichai has pledged $20 million to support and expand the Consortium of Cybersecurity Clinics. The initiative aims to introduce thousands of students to potential careers in cybersecurity while providing essential defense against hacking for small government offices, rural hospitals, and nonprofits. Google's commitment aligns with their focus on security and the growing importance of cybersecurity in today's digital landscape.
French regulators have imposed a €40 million fine on Criteo, a behavioral retargeting firm, for violating GDPR regulations. The company was found to have collected and processed a significant amount of browsing data without obtaining proper user consent. Despite the reduced fine, Criteo plans to appeal the decision, stating that the alleged breaches are disproportionate and not aligned with industry practices.
Discord, a popular online platform originally designed for gamers, has become a hub for communities dedicated to various topics, attracting 150 million users worldwide. However, NBC News' investigation exposes a disturbing trend of adults exploiting the platform to groom children, trade child sexual exploitation material, and extort minors. Over the past six years, NBC News identified 35 cases involving Discord communications that led to charges of kidnapping, grooming, or sexual assault, with 22 cases occurring during or after the COVID-19 pandemic. The numbers reported likely represent only a fraction of the actual incidents, highlighting the gravity of the issue.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: