Cyber Briefing - 2023.06.26
The latest in cybersecurity: VMware, Fortinet, Apple, CISA KEV, Muddled Libra, PindOS, RateForce, Wilton Re, Barefoot Contessa, Peter Mark, OpenAI Bug Bounty.
Welcome to?Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe .
???Cyber Alerts
VMware has released security updates for vCenter Server, targeting multiple memory corruption vulnerabilities that could allow attackers to execute remote code. These vulnerabilities, identified as CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, and CVE-2023-20896, stem from the software's implementation of the DCERPC protocol. Notably, one of the most severe flaws, CVE-2023-20892, is a heap-overflow issue that received a CVSS score of 8.1. VMware addressed these vulnerabilities in vCenter Server and Cloud Foundation versions 8.0 U1b and 7.0 U3m, along with releasing Async patches for VCF customers, urging users to update their systems promptly to mitigate the risk.
Fortinet, a leading cybersecurity company, has addressed a critical vulnerability in its FortiNAC solution, known as CVE-2023-33299, which could allow unauthenticated attackers to execute arbitrary code and commands on vulnerable devices. FortiNAC, a network access control (NAC) solution, provides organizations with comprehensive network security and access control capabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an order for federal agencies to swiftly patch recently exploited zero-day vulnerabilities that enabled the deployment of the Triangulation spyware via iMessage zero-click exploits on iPhones. The alert was prompted by a report from Kaspersky, which uncovered the use of Triangulation malware in an ongoing campaign dubbed "Operation Triangulation." The spyware has been discovered on iPhones belonging to employees in multiple countries. Additionally, CISA has included other critical vulnerabilities, such as a command injection bug affecting NAS devices and a VMware ESXi vulnerability, in its known exploited vulnerabilities catalog, urging both government agencies and private companies to prioritize patching these security flaws.
A threat actor named Muddled Libra is launching persistent attacks on the business process outsourcing (BPO) industry, utilizing sophisticated social engineering techniques for initial access. The group gained attention with the release of the 0ktapus phishing kit in 2022, leading Palo Alto Networks to investigate their tactics. Muddled Libra demonstrates a high level of adaptability and comfort in engaging with help desks and employees to carry out their attacks, employing various tools like Mimikatz and Raccoon Stealer.
A new strain of JavaScript dropper named PindOS has been discovered, delivering powerful payloads like Bumblebee and IcedID. These loaders act as a pathway for various malware, including ransomware, on compromised systems. The PindOS code contains Russian comments, suggesting a potential ongoing collaboration between e-crime groups associated with Bumblebee and IcedID. While the extent of this partnership and the long-term adoption of PindOS by these threat actors are yet to be determined, its success could potentially establish it as a permanent tool in their arsenal and gain popularity among other cybercriminals.
A recent data breach has exposed over 250,000 documents containing personal and sensitive information of individuals from the US, revealing scans and images of various documents such as licenses, insurance cards, and vehicle registrations. The breach, discovered by security researcher Jeremiah Fowler, involved an unsecured database associated with RateForce, a car insurance quote comparison platform. The compromised records contained a vast amount of data, including customer names, addresses, phone numbers, driver's license numbers, VINs, and insurance policy details, raising concerns about privacy and security in the insurance industry.
A European hospital falls victim to a malware infection propagated by Chinese military-linked hackers, revealing the alarming reach and uncontrolled spread of their operations. The incident, investigated by Check Point researchers, uncovered the use of infected USB drives by Camaro Dragon, an espionage threat actor targeting Southeast Asian governments and institutions. The malware, WispRider, not only bypasses antivirus solutions but also autonomously spreads across connected removable drives, leading to the hospital's network being compromised.
A third-party vendor breach through the MOVEit transfer exploit has led to the exposure of personal details belonging to nearly 1.5 million individuals, as disclosed by US-based insurer Wilton Re. The incident occurred within the MOVEit transfer tool used by Wilton Re's service provider, PBI Research Services. The breached data included Social Security Numbers (SSNs), which can be sold on underground marketplaces and used for identity theft. The MOVEit zero-day bug, allegedly exploited by the Russia-linked Cl0p ransomware gang, has affected numerous companies, with Cl0p publishing victims' names on their dark web leak site.
领英推荐
The renowned Barefoot Contessa, Ina Garten, experienced an unexpected turn of events when her Facebook page was hacked this week. Rather than typical spam or offensive content, the hacker surprised followers by sharing a copycat recipe for Olive Garden's Chicken Scampi from a page called "Only For You." Social media users couldn't help but notice the stark contrast between Garten's usual culinary style and the sudden influx of budget-friendly, homey recipes. In a subsequent post, Garten expressed gratitude to those who alerted her of the breach and acknowledged the assistance of Meta in reclaiming control over her page, assuring fans that her signature recipes will continue to grace their feeds.
In a statement, hairdresser chain Peter Mark confirmed that internal human resources data had been compromised in a cyber attack on their business. While customer payments and salon operations remained unaffected, the company is working closely with the National Cyber Security Centre and local law enforcement to determine the extent of the breach. Initial findings suggest that only HR data has been compromised, and there is currently no evidence of personal data leakage on the dark web, but the investigation is ongoing.
???Cyber News
U.S. law enforcement agencies, in a coordinated effort, successfully seized the clear web domain of the infamous BreachForums, a notorious hacking forum. The seizure, three months after apprehending its owner Conor Fitzpatrick (aka Pompompurin), marks a significant blow to cybercriminal activity. The operation involved a global collaboration of law enforcement authorities, including the FBI, the Dutch National Police, and the Australian Federal Police, among others. The domain seizure, accompanied by the unexpected addition of handcuffs to Pompompurin's avatar in the seizure banner, signifies a major milestone in dismantling the BreachForums network and its associated criminal activities.
Russia's Ministry of Digital Development is reportedly contemplating lifting restrictions on piracy websites to provide access to unlicensed Western content that is no longer officially available in the country. The move is seen as an attempt to inflict damage on Western companies, such as Netflix and HBO, which suspended their operations in Russia following the invasion of Ukraine. The proposed legalization of piracy would allow Russian consumers to access Western movies and TV shows that have become scarce due to content license withdrawals by studios.
The new cybersecurity coordinator will tackle cyber threats and enhance national security preparedness in Australia. Air Vice-Marshal Darren Goldie, a senior commander with experience in security and foreign policy, has been chosen for the role. The coordinator's responsibilities will include collaborating with companies and citizens to manage cyber incidents and ensuring a coordinated response to cyber attacks.
OpenAI, the creator of ChatGPT and other AI applications, partnered with Bugcrowd to launch a bug bounty program focused on identifying vulnerabilities in its public-facing infrastructure. The contest excluded the AI models themselves but aimed to address potential issues related to cloud resources, plugins, and third-party connections. Over 4,500 researchers joined the program, reflecting the collaborative effort OpenAI emphasizes in cybersecurity. Although the bug bounty competition had a smaller attack surface compared to other companies, it provided valuable opportunities for ethical hackers and facilitated the training of less-experienced participants.
The Senate's defense policy bill includes a provision to evaluate the feasibility of creating a separate Cyber Force within the military. Despite past resistance from the Pentagon, lawmakers are advocating for a dedicated cyber-specific military branch due to the increasing digital threats from foreign adversaries. The study, if commissioned, would be conducted by the National Academy of Public Administration to ensure independence from the Pentagon's bureaucracy and potential interference.
Subscribe ?and Comment.
Copyright ? 2023?CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: