Cyber Briefing - 2023.06.29
The latest in cybersecurity: Akira Ransomware, Ransomware, EarlyRat, ThirdEye, Trellix, Twitter, USAA, Metro Health, MAC Pizza, Brave, Astrix, Venn, Invary.
Welcome to?Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please?subscribe.
???Cyber Alerts
Cybersecurity firm IOActive has discovered that drones without known security weaknesses could be targeted by electromagnetic fault injection (EMFI) attacks, allowing threat actors to execute arbitrary code and compromise their operations and safety. The research reveals that injecting specific electromagnetic glitches during a firmware update can compromise the device, granting attackers code execution on the drone's main processor and access to its Android OS. The study focuses on the Mavic Pro drone manufactured by DJI and emphasizes the importance of implementing hardware- and software-based EMFI countermeasures to mitigate the risk.
The notorious Akira ransomware operation has extended its reach by deploying a Linux encryptor to target VMware ESXi virtual machines in double-extortion attacks against organizations globally. Initially focusing on Windows systems across various sectors like finance, education, and manufacturing, Akira has already victimized more than 30 entities in the United States alone, with recent spikes in activity. This Linux variant of Akira demonstrates a shift in ransomware groups adopting Linux encryptors to exploit the widespread use of virtual machines in enterprises, resulting in heightened risks and escalating demands for ransom payments.
Microsoft has released a fix for a known issue causing File Explorer to freeze in Windows 11 and Windows Server systems after viewing a file's effective access permissions. When users attempted to check the effective permissions of shared files or folders, they would encounter a message stating "Computing effective access...." without displaying the results, leading to freezes. This issue primarily affects non-consumer environments and has been addressed in the latest optional cumulative update for Windows 11 22H2, with a general release planned for all affected Windows users in the upcoming July Patch Tuesday updates.
Cybersecurity researchers at Kaspersky have unveiled new findings on the activities of the notorious North Korea-aligned threat actor Andariel. The group deployed a previously unknown malware called EarlyRat to exploit the Log4j Log4Shell vulnerability in a series of attacks last year. Andariel, also known as Silent Chollima and Stonefly, has been linked to North Korea's Lab 110 hacking unit, including the infamous Lazarus Group, and is known for conducting both espionage operations and cyber crimes to generate additional income for the sanctioned nation. With an arsenal that includes ransomware strains like Maui and various backdoors such as NukeSped, Andariel continues to pose a significant threat in the ever-evolving cybersecurity landscape.
Fortinet FortiGuard Labs has uncovered a previously unknown Windows-based information stealer called ThirdEye, capable of extracting sensitive data from infected systems. Disguised as a Russian-named PDF file, the malware's arrival vector is currently unidentified, but it is suspected to be employed in phishing campaigns. Although there is no evidence of ThirdEye being used in the wild, its data-gathering capabilities make it a potential tool for future attacks, posing a threat to Russian-speaking organizations as indicated by its uploading patterns on VirusTotal.
Cybersecurity firm Trellix has resolved a compatibility issue that caused the Exploit Guard module of its Endpoint Security Agent to block the opening of certain Microsoft Office and third-party apps after installing June 2023 cumulative updates. The problem also affects Google Chrome, alongside other security software such as Malwarebytes, Cisco, and WatchGuard, leading to compatibility breakdowns with the latest Windows updates. While primarily impacting non-consumer settings, this issue highlights the importance of promptly addressing compatibility glitches to ensure smooth operations for businesses and users alike.
On June 27th, Twitter users were taken aback as they received automated messages informing them of account restrictions due to a spam policy violation. While suspicious activity on the platform can lead to suspensions, it appears that this incident may be a result of a technical glitch rather than actual violations.Twitter has acknowledged the issue and assured users that a dedicated team is working to resolve the problem promptly. As concerns arise about the accuracy and impact of these false violation notices, users are eager to see a swift resolution to regain normal access to their accounts.
USAA, a San Antonio-based insurance and financial services company, has experienced a data breach where unauthorized individuals gained access to the personal information of a limited number of its members. The breach affected less than 0.15 percent of USAA's membership, approximately 19,000 members out of over 13 million. The incident was traced back to a third-party service supplier where a limited number of employees improperly shared their access credentials.
领英推荐
A Cleveland-based healthcare system, MetroHealth, is notifying individuals about a significant incident involving unauthorized access to medical records by an employee over a span of 15 years. The breach, discovered recently, involved patient names, birthdates, and clinical information. While no evidence of misuse has been found so far, MetroHealth has taken immediate disciplinary action against the employee and is implementing measures to enhance privacy processes and training to prevent similar incidents in the future. This incident highlights the serious privacy and security challenges organizations face with insider breaches, emphasizing the need for robust safeguards and vigilance.
MAC Pizza Management, a pizza company, has reported a data breach that occurred on April 17, 2023, resulting in the exposure of confidential information belonging to thousands of individuals. The unauthorized party gained access to consumer names, Social Security numbers, and potentially driver's license numbers. MAC Pizza has taken immediate action by sending out data breach notification letters to affected individuals, urging them to take necessary steps to protect themselves from potential identity theft and fraud.
???Cyber News
New York-based Astrix Security, a finalist at the RSA Conference Innovation Sandbox contest, has secured Series A funding of $25 million. The investment will allow Astrix to expand its services from managing nonhuman identities to detecting threats and securely connecting third-party applications to CRM or email systems. With the new funding, Astrix's total funding reaches nearly $40 million. The company's technology addresses the growing need for machine identity protection, providing better threat detection and anomaly identification using generative AI.
The European Union Agency for Cybersecurity is grappling with a lack of funds amidst a surge in ransomware and cyberthreats, according to the agency's executive director, Juhan Lepassaar. During a parliamentary hearing, Lepassaar highlighted discrepancies in the allocation of funds by the European Commission, which he argued did not adequately reflect the escalating cyber risks following Russia's invasion of Ukraine. Lepassaar expressed concern that the commission's response of "no new tasks, no new resources" fails to address the significant changes in the cyberthreat landscape.
The Brave team has announced upcoming features that will give users more control over site access to local network resources. Locally hosted resources, such as files and devices on a user's network, are often accessed by websites for tracking and data collection purposes. While other major browsers allow unrestricted access to these resources, Brave aims to block requests to localhost resources from both secure and insecure sites, maintaining compatibility for trusted sites. Users will soon have the ability to specify which sites can access local network resources and for how long, providing enhanced privacy and security measures.
Invary, an operating system runtime validation and security firm, has secured $1.85 million in a pre-seed funding round led by Flyover Capital. The Lawrence-based startup offers a free Runtime Integrity Score (RISe) service, utilizing its runtime integrity technology to continuously validate operating systems and detect vulnerabilities and hidden malware.
New York-based startup Venn Software has secured $29 million in early-stage funding to develop an MDM-like solution for laptops, catering to the needs of the remote workforce. Led by NewSpring, the Series A financing allows Venn to create a cost-effective alternative to virtual desktop infrastructure (VDI) by offering a Secure Enclave product. This solution enables companies to encrypt data, manage access, and isolate business activities within a controlled enclave on remote employee laptops, eliminating the need for full device control.
Subscribe?and Comment.
Copyright ? 2023?CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: