Cyber Briefing - 2023.07.25
?? What's the latest in the cyber world today?
Ivanti Update, 苹果 Update, India, Akira Ransomware, Lazarus APT, South Korea, Japan, Smishing Campaign, SpyNote Malware, Norwegian Government, Yamaha Corporation Music, Teachers’ Association, Cl0p Ransomware, Azimut Group , Eurostar , Biometrics, 谷歌 , OneTrust , 泰雷兹 , Imperva .
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
Ivanti's Endpoint Manager Mobile (EPMM) software, formerly known as MobileIron Core, faces an immediate threat from an actively exploited zero-day vulnerability. The flaw, marked with the highest CVSS severity rating of 10, allows unauthorized access to restricted functions and data without authentication. Attackers could potentially gain access to users' personally identifiable information, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to warn of the risks and urge immediate updates to the latest patched versions (11.8.1.1, 11.9.1.1, and 11.10.0.2) as disclosed by security researcher Kevin Beaumont.
Apple has taken swift action to address zero-day vulnerabilities that were actively exploited in attacks aimed at iPhones, Macs, and iPads. The two vulnerabilities, identified as CVE-2023-37450 and CVE-2023-38606, allowed attackers to manipulate WebKit and iOS Kernel, respectively, potentially leading to unauthorized access to sensitive data. In response, Apple has rolled out Rapid Security Response (RSR) updates, reinforcing checks, and state management to protect its users from potential cyber threats.
The Indian Computer Emergency Response Team (CERT-In) has issued a stern warning about the emergence of Akira ransomware, a dangerous virus targeting both Windows and Linux-based systems. The ransomware group behind Akira is not only encrypting victims' data but also stealing vital personal information, conducting double extortion to force ransom payments. To gain access to victim environments, the group takes advantage of VPN services, particularly where multifactor authentication is not enabled, and utilizes tools like AnyDesk, WinRAR, and PCHunter to evade detection. Taking basic online hygiene measures, maintaining offline backups, and implementing strong password policies with multi-factor authentication are crucial in defending against this perilous cyber threat.
Lazarus, the North Korean state-sponsored APT group, has been detected deploying a watering hole technique to infiltrate Korean websites and exploit the vulnerability in INISAFE CrossWeb EX V6 to target Windows IIS web servers. Through this method, the group installs malware, such as SCSKAppLink.dll and JuicyPotato, to gain control over compromised systems and fetch additional malware strains from external sources. Lazarus has been linked to various high-profile attacks, including the recent breach at JumpCloud and the theft of millions from Atomic Wallet, underscoring the importance of implementing proactive security measures and regularly patching vulnerabilities to counteract such threats effectively.
McAfee researchers have discovered a new smishing campaign that targets Japanese Android users by deploying an updated version of the SpyNote malware. Hackers impersonated a power and water infrastructure company to send SMS alerts about payment issues, leading victims to a rogue website, where their devices were infected with the remote-controlled SpyNote malware. This spyware exploits accessibility services and device administrator privileges in Android devices, allowing it to steal sensitive user information, device location, contacts, SMS messages, and phone calls. The malware poses as the Tokyo Waterworks Bureau and TEPCO Power Transmission, deceiving users with legitimate app icons to appear authentic, and has previously targeted financial institutions, including the Bank of Japan in April 2023.
Atera's remote monitoring and management software was found to have zero-day vulnerabilities in its Windows Installers, posing serious risks of privilege escalation attacks. Discovered by Mandiant and remediated by Atera in subsequent versions, the flaws could allow attackers to execute arbitrary code with elevated privileges, opening up potential avenues for exploitation. Additionally, Kaspersky's revelations of a severe privilege escalation flaw in Windows, actively exploited by threat actors, add to the urgency for software developers to thoroughly review and secure their systems against such escalating threats.
The Norwegian government's ICT platform, used by twelve ministries, experienced a cyberattack after hackers exploited a zero-day vulnerability in third-party software. Although sensitive data might have been accessed or exfiltrated during the attack, the government assures that work activities continue as normal, and they have implemented security measures to protect the affected ICT platform. Authorities are investigating the incident, and the Norwegian Data Protection Authority has also been notified about the potential data breach.
Yamaha's Canadian music division faced a recent cyberattack, with two different ransomware groups claiming responsibility for targeting the Japanese manufacturing giant known for producing musical instruments and audio equipment. While Yamaha Canada Music confirmed unauthorized access and data theft, they responded swiftly, collaborating with experts and their IT team to contain the attack and prevent further damage. The company is now focusing on mitigating adverse consequences and bolstering network defenses to ensure enhanced security moving forward, reflecting a concerning cybersecurity trend of victim organizations being targeted by multiple ransomware groups.
领英推荐
The Teachers Insurance and Annuity Association of America (TIAA) reveals a major data breach involving more than 2.63 million customers, making it one of Clop ransomware gang's largest victims. Initially downplaying the impact, TIAA has now disclosed that names and Social Security numbers of millions of customers may have been stolen, putting their sensitive information at risk. The managed file transfer software, MOVEit Transfer, suffered from a zero-day vulnerability, allowing attackers to access and download data stored within the system, leading to the massive breach.
Italian asset manager Azimut reported successfully thwarting a cyberattack without compromising its customers' sensitive data, despite receiving a ransom request that was rejected. The attack, attributed to the notorious ransomware group BlackCat (ALPHV), targeted Azimut among 23 other organizations in July. Palo Alto Networks Unit 42 confirmed BlackCat's involvement, highlighting the group's widespread and sophisticated attacks across the U.S. and Europe, impacting various industries such as law firms, healthcare systems, and engineering firms.
?? Cyber News
Eurostar, the high-speed international rail service, is set to launch SmartCheck, a contactless facial biometric check-in system, at London St. Pancras Station, allowing passengers to automate gate check-ins and UK exit checks. While the system aims to save time and streamline processes, it has sparked debates over the potential cybersecurity risks of biometric technology. Developed by iProov, SmartCheck leverages Genuine Presence Assurance technology to verify the passenger's face remotely, but concerns arise about data privacy and potential vulnerabilities that malicious actors could exploit.
In an effort to bolster cybersecurity, Google is reportedly blocking certain employees' access to the internet, restricting them to internal web-based tools and Google-owned sites. Additionally, the pilot program removes root access, preventing users from running sysadmin commands or installing software. While this measure may enhance computer security and productivity, it raises questions about Google's mission to make information universally accessible and could lead to discontent among employees who feel limited and less trusted by their employer.
OneTrust, an Atlanta-based company, secured $150 million in funding to accelerate its growth in trust intelligence software, despite slashing its valuation by $800 million. Led by Al Gore's Generation Investment Management, the funding valued OneTrust at $4.5 billion, a decrease from its previous $5.3 billion valuation. The company's CEO, Kabir Barday, emphasized the importance of technology in managing privacy, security, ethics, and ESG requirements amidst changing regulations and new business initiatives.
In a recent proposal, EU governments have rejected the idea of requiring manufacturers to report actively exploited vulnerabilities directly to the European Union Agency for Cybersecurity (ENISA). Instead, the amended version of the proposed Cyber Resilience Act calls for manufacturers to disclose vulnerabilities to their national Computer Security Incident Response Team (CSIRT). The CSIRT will then share this information through a new intelligence sharing platform operated and maintained by ENISA. However, concerns have been raised about ENISA potentially becoming a target for hostile states and criminals, and the legislation may provoke conflicts between incident response teams across Europe with differing roles and affiliations.
Thales, the Paris-based conglomerate, is set to purchase Silicon Valley's Imperva for $3.6 billion, marking a significant move into the application and API security market while enhancing its data security offerings. The acquisition will create a $2.66 billion cybersecurity giant, with an expected $500 million security revenue boost to Thales' portfolio. The deal is projected to generate cost and revenue synergies of $110 million, driving organic sales growth and reinforcing Thales' position as a world-class global cybersecurity integrated.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on:
Vana Verification Code: 883169 cybersecurity Consultant at Felixonyi555tech, CRYPTO AIRDROP FARMER
1 年We keep building