Cyber Briefing - 2023.08.15
?? What's the latest in the cyber world today?
QwixxRAT, RAT, Telegram Messenger , Discord , Linux, Monti Ransomware, Cryptocurrency Scams, Federal Bureau of Investigation (FBI) , JanelaRAT, LATAM, ATM Vulnerabilities, 福特 , Wi-Fi, Colorado Department of Health Care Policy & Financing - HCPF , Alberta Dental Service Corp , Hacktivists, Fukushima Wastewater, Japan, China, Taiwan, Singapore’s Banking Malware Scam, DDoS Attacks, US Global Reconnaissance System, Jen Easterly , Cybersecurity and Infrastructure Security Agency .
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
A newly identified remote access trojan named QwixxRAT is making waves through its availability for purchase on Telegram and Discord. This sophisticated RAT, discovered by Uptycs, strategically infiltrates Windows systems to gather sensitive data covertly. It acts as an open gateway for threat actors, transmitting unauthorized access to victim information through a Telegram bot. The malware, designed with precision, collects a wide array of data, including web histories, keystrokes, screenshots, and more, while employing anti-analysis mechanisms to stay under the radar. As the cybersecurity landscape evolves, QwixxRAT serves as a stark reminder of the constant vigilance required to safeguard against emerging threats.
The Monti ransomware collective has shifted its focus to legal and governmental institutions, resuming operations and unleashing a fresh variant based on the Linux platform. Synack Red Team members uncovered the vulnerabilities and highlighted the group's deliberate mimicry of Conti ransomware tactics. Despite significant deviations from previous Linux-based versions, this new variant retains its potential to remotely compromise ATMs, emphasizing the need for robust security measures and vigilance within targeted sectors.
The FBI highlights the growing trend of scammers posing as recovery firms, targeting victims of cryptocurrency investment scams who seek help in retrieving their lost assets. The bulletin reveals that losses due to cryptocurrency investment fraud exceeded $2.5 billion in 2022, underscoring the scale of the issue. These recovery scheme scammers prey on the desperation of victims, promising assistance in recovering funds, but often resort to demanding upfront fees and further solicitations, leaving victims deceived for a second time. The FBI urges individuals to exercise caution, not to trust unsolicited recovery services promoted online, and to report incidents to law enforcement.
A stealthy financial malware named JanelaRAT has emerged, primarily affecting users in Latin America. Researchers from Zscaler ThreatLabz have identified JanelaRAT's focus on capturing sensitive financial and cryptocurrency data from compromised Microsoft Windows systems, primarily targeting bank and financial institutions in the LATAM region. This advanced malware employs DLL side-loading techniques to evade detection and has evolved from the BX RAT variant. It can log keystrokes, capture screenshots, track mouse inputs, and more, all while transmitting harvested information to command-and-control servers. The malware's intricate design and specific targeting underscore its stealthy and malicious nature.
Vulnerabilities within the ScrutisWeb ATM fleet monitoring software, developed by Iagona, have raised concerns of potential remote hacking of ATMs. Synack Red Team members uncovered these security flaws, which have since been addressed by the vendor with the release of ScrutisWeb version 2.1.38 in July 2023. This monitoring solution, widely used to oversee banking and retail ATM fleets, allows remote hardware monitoring, file exchange, and data modification. Despite the patches, the vulnerabilities, designated as CVE-2023-33871, CVE-2023-38257, CVE-2023-35763, and CVE-2023-35189, underline risks such as path traversal, authorization bypass, hardcoded cryptographic key, and arbitrary file upload. As such, vigilance remains critical to prevent potential unauthorized access and manipulation of ATMs, thereby securing crucial financial operations.
Ford has stated that a critical Wi-Fi vulnerability in the SYNC 3 infotainment system's Texas Instruments driver does not pose a safety risk to certain vehicle models. The flaw, tracked as CVE-2023-29468, is described as a buffer overflow that could lead to remote code execution when an attacker crafts a specific wireless frame within range of the affected device. Ford assures that this vulnerability, although serious, does not compromise the safety of vehicle occupants as the infotainment system is segregated from vital controls like steering and braking. The company plans to release a software patch for download via USB ports and recommends temporarily turning off Wi-Fi functionality through the SYNC 3 Settings menu as a precaution.
The Colorado Department of Health Care Policy and Financinghas revealed that over four million individuals were impacted due to a MOVEit attack on IBM. The breach exposed personal and health information of the affected individuals, including sensitive data such as Social Security numbers, medical IDs, and clinical details. HCPF swiftly launched an investigation upon being informed by IBM and confirmed unauthorized access to certain HCPF files on the MOVEit application. The agency is taking measures to enhance cybersecurity and is providing credit monitoring services to affected individuals to mitigate the risks of identity theft and fraud.
A major security breach has shaken the foundations of Discord.io as an unidentified hacker, codenamed "Akhirah," infiltrated the platform and exfiltrated the sensitive information of 760,000 users. The breach, which occurred on August 14, 2023, has ignited concerns over user privacy, as the stolen data is now being peddled on underground hacker forums. While passwords were hashed, the potential for decryption looms large, urging users to bolster their security measures and prompting Discord.io to recommend immediate password resets. In response to the breach, Discord.io has ceased its operations indefinitely, leaving its future hanging in the balance amidst the fallout.
领英推荐
Alberta Dental Service Corporation has reported a significant data breach affecting nearly 1.47 million people between May 7 and July 9, 2023. ADSC, a key partner of the Government of Alberta, administers dental benefits through diverse programs, causing concerns about compromised personal information. The breach, traced back to an unauthorized third party, led to temporary encryption of specific systems and data through malware deployment. Despite prompt cybersecurity measures, a portion of the data was accessed and copied, raising questions about the incident's origin. The breach highlights potential phishing, identity theft, and fraud risks for the impacted individuals. ADSC has taken steps to bolster security, collaborate with law enforcement, and notify affected individuals, emphasizing the importance of data-centric security strategies in healthcare organizations.
A group identifying themselves with Anonymous, known as EUTNAIOA, has launched a cyber protest against the Japanese government's decision to release wastewater from the Fukushima Daini Nuclear Power Plant. Dubbed "Tango Down," the operation targeted 21 websites associated with the Fukushima facility, including government agencies and organizations. The action follows the International Atomic Energy Agency's authorization to release a million tons of treated Fukushima wastewater, sparking debate over the environmental and health implications of diluting radioactive elements in the ocean.
?? Cyber News
Amid escalating tensions over Taiwan, Cybersecurity and Infrastructure Security Agency Director Jen Easterly issued a stark caution that the Chinese government could unleash destructive cyberattacks on vital American infrastructure, including pipelines and railroads, if the US were to intervene in a potential Taiwan invasion. Speaking at the DEFCON security conference alongside Transportation Security Administration administrator David Pekoske, Easterly emphasized the gravity of the threat posed by China, corroborating concerns raised by White House officials. Easterly's warning underscores the pressing need for bolstered cybersecurity measures and collective preparedness to withstand potential disruptions in critical sectors of the US infrastructure.
In response to a recent SEC cyberattack reporting rule, concerns are growing over potential insurance risks for corporate officers. The rule outlines directors' responsibilities in cybersecurity governance, potentially leading to enforcement actions. This development may lead to changes in insurance policies, with the possibility of cyber exclusions and more restrictive terms, as companies face increased scrutiny over their cybersecurity practices and potential legal liabilities.
In a sweeping anti-scam operation led by the Commercial Affairs Department and the Police Intelligence Department, nine men aged 18 to 43, and a 16-year-old youth, have been apprehended for their suspected roles in a series of banking-related malware scams. An additional three men and three women, aged 17 to 60, are assisting in the ongoing investigation. These scams involved compromising Android mobile devices through malware, resulting in unauthorized transactions from victims' bank accounts without revealing their sensitive credentials. The suspects manipulated victims through social media advertisements for various services, urging them to download malicious APK files, enabling the installation of malware. This allowed scammers to gain control over victims' phones, siphoning banking credentials and orchestrating unauthorized transactions, while covering their tracks by deleting notifications.?
In a recent revelation at the Black Hat cybersecurity conference, federal officials from the FBI and U.S. Justice Department disclosed that the majority of distributed denial-of-service (DDoS) attacks are actually linked to disputes within the gaming and business realms. While previous focus has been on state-affiliated groups, these investigations highlighted petty conflicts among individuals, businesses seeking an edge, and gaming competition as the primary drivers. A deeper look into this world of DDoS attacks unveils the motivations behind this cyber threat landscape, uncovering surprising dynamics and motives that influence this form of digital disruption.
In a move to expose what they call a covert US global reconnaissance system, Chinese authorities have announced their intention to publicly reveal sensitive intelligence operations. This announcement follows an investigation into alleged hacking incidents targeting earthquake monitoring equipment. Amid increasing tensions, China has sought to shed light on US intelligence-gathering efforts, raising questions about international law and espionage practices. The disclosure, prompted by a joint inquiry, has ignited debates over the legality and implications of such activities on a global scale.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: