Cyber Briefing - 2023.08.16
?? What's trending in cybersecurity today?
LinkedIn Under Attack, Cloudflare, Ivanti Avalanche, Gigabud RAT, Android Malware, npm Packages, Raccoon Stealer Malware, Rapattoni, Norfolk and Suffolk Police, Quantum Cybersecurity, LockBit, Zoom, AI Privacy.
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
LinkedIn is facing a surge in targeted account breaches, with users encountering locked accounts or falling victim to takeovers by malicious actors. As reported by Cyberint, impacted users have found it difficult to resolve these issues through LinkedIn support, even resorting to paying ransoms for account control or facing account deletion. Cyberint's research also highlights a significant spike in Google Trends searches related to LinkedIn account hacks and recovery, suggesting a growing concern among users over compromised security. It's crucial for LinkedIn users to bolster their security measures, including enabling two-factor authentication and implementing strong, unique passwords in response to this escalating threat.
Cybercriminals have surged in their exploitation of Cloudflare R2 for hosting phishing pages, marking a 61-fold increase over the past six months. Netskope security researcher Jan Michael revealed that the phishing campaigns primarily target Microsoft login credentials, with some also focusing on Adobe, Dropbox, and other cloud applications. These threat actors have not only been distributing static phishing pages through Cloudflare R2, but they've also cleverly deployed the company's Turnstile CAPTCHA replacement to elude anti-bot measures, ultimately hindering detection efforts.
Ivanti Avalanche, a crucial enterprise mobile device management tool relied upon by over 30,000 organizations, has been hit by a wave of concerning security vulnerabilities. Designated as CVE-2023-32560 with a menacing CVSS score of 9.8, these stack-based buffer overflows in Ivanti Avalanche's WLAvanacheServer.exe v6.4.0.0 pose a grave threat. Cybersecurity firm Tenable discovered that attackers could exploit these weaknesses by manipulating specific data, potentially granting unauthorized access, code execution, or system crashes. As Ivanti rushes to action with their 6.4.1 update, users must act swiftly to safeguard against the mounting risks this breach presents.
Gigabud RAT Android banking malware has sparked concern as it targets account holders in various financial institutions across Thailand, Indonesia, Vietnam, the Philippines, and Peru. What sets Gigabud RAT apart is its unique approach, requiring user authorization into the malicious application by fraudsters before executing malicious actions, making it harder to detect. Group-IB researchers Pavel Naumov and Artem Grischenko noted that the malware employs screen recording instead of HTML overlay attacks to gather sensitive data. Alongside the main Gigabud RAT, a variant named Gigabud.Loan masquerades as a loan application, enticing victims to provide personal data, and both malware versions are propagated through phishing websites and messaging platforms.
The npm package registry has fallen victim to another focused attack strategy, aiming to deceive developers into downloading harmful modules. Software supply chain security company Phylum revealed that this activity bears resemblances to a prior attack wave, potentially linked to North Korean threat actors. Several suspicious packages were uploaded to npm between August 9 and 12, 2023, indicating a calculated and possibly socially engineered attack. The assailants have exploited the package.json file, employing a multi-step attack chain that initiates encrypted communication, potentially putting compromised hosts at risk. This incident highlights the ongoing challenges in safeguarding software supply chains and underscores the need for heightened security measures against such targeted attacks.
The notorious Raccoon Stealer information-stealing malware has made a comeback after a 6-month hiatus, introducing a revamped 2.3.0 version to the cybercriminal underworld. With a history dating back to 2019, Raccoon Stealer has been a popular choice among threat actors, known for its capability to steal data from over 60 applications, including sensitive information like login credentials, credit card details, and cryptocurrency wallet accounts. Despite facing setbacks, including the arrest of its primary author and the takedown of its infrastructure, Raccoon Stealer's developers are back with a renewed focus, catering to evolving cybercrime trends.
Representative Don Bacon, a Republican from Nebraska, a House Armed Services Committee member, revealed that his personal and campaign emails were compromised by suspected Chinese hackers between May 15th and June 16th. These cyberattacks exploited a vulnerability in Microsoft software and extended beyond the previously reported breaches of U.S. State and Commerce department inboxes. Highlighting the ongoing threat of cyber espionage from China, Rep. Bacon pledged to advocate for increased support to Taiwan's defense against such activities, shedding light on the broader cybersecurity concerns facing the United States.
Massachusetts health officials have issued a warning to over 134,000 individuals enrolled in specific state programs, revealing their personal information was compromised in a third-party data breach involving the file-transfer software "MOVEit." The breach, which affected a subset of participants in programs like MassHealth and Family Resource Centers, exposed a range of sensitive data, including names, dates of birth, protected health information, Social Security numbers, and financial account details. While various entities have been impacted, UMass Chan Medical School and state systems remain uncompromised. Impacted individuals are being notified through multiple channels and are urged to take protective measures such as monitoring financial statements and utilizing provided credit monitoring services.
领英推荐
Norfolk and Suffolk police forces in England have acknowledged mishandling sensitive data pertaining to victims, witnesses, and suspects involved in various criminal cases, including domestic abuse, sexual offenses, assaults, thefts, and hate crimes. Information about 1,230 individuals was inadvertently included in freedom of information responses, leading to formal investigations by the Information Commissioner’s Office and the possibility of fines. Although there is no evidence of external access to the files, this breach adds to recent data mismanagement concerns within law enforcement agencies, emphasizing the need for robust data protection measures.
A significant disruption in property listings across the United States has emerged due to a ransomware attack, impacting the ability of real estate agents to list or update property information. The attack targeted California-based data services provider Rapattoni, which hosts multiple listing services critical to the real estate industry. While the extent of the impact is still being assessed, the attack has forced real estate agents and listing platforms like Zillow to resort to manual data entry methods. Regional MLS providers are grappling with the challenge, with some adopting alternative data-sharing measures to mitigate the fallout.
In one of the largest school districts in the United States, Prince George's County Public Schools, a significant cyberattack was detected, disrupting services and raising concerns as the new school year approaches. The district, serving over 130,000 students, faced a network outage affecting email and other services, with around 4,500 accounts reportedly impacted. While the full scope of the incident is still being assessed, critical systems appear unaffected, and the district is working with a cybersecurity firm to investigate the breach, while urging users to reset their passwords as a precautionary measure.
?? Cyber News
A groundbreaking leap in cybersecurity has arrived with the launch of the inaugural quantum-resilient FIDO2 security key implementation within the OpenSK open source security key firmware. Fueled by an innovative ECC/Dilithium hybrid signature schema co-developed with ETH Zürich, this quantum-resistant advancement offers dual-layered defense against both conventional and quantum threats. As the race towards practical quantum computing escalates, this strategic move to secure cryptographic foundations demonstrates a forward-looking commitment to safeguarding user credentials in an ever-evolving digital landscape.
In this installment of the Ransomware Diaries, the author reveals previously undisclosed intricacies of the LockBit ransomware operation, which the group has strived to conceal. Through direct engagement with the gang, its affiliate partners, and victims, the curtain is lifted on the behind-the-scenes dealings during ransom negotiations and interactions with rival gangs. The volume also unveils a significant occurrence: LockBit's leadership inexplicably disappeared in August 2023, only to resurface without explanation, raising questions that the author endeavors to address.
The recently published BlackBerry Global Threat Intelligence Report has unveiled a startling 40% surge in cyberattacks targeting government and public service entities compared to the previous quarter. Public transit, utilities, schools, and other crucial services have fallen victim to this onslaught. As under-resourced public organizations grapple with mounting threats from both state-sponsored actors and cybercriminals, the report underscores the urgent need for robust cyber defense strategies. Highlighting a 13% rise in novel malware samples, the report exposes the evolving tactics of attackers aiming to bypass defenses. It also sheds light on the targeted healthcare and financial sectors, providing insights into the challenges they face, and examines country-specific cyberattacks by state-sponsored groups. In a bid to empower cybersecurity efforts, the report offers practical countermeasures and detection techniques, ultimately enhancing the global understanding of modern cyber threats.
Zoom has once again revised its terms of service (TOS) to explicitly state that it will not use customer communication data, including audio, video, chat, and more, to train its artificial intelligence models. The company's move comes after initial changes to the TOS, which had raised alarms about data usage. The situation underscores the challenges technology companies face as they navigate the development of AI tools while respecting user privacy and compliance with regulations like the EU's General Data Protection Regulation (GDPR).
Subscribe and Comment.
Copyright ? 2023 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: