Cyber Briefing - 2023.08.28
?? What's happening in cybersecurity today?
MSI BSOD, Windows, China, Flax Typhoon, Taiwan, Data Scraping, 微软 Power Platform, 罗克韦尔自动化 , Kroll , FTX , BlockFi , Poland, Leaseweb , WebDetetive, Spyware, London’s Metropolitan Police, Spain, Ai, Sextortion, Vulnerability Disclosure Policies, Israel, Cypago .
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
An enigma surrounding a recent influx of Windows blue screens of death has been unraveled, with MSI acknowledging the link between its motherboard models and the encountered issues. After users reported encountering a 'UNSUPPORTED_PROCESSOR' error message with MSI's 600/700 series motherboards following the installation of Windows 11 update KB5029351 Preview, MSI and Microsoft are collaborating to investigate the root cause of the issue. The Taiwanese PC vendor has issued a caution against installing the August 2023 preview updates on Windows systems and advises those affected to revert their BIOS to a prior version while uninstalling the optional Windows updates.
A compelling revelation uncovers the machinations of Flax Typhoon, a nation-state cyber activity group traced back to China, that has executed a series of targeted cyber attacks on numerous Taiwanese organizations, prompting suspicions of a broad espionage endeavor. The Microsoft Threat Intelligence team, vigilant against these activities, attributes these maneuvers to Flax Typhoon, also recognized as Ethereal Panda. Employing a unique strategy, the group avoids conspicuous malware usage and instead infiltrates and sustains access within Taiwanese networks by leveraging native operating system tools and seemingly harmless software applications.
In a united front against the growing threat of data scraping, the Information Commissioner's Office (ICO) of the UK, in collaboration with eleven global data protection and privacy authorities, has issued a resounding call to social media platforms to fortify their defenses against the malicious practice. Data scraping, the automated extraction of vast amounts of publicly available information from websites, is raising alarm due to its potential for enabling targeted attacks and identity fraud, particularly when combined with private data from other sources. This joint statement underscores the legal responsibility of social media companies to implement stringent anti-scraping measures and highlights a comprehensive framework of protective actions.
Security experts sound the alarm for Azure Active Directory users to stay vigilant against dormant reply URLs, following the revelation of a significant flaw within the Microsoft Power Platform. The vulnerability, uncovered by Secureworks, allowed attackers to exploit abandoned reply URLs in an Azure AD application tied to the Power Platform, thereby gaining unauthorized access. Although Microsoft swiftly addressed the issue by eliminating the problematic URL, cautionary measures are advised for administrators to monitor and prevent potential attacks utilizing similar methods.
A grave security concern has surfaced as cybersecurity researchers from Tenable reveal critical vulnerabilities in Rockwell Automation's ThinManager ThinServer, a vital thin client and RDP server management software. These vulnerabilities, namely CVE-2023-2914, CVE-2023-2915, and CVE-2023-2917, potentially pave the way for remote attackers to exploit improper input validation issues. Through specialized synchronization protocol messages, assailants could breach these flaws without prior authentication, ultimately gaining unauthorized control over servers and compromising human-machine interfaces (HMIs) that oversee industrial equipment. The vulnerabilities, acknowledged by Rockwell Automation, could result in multiple security ramifications, from denial-of-service attacks to the uploading and deletion of arbitrary files.
A significant breach at financial and risk advisory firm Kroll has led to the unauthorized exposure of personal data belonging to certain credit claimants, including those associated with insolvent companies FTX, BlockFi, and Genesis Global Holdco. Kroll has confirmed that an employee fell victim to a SIM-swapping attack, allowing hackers to gain access to files containing sensitive information of bankruptcy claimants. Although neither FTX's nor BlockFi's systems were directly breached, Kroll disclosed that a threat actor had targeted an employee's T-Mobile account, leading to unauthorized access to data related to BlockFi, FTX, and Genesis matters
Poland's railway infrastructure faces scrutiny as hackers execute a significant cyber attack that targeted the nation's train network. The breach, which occurred during the night, saw unauthorized access to railway frequencies, leading to disruptions in train services in the northwest region of Poland. Intriguingly, the hackers chose to broadcast Russia's national anthem and a speech by President Vladimir Putin during the attack, adding a layer of geopolitical complexity. As Poland holds strategic significance in the Russia-Ukraine conflict due to its role as a transit hub for Western weaponry to Ukraine, the cyberattack raises concerns about potential motives and implications.
Leaseweb, a prominent global cloud and hosting provider, has taken prompt action to restore essential systems after encountering a significant security breach. In response to detected unusual activity within certain segments of its cloud environment, Leaseweb swiftly disabled critical systems to mitigate potential risks. Through rigorous efforts, its teams are diligently working to reinstate affected systems, particularly the Customer Portal, which is anticipated to be operational within the next few hours. The company has also taken proactive measures by engaging the services of a reputable cybersecurity firm to conduct a thorough investigation and ensure the containment of the incident.
领英推荐
A Portuguese-language spyware known as WebDetetive has been exploited by hackers, compromising over 76,000 Android phones across South America, primarily in Brazil. This spyware breach allowed hackers to access user databases and compromise sensitive user data. The hackers behind the breach claimed to have deleted victim devices from the spyware network and exposed the stolen data, resulting in potential further compromise of victims' data. This incident highlights the risks posed by "stalkerware" apps and the urgent need for robust cybersecurity measures to protect users from such breaches.
The Metropolitan Police Service in London is under investigation after one of its suppliers experienced a cyberattack that may have compromised officers' personal details. The breach occurred at a company responsible for printing the force's warrant cards, which serve as official proof of identity and authority. While no addresses or phone numbers were exposed, officers' names, photographs, and ranks were potentially compromised, prompting concerns over potential misuse by organized crime or terrorists.
?? Cyber News
Spain is poised to make history by launching Europe's inaugural artificial intelligence regulatory agency. As the European trading bloc finalizes legislation to establish continent-wide AI regulations, Spain's Ministry of Finance and Civil Service seeks to create an AI framework that embodies inclusivity, sustainability, and citizen-centered principles. The newly established agency, operating within the Ministry of Economic Affairs and Digital Transformation, aims to foster AI innovation while mitigating societal risks.
Lawsuits targeting Prudential and Charles Schwab are demanding extended identity theft protection. Prudential is sued for not less than a decade of credit monitoring services due to the irreplaceable nature of stolen Social Security numbers, while Charles Schwab and TD Ameritrade are under fire for allegedly failing to maintain adequate security measures and timely notification following the breach. As the victim count approaches 1,000, the legal battles continue to expose the aftermath of the cyberattack.
ESET reveals a staggering 178% surge in sextortion emails during the first half of 2023, solidifying the category's status as a major email threat. Sextortion emails have ascended to the third position among all email threats, preying on victims' fears by claiming to possess compromising images or videos obtained via their webcams. Although these scams aim to exploit individuals' anxieties, understanding their fraudulent nature empowers recipients to dismiss them with confidence.
Congresswoman Nancy Mace introduces the Federal Cybersecurity Vulnerability Reduction Act, a bill that aims to mandate Vulnerability Disclosure Policies (VDP) for federal contractors. The proposed legislation aligns with NIST guidelines, requiring contractors to establish effective VDPs that encourage good faith security research and facilitate the reporting of vulnerabilities. With the backing of cybersecurity experts and industry players, the bill seeks to bolster the cybersecurity resilience of businesses supporting the federal government.
Israeli tech innovator, Cypago, has successfully raised $13 million in funding to support its groundbreaking governance, risk management, and compliance (GRC) automation platform. Entrée Capital, Axon Ventures, and Jump Capital spearheaded the funding round, along with contributions from various angel investors. Cypago's newly launched platform integrates advanced analysis, generative AI, and automation, aiming to revolutionize how organizations manage governance, risk, and compliance processes across diverse IT environments.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: