Cyber Briefing - 2023.09.06
??? What's trending in cybersecurity today?
Chaes Malware, Phyton, 华硕 Routers Vulnerabilities, W3LL, Phishing Tool Kit, SEL, CISA ICSs,? Zaun, LockBit Ransomware, UK Military, Stake.com, Crypto, Pizza Hut , Australia, Simplicia Inc. , AIS Thailand, MITRE , OT Networks, Tracking Tools, Healthcare, HHS, FTC, IronNet.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
A reworked variant of the Chaes malware has emerged, now entirely written in Python and posing a significant threat to the banking and logistics sectors. This updated Chaes variant has undergone substantial improvements, including a more robust communication protocol and broader services for credential theft and clipper functionalities. Despite these changes, the malware's delivery method remains consistent, targeting potential victims through compromised websites and deploying malicious modules responsible for data theft and system compromise.
Three critical-severity remote code execution vulnerabilities have been discovered in ASUS RT-AX55, RT-AX56U-V2, and RT-AC86U routers, posing a significant threat to users who haven't applied the necessary security updates. These routers, popular among gamers and users with high-performance needs, are susceptible to remote code execution, service interruptions, and arbitrary operations due to format string vulnerabilities. Attackers can exploit these flaws by targeting certain administrative API functions on the devices.
In recent weeks, Phylum has been actively tracking and reporting on various malware campaigns infiltrating open-source ecosystems. These campaigns involve the distribution of malicious packages across Python, JavaScript, and Ruby ecosystems. The malware, once installed, collects data from macOS machines and communicates with a remote server controlled by the attacker. While the ultimate objective of this campaign remains uncertain, Phylum has proactively reported these packages to the respective ecosystems for removal, highlighting the pervasive threat of malware within open-source registries.
Cybersecurity experts have exposed the malicious activities of threat actor WELL, who developed a sophisticated phishing kit capable of bypassing multi-factor authentication. WELL's arsenal of custom phishing tools has been used to compromise over 8,000 Microsoft 365 corporate accounts, with an estimated 56,000 accounts targeted in BEC attacks facilitated by a community of at least 500 cybercriminals. WELL's tools cover the entire spectrum of a BEC operation, making them accessible even to cybercriminals with limited technical expertise.
The Cybersecurity and Infrastructure Security Agency (CISA) has released two crucial Industrial Control Systems (ICS) advisories on September 5, 2023. These advisories are designed to keep users and administrators informed about the latest security issues, vulnerabilities, and exploits related to ICS. Specifically, they cover the Fujitsu Limited Real-time Video Transmission Gear IP series and Softneta MedDream PACS Premium. To ensure the safety and security of ICS, CISA strongly encourages everyone to review these advisories for technical details and recommended mitigations.
Industrial cybersecurity firm Nozomi Networks recently identified and reported nine vulnerabilities, including four rated as "high severity," in Schweitzer Engineering Laboratories' (SEL) electric power management products. The most critical vulnerability, CVE-2023-31171, allows arbitrary code execution by importing a specially crafted file, potentially leading to privilege escalation via CVE-2023-31175. These vulnerabilities pose risks of data theft, surveillance, device manipulation, and lateral movement within a victim's network, either through malicious insiders or external actors employing social engineering tactics.
?? Cyber Incidents
British mesh fencing systems manufacturer Zaun disclosed a LockBit ransomware attack that occurred in early August. While the attack didn't result in data encryption, the LockBit group managed to exfiltrate some data from Zaun's network. Although the compromised information includes historic emails, orders, drawings, and project files, Zaun believes no classified documents were stored or compromised. Nonetheless, the ransomware group has made the stolen data public on the internet, potentially impacting UK military, intelligence, and research bases.
领英推荐
Stake.com, a prominent player in the iGaming and crypto betting industry, recently fell victim to a cyberattack that resulted in staggering losses of approximately $41 million in cryptocurrencies. The unauthorized transactions came to light when Stake.com posted an announcement on X, formerly known as Twitter. These transactions originated from the company's ETH/BSC hot wallets, prompting a swift response from Stake.com.
Pizza Hut Australia is grappling with a significant data breach as reports suggest that over a million customers may be affected. ShinyHunters, a hacker group, claims to have accessed 30 million order records through Amazon Web Services (AWS) and obtained information on Pizza Hut Australia customers, including names, email addresses, passwords, home addresses, mobile numbers, and credit card numbers. While sensitive data like credit card numbers and passwords were encrypted, other details were stored in plain text. The hackers are demanding $300,000 to delete the data, raising concerns about potential leaks if the ransom isn't paid.
Data from Simplicia's French website has emerged on a dark web hacker forum, where a user boasts possession of information from over 152,000 employees as part of the Simplicia cyber attack. While the responsible party for the attack remains unclear, the user declared that they held data stolen from a security incident the company faced recently. Simplicia, an IT solutions provider founded in September 2018, offers services to clients aimed at streamlining data processes.
The Desorden hacker group executed a data breach on AIS Thailand, the country's largest telecommunications service provider. They successfully exfiltrated 198GB of sensitive client data, including voice recordings, call records, and client information from prominent companies like DHL and Unilever. This breach follows Desorden's track record of cyberattacks on various organizations, including Acer and Centara Hotels & Resorts in Thailand, highlighting the importance of robust cybersecurity measures in today's digital landscape.
?? Cyber News
The Cybersecurity and Infrastructure Security Agency has joined forces with nonprofit organization MITRE to create a specialized cyberattack emulation platform for operational technology networks. This project extends the capabilities of MITRE Caldera, an open-source tool designed to streamline cybersecurity testing. Caldera for OT aims to empower cybersecurity teams to better defend critical infrastructure by providing them with effective and easy-to-use capabilities within the unique constraints of OT systems.
The UK's Electoral Commission has experienced a critical cybersecurity lapse, coinciding with a data breach affecting 40 million voters. During a Cyber Essentials audit, the Commission received an automatic failure, highlighting deficiencies such as outdated software on staff laptops and the use of unsupported iPhones. This breach has raised concerns about the Commission's cybersecurity preparedness, given the government's requirement for Cyber Essentials certification among data-handling suppliers.
In a significant move, the Federal Trade Commission and the Department of Health and Human Services have disclosed the names of 130 hospitals and telehealth companies that were warned about potential violations of federal data privacy and security regulations due to their use of online tracking tools. These tools, including the Meta/Facebook pixel and Google Analytics, were found to pose risks to patient privacy by potentially disclosing sensitive health information to third parties. Notable recipients of the warning letters include healthcare organizations like Johns Hopkins Hospital and New York-Presbyterian Hospital, as well as telehealth providers like Apostrophe and Hone Health.
IronNet, a cybersecurity company based in the Washington, D.C. area, is confronting a dire financial situation, prompting the furlough of nearly all its employees and a substantial reduction in business operations. This decision comes less than two months after a deal with C5 Capital to privatize the company. IronNet's financial troubles stem from its inability to meet debt and obligation commitments, which may result in a default event under its borrowing terms.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Co-Founder & Executive at ANNRAJ Agro Foods | Enthusiast in Brand Building ??
1 年thank you
Director of Content Marketing at Freshpaint
1 年That FTC-HHS joint warning is a bigger deal than most are admitting. It's essentially an ultimatum to all healthcare orgs about using third-party trackers on their websites. We broke it all down here: https://www.freshpaint.io/blog/ftc-hhs-privacy-warning