Cyber Briefing - 2023.09.12

?? What's the latest in the cyber world today?

谷歌 Update, Zero-Day Vulnerability, MetaStealer, Malware, macOS, Charming Kitten, Backdoor, Brazil, Israel, United Arab Emirates, Facebook, Phishing, MGM Resorts International , AP Stylebook, Rhysida Ransomware, India, Indonesia, Quantum, DHS, Ransomware Surge.

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

?? Cyber Alerts

1. Google Issues Emergency Chrome Update

Google has taken rapid action to rectify a newly discovered Chrome zero-day vulnerability that has been exploited in real-world attacks. This marks the fourth zero-day vulnerability in Chrome that has come to light this year. While Google has acknowledged the existence of an exploit, specific details about the attacks are not yet available. As a precautionary measure, users are strongly advised to update their Chrome browsers to the latest versions to safeguard against potential arbitrary code execution that could result from this critical vulnerability.

2. MetaStealer Targets macOS Business Data

A new information-stealing malware, MetaStealer, is now focusing its efforts on Apple macOS, joining a growing list of malicious families targeting the operating system. SentinelOne researcher Phil Stokes has revealed that threat actors are actively going after macOS-based businesses by posing as fake clients to deceive victims into executing malicious payloads. These attacks involve MetaStealer being distributed as rogue application bundles in disk image format, often sent through password-protected ZIP archives shared with potential victims. This shift towards targeting business users marks a significant departure from the typical distribution methods of macOS malware, which are often found on torrent sites or distributed as cracked versions of popular software.

3. Charming Kitten's Sponsor Backdoor Attacks

Iranian threat actor Charming Kitten has resurfaced with a newly discovered backdoor named 'Sponsor,' launching a series of attacks on various entities across Brazil, Israel, and the United Arab Emirates. The attacks, tracked by Slovak cybersecurity firm ESET under the name 'Ballistic Bobcat,' primarily focus on education, government, healthcare, human rights activists, and journalists. So far, at least 34 victims have been identified, with the backdoor's deployment dating back to September 2021.

4. Massive Facebook Messenger Phishing Campaign

A vast Facebook Messenger phishing campaign is taking aim at 100,000 business accounts each week. Cybercriminals employ a network of fake and compromised Facebook profiles to distribute millions of phishing messages via Messenger, luring victims into downloading RAR/ZIP archives with password-stealing malware. These attacks have resulted in significant financial losses, with approximately one in seventy targeted accounts being compromised.

5. CISA Addresses Key Cyber Threats

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog with two critical vulnerabilities affecting Apple iOS, iPadOS, macOS, and watchOS. These vulnerabilities pose significant risks and are frequently targeted by cybercriminals. While initially aimed at federal agencies, CISA strongly encourages all organizations to address these vulnerabilities promptly to enhance their cybersecurity posture.

6. Cybercriminals Exploit NTLMv2 Hashes

Cybercriminals have launched a sophisticated campaign known as "Steal-It," using a customized version of a legitimate PowerShell script to steal NTLMv2 hashes from compromised Windows systems in Australia, Poland, and Belgium. These attackers employ various infection chains, including phishing emails, CMD file downloads, and more, to infiltrate specific targets. The campaign's technical expertise and tactics suggest a high level of dedication and potential state-sponsored involvement, echoing the tactics of threat actors like APT28.

?? Cyber Incidents

7. MGM Resorts Faces Major Cybersecurity Issue

MGM Resorts International encountered a significant "cybersecurity issue" that potentially impacted its various hospitality, gaming, and entertainment establishments throughout the United States. While the exact scope of the problem remained unclear, some of the company's websites experienced downtime, prompting MGM to encourage customers to make reservations and bookings via phone. Despite the ongoing issue, the company assured that its casino gaming floors were operational, and it was actively working to resolve the situation. Law enforcement, including the FBI and the Nevada Gaming Control Board, had been notified, and internal investigations were underway with external cybersecurity experts.

8. Sri Lanka's Government Data Loss

A recent ransomware attack on Sri Lanka's government email network has resulted in the loss of months' worth of data from thousands of email accounts, including those of top government officials. The attack, which began in August, impacted nearly 5,000 email addresses using the gov.lk domain, affecting the central government's council of ministers. Although the Lanka Government Cloud system was restored within 12 hours, data from May 17 to August 26 was unrecoverable.

9. Associated Press Alert on Stylebook Breach

The Associated Press has issued a warning about a data breach affecting its AP Stylebook customers, which subsequently led to targeted phishing attacks. The breach occurred on an old, inactive third-party-managed AP Stylebook site between July 16 and July 22, 2023, compromising data from 224 customers. Stolen information includes names, email addresses, addresses, phone numbers, and even tax-exempt IDs, such as Social Security Numbers or Employer Identification Numbers.

10. Ransomware Hits More US Hospitals

The Rhysida Ransomware group has expanded its list of victims by targeting three additional US hospitals. These attacks follow their recent breach of Prospect Medical Holdings, which disrupted healthcare operations across multiple states. The impacted hospitals, operated by Singing River Health System, experienced IT system outages, affecting critical services like laboratory and radiology testing. These incidents emphasize the growing threat of ransomware attacks on the healthcare sector, with smaller regional providers also being vulnerable, as demonstrated by St. Margaret’s Health earlier this year.

11. PathLegal Data Breach Amid Hacktivist Clash

PathLegal, a prominent online legal service provider in India, has become the latest victim of a devastating data breach. The alleged cyber attack, orchestrated by the group Hacktivist Indonesia as part of their "OpIndia" campaign, resulted in the exposure of sensitive information belonging to 127,000 legal professionals and students. While the attack remains unconfirmed, it has raised concerns about cybersecurity in both countries.

?? Cyber News

12. Improved Quantum Encryption Technology

Researchers at Link?ping University have developed a novel random number generator for encryption that could lead to safer, cost-effective, and environmentally friendly digital data protection. This technology is built upon quantum phenomena, known as Quantum Random Number Generators, which provide a high degree of randomness and security. The Link?ping researchers' QRNG uses light-emitting diodes made from perovskite material, offering the potential for affordability and reduced environmental impact. The development could have applications in quantum communication, cybersecurity, and more, with possible availability within five years.

13. DHS Use of Fake Social Media Accounts

A comprehensive investigation by the Brennan Center for Justice reveals that the Department of Homeland Security routinely employs fake social media accounts for information gathering, often without adequate oversight. BCJ's years-long inquiry, initiated under the Freedom of Information Act in 2018, exposed the practice and the use of at least 14 "social media operational use templates'' to obscure the DHS affiliation of officers.

14. Surge in Ransomware Attacks on Schools

Ransomware attacks on schools have surged in September 2023, with at least 27 schools and districts falling victim to these malicious attacks. Recorded Future's data reveals a significant increase from the previous month, affecting over 400 schools, causing class cancellations, and network outages. The situation has become so concerning that the White House hosted a K-12 cybersecurity summit, emphasizing the need to treat cyberattacks on schools with the same seriousness as physical attacks on critical infrastructure, leading to increased cybersecurity funding for educational institutions.

15. UK's Holistic Approach to Ransomware

In a joint report, the UK's National Cyber Security Centre (NCSC) and National Crime Agency (NCA) highlight the increasing professionalization of the ransomware ecosystem. They argue that focusing solely on individual ransomware variants is akin to treating symptoms rather than addressing the underlying issue. The report examines the entire cybercriminal system, from initial access vectors to monetizing ransomware attacks, emphasizing the need to understand the wider ecosystem to effectively combat the threat.

Subscribe and Comment.

Copyright ? 2023 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.