Cyber Briefing - 2023.09.14
?? What's going on in the cyber world today?
3AM Ransomware, Teams, Phishing, 微软 , Kubernetes Clusters, Azure Vulnerabilities, CoinEx Global , Rollbar, Tokens, CrelioHealth, Healthcare, Russia, Journalists, Pegasus, Spyware, Malware, Deepfake, European Union , AI, Europol , Ransomware, 亚马逊 , CertifID .
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
The cybersecurity landscape faces a new challenge with the emergence of 3AM ransomware. This malicious software, coded in Rust, represents a unique malware family. It stands out for its strategy of disabling services, encrypting files, and targeting Volume Shadow copies, making data retrieval difficult. Although its creators and origins remain mysterious, the fact that a LockBit affiliate used it as an alternative payload highlights its potential as a significant threat.
A recent alert from Microsoft's Threat Intelligence team highlights a phishing campaign, dubbed Storm-0324, that poses a significant threat to corporations. This campaign, also known as TA543 and Sagrid, employs Microsoft Teams messages as lures to gain unauthorized access to corporate networks. What sets Storm-0324 apart is its shift away from email-based infection methods, utilizing open-source tools and malicious links within Teams chats to distribute a variety of payloads, including ransomware and trojans.
Researchers have issued a warning to all Kubernetes users, urging them to promptly update their clusters due to three critical command injection vulnerabilities that could allow attackers to remotely execute code. One of these vulnerabilities, identified as CVE-2023-3676, is especially concerning as it can be exploited by individuals with "apply" privileges to interact with a Kubernetes API. The vulnerabilities, discovered by security researchers at Akamai, were patched in Kubernetes version 1.28.1, released on August 23, offering a crucial defense against potential attacks on Kubernetes clusters.
Researchers have revealed new details about a series of cross-site scripting vulnerabilities in Microsoft's Azure HDInsight open-source analytics service, which have since been patched. These vulnerabilities included six stored XSS and two reflected XSS flaws that could have been exploited for unauthorized actions, including data access, session hijacking, and delivering malicious payloads, according to Orca security researcher Lidor Ben Shitrit. Microsoft addressed these issues in its August 2023 Patch Tuesday updates.
Microsoft has tackled a total of 59 vulnerabilities across its product range, including two actively exploited zero-day flaws. Among these, five are classified as Critical, 55 as Important, and one as Moderate. Of particular concern are CVE-2023-36761 and CVE-2023-36802, both actively exploited, with the former potentially exposing NTLM hashes and the latter capable of elevating an attacker's privileges to SYSTEM.
?? Cyber Incidents
Hackers targeted the global cryptocurrency exchange, COinEx, on September 12, breaching its hot wallets and absconding with substantial digital assets used to support the platform's operations. Preliminary findings indicate that the unauthorized transactions involved Ethereum, Tron, and Polygon cryptocurrencies. Blockchain security firm PeckShield estimates the losses at approximately $43 million, with a more recent estimation from CertiK Alert raising the figure to $53 million.
Rollbar, a software bug-tracking company, has revealed a recent data breach that occurred in early August, with attackers gaining unauthorized access to customer access tokens. The breach was detected on September 6, following a review of data warehouse logs, which showed that a service account had been used to log into the bug monitoring platform. During their three-day access window, threat actors accessed sensitive customer data, including usernames, email addresses, and project information, along with customer project access tokens, which have been expired or set to expire to mitigate the impact.
Sensitive data of over 28 million individuals was exposed due to an open instance of CrelioHealth, a cloud-based laboratory information management system. This breach included data from the National Reference Laboratory in the United Arab Emirates, potentially affecting 50,000 to 100,000 people. The exposed information contained personal identifiable data such as passport numbers, names, genders, and more. While CrelioHealth claimed immediate action to address the leak.
领英推荐
A Russian journalist and critic of the Kremlin, Galina Timchenko, had her iPhone infected with Pegasus spyware while in Berlin for a conference with other Russian independent journalists in exile. This marks the first documented case of a Pegasus infection targeting a Russian citizen, raising concerns about the reach of this notorious spying software. The attack occurred in February, shortly after the Russian government banned Timchenko's media outlet, Meduza, for its critical coverage, highlighting the ongoing threats faced by independent journalists.
Cybercriminals have allegedly used bots to breach customer accounts at multiple major automakers, stealing data related to thousands of vehicles and offering it for sale on private Telegram channels, according to a report by cybersecurity firm Kasada. The hackers reportedly employed automated account takeover (ATO) techniques to access personal and vehicle information, including car make, model, user details, addresses, and vehicle identification numbers (VINs).
?? Cyber News
US government agencies, including CISA, FBI, and NSA, have jointly released a comprehensive cybersecurity report addressing the emerging threat of deepfakes. This report outlines the risks posed by deepfakes to organizations, including government, national security, defense, and critical infrastructure entities. It highlights real-world examples of deepfake attacks and provides recommendations for detecting and mitigating deepfake threats, emphasizing the importance of technology, data protection, and personnel training to safeguard against this evolving form of cyber deception.
European Commission President Ursula von der Leyen revealed plans to provide AI startups access to supercomputers within the European Union. Europe is home to three of the world's most powerful supercomputers, making it a hub for AI innovation. With the rapid advancement of artificial intelligence, von der Leyen emphasized the need for a global framework on AI to promote responsible innovation, especially as Europe prepares to host two exascale computers accessible to researchers and industry by 2025.
Europol's latest threat report highlights that Russia's war against Ukraine has reshaped the cybersecurity landscape in Europe, with a notable surge in distributed denial-of-service attacks targeting EU entities. Despite these geopolitical developments, malware-based cyberattacks, especially ransomware, continue to pose the most significant threat to the industry. The report underscores the growing prevalence of ransomware affiliate programs and multi-layered extortion tactics, with indications that data theft may become a central concern for cybercriminals, driven by compromised credentials, vulnerabilities exploitation, and phishing attacks.
Amazon has instituted new rules on its Kindle Direct Publishing (KDP) platform, requiring authors to disclose the use of AI-generated content in their books. The announcement comes in response to complaints about AI-produced works being sold under human authors' names. While this move has been welcomed by organizations like the Authors Guild, concerns remain about the potential flooding of the platform with AI-generated books and the displacement of human authors.
CertifID, a startup dedicated to preventing wire fraud in the real estate market, has announced a successful funding round that raised $20 million, led by Arthur Ventures at a valuation "over double" its previous worth. The company, founded by Thomas Cronkright, responds to the increasing threat of wire fraud in real estate transactions. By offering a range of tools and protections, including transaction handling, insurance, and identity verification, CertifID aims to safeguard homebuyers, sellers, and real estate businesses from cybercrime.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Cybersecurity Analyst ????| Purple Guy ??
1 年I think 3Am Ransomware will going to disturb people's sleep for sometime ??
CEO @ JunkDoctors | ZeroBot
1 年Wow, this is a lot to take in! It looks like we have a number of cyber threats and news emerging today - thanks for sharing!