Cyber Briefing - 2023.09.15
?? What are the latest cybersecurity alerts, incidents, and news?
Google Ads , Malware, ncurses Library, Linux , macOS, Facebook , NodeStealer Campaign, Akira Ransomware, Healthcare, N-able , RedLine, Vidar, UK Police, Caesars Entertainment , Australia, AT HOP, 霍尼韦尔 , MOVEit, Cloud, Credentials, US National Alert System, FDA , ICS Attacks, China’s? iPhone Ban.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
Threat actors are leveraging Google Ads tracking templates to trick users into clicking on convincing Webex software search ads, redirecting them to malicious websites that distribute the BatLoader malware. These malicious ads closely mimic the official Webex download portal, using authentic logos and displaying the legitimate URL, "webex.com." The attackers exploit a loophole in Google's tracking template system to redirect users while appearing to adhere to Google's policies.
A series of memory corruption vulnerabilities has been identified in the ncurses programming library, posing a potential threat to Linux and macOS systems. Microsoft Threat Intelligence researchers have uncovered these flaws, which could be exploited by threat actors to execute malicious code on vulnerable systems. By manipulating environment variables, attackers could potentially chain these vulnerabilities, enabling privilege escalation and unauthorized operations within targeted programs.
A persistent cyber campaign is aiming at Facebook Business accounts through deceptive messages to collect user credentials using a modified version of the Python-based NodeStealer, potentially leading to full account takeovers for further malicious activities. Netskope Threat Labs has reported that the attacks are primarily affecting victims in Southern Europe and North America, with manufacturing services and technology sectors being the primary targets. NodeStealer, initially discovered by Meta in May 2023, started as JavaScript malware capable of stealing cookies and passwords from web browsers, posing a threat to Facebook, Gmail, and Outlook accounts.
Federal authorities have issued a warning to the healthcare sector about the Akira ransomware group, which has been linked to multiple attacks on small and mid-sized entities across various industries. Akira conducts double-extortion attacks involving data theft and ransomware encryption, often exploiting weak points in virtual private networks lacking multifactor authentication. This group has also targeted finance, real estate, and manufacturing sectors, employing methods such as phishing emails, malicious websites, and Trojans.
A critical security flaw, identified as CVE-2023-27470 with a CVSS score of 8.8, has been disclosed in N-Able's Take Control Agent. This vulnerability, arising from a Time-of-Check to Time-of-Use (TOCTOU) race condition, could potentially allow a local unprivileged attacker to gain SYSTEM privileges on Windows systems. Exploiting this flaw could lead to the deletion of arbitrary files and even elevated code execution, making it a serious threat. N-Able has released a fix in version 7.0.43 to address this issue after responsible disclosure by Mandiant.
Cybercriminal groups behind the RedLine and Vidar infostealers have expanded their operations to include ransomware distribution. These threat actors are leveraging code-signing certificates to distribute initial payloads, allowing them to bypass email security measures. They have streamlined their techniques to serve multiple purposes, marking a concerning evolution in cyberattacks. Researchers have discovered 30 Extended Validation (EV) code-signed samples used in a single case, highlighting the attackers' sophisticated methods.
?? Cyber Incidents
In a significant security breach, hackers targeted one of the UK's largest law enforcement agencies, Greater Manchester Police, stealing personal details of thousands of officers and staff. The attack, described as targeting a third-party supplier, may have compromised badges containing names, ranks, photos, and serial numbers, with some photos even revealing geolocation data. While financial information is not believed to be included, the incident is being treated with utmost seriousness, and authorities, including the UK's Information Commissioner's Office and the National Cyber Security Center, are actively investigating the impact.
领英推荐
Caesars Entertainment has reportedly paid a hefty ransom of around $15 million, roughly half of the initial $30 million demand, to the same ransomware group that recently targeted MGM Resorts. While MGM Resorts hasn't confirmed payment, the ongoing IT disruptions suggest otherwise. Security experts are concerned that Caesars' payment sets a dangerous precedent, making the entire casino sector a more appealing target for cybercriminals.
Auckland's AT HOP smart card system faces major disruptions following a suspected ransomware attack. While investigations are ongoing, public transport services, including buses, trains, and ferries, remain operational. The incident primarily affected top-up services, but authorities believe no personal or financial data was accessed. It may take up to a week to fully restore affected services, but cash payments and ticket purchases are available, with Eftpos/credit card payments affected.
Honeywell International, a renowned US-based conglomerate, has disclosed that the recent MOVEit hack led to the exposure of Social Security numbers (SSNs) of more than 100,000 individuals. This breach, orchestrated by the Cl0p ransomware gang, unfolded amidst a series of MOVEit Transfer-related hacks. The implications of this breach are far-reaching, as impersonators can potentially misuse the stolen SSNs in conjunction with names and driver's license numbers for identity theft.
?? Cyber News
In a concerning trend, compromised account credentials have become the primary entry point for cloud intrusions, accounting for over 36% of such incidents, according to IBM Security X-Force's latest cloud threat landscape report. This marks a significant increase from 9% the previous year. The report highlights the urgent need for organizations to enhance their authentication methods and address improper credential hygiene to thwart cyberattacks effectively.
A panel advising the Cybersecurity and Infrastructure Security Agency has proposed the establishment of a National Cybersecurity Alert System in the United States. The panel, known as the Cybersecurity Advisory Committee, made this recommendation to provide actionable information on cybersecurity threats and risks. While the exact nature of the system remains undefined, the panel emphasizes the need for a comprehensive alert system to address the evolving landscape of cybersecurity threats.
The US Food and Drug Administration is set to intensify its focus on medical device cybersecurity, beginning in October. The FDA's six-month grace period for compliance with new cybersecurity regulations will end, and it will start rejecting medical devices that lack adequate cybersecurity controls and a post-market patching plan. Medical device manufacturers are now required to submit plans for monitoring and patching post-market cybersecurity vulnerabilities, have secure device design processes in place, and provide a software bill of materials to the FDA.
Kaspersky's latest ICS threat landscape report reveals a concerning trend: ICS computers in Western countries are experiencing an uptick in attacks, though the percentages are relatively small compared to other regions globally. Kaspersky blocked threats on 34% of ICS computers protected by its products during this period, marking the highest quarterly level since 2019. Western Europe, the US, Canada, Australia, New Zealand, and Northern Europe saw the largest increases in attack percentages, with Western Europe experiencing a notable rise from 14.2% to 18.8%.
China has clarified its stance on the reported ban on iPhones for government and state-run office workers, stating that there are no laws, regulations, or policies prohibiting the purchase and use of foreign brand phones like Apple. This clarification comes as competition in China's smartphone market intensifies between Apple and homegrown giant Huawei. The ban had raised concerns and led to a drop in Apple's shares, impacting its substantial sales in China.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: