Cyber Briefing - 2023.09.20
?? What's trending in cybersecurity today?
Phishing Campaigns, China, Malware Surge, Metaverse, GitLab Vulnerabilities, ShroudedSnooper, Backdoor, Middle East, Telecom, Azerbaijan, International Criminal Court , 微软 , XBOX, Rebecca Yarros, Israel, Health Care, Eitanim Psychiatric Hospital, Russia, CrowdStrike , Bionic, a CrowdStrike Company , Ethiopia, HiddenLayer .
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
A new report from New York University's Stern Center for Business and Human Rights underscores the profound privacy risks that loom over users in the emerging metaverse. The report asserts that, without substantial improvements and regulatory measures governing the collection and storage of personal data, the immersive metaverse experience poses a severe threat to user privacy.
Chinese-speaking individuals have become the focus of numerous email phishing campaigns, with attackers aiming to distribute a range of malware, including Sainbox RAT, Purple Fox, and a new trojan named ValleyRAT. These campaigns involve Chinese-language lures and malware commonly associated with Chinese cybercrime activities, as reported by enterprise security firm Proofpoint. Since early 2023, these campaigns have been sending emails containing URLs leading to compressed executables for malware installation, sometimes using Microsoft Excel and PDF attachments to trigger malicious activity.?
GitLab has urgently released security updates to rectify a critical vulnerability (CVE-2023-4998) that could enable attackers to run pipelines as different users by exploiting scheduled security scan policies. The affected versions include GitLab Community Edition and Enterprise Edition, ranging from 13.12 to 16.3.4. This vulnerability, discovered by security researcher Johan Carlsson, poses significant risks, potentially allowing malicious actors to access sensitive data, compromise code, and trigger unauthorized events, emphasizing the importance of prompt updates to mitigate these threats.
Middle East telecom companies are facing a new and stealthy threat from an intrusion set known as ShroudedSnooper, which employs a sophisticated backdoor called HTTPSnoop. According to a report by Cisco Talos, HTTPSnoop is a deceptively simple yet highly effective backdoor that utilizes novel techniques to interface with Windows HTTP kernel drivers and devices. It listens for incoming requests for specific HTTP(S) URLs and executes their content on the infected endpoint.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding the addition of new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The catalog serves as a dynamic list of Common Vulnerabilities and Exposures (CVEs) that present significant risks to federal enterprises due to ongoing exploitation. The latest update includes the CVE-2023-28434 MinIO Security Feature Bypass Vulnerability, highlighting the critical need for remediation to safeguard federal networks against active threats.
A recent cybersecurity operation, dubbed "Operation Rusty Flag," has come to light, with its focus on deploying Rust-based malware on targeted systems in Azerbaijan. This campaign, which remains unattributed to any known threat actor or group, has garnered the attention of cybersecurity firm Deep Instinct. The operation employs multiple initial access vectors, including a modified document used by the Storm-0978 group, suggesting the possibility of a deliberate "false flag" operation.
?? Cyber Incidents
The International Criminal Court? has reported encountering "anomalous activity" affecting its IT systems, prompting a response to this cybersecurity incident. While the ICC has not disclosed specific details, its focus is on ensuring the continuity of its critical work, including investigations into war crimes in Ukraine. The incident comes after previous instances of international espionage targeting the court, underscoring the significance of cybersecurity in the ICC's operations, especially in the context of ongoing investigations and international relations.
Confidential Microsoft documents detailing a product roadmap for new gaming products and designs have been leaked. The documents reveal plans for an all-digital Xbox Series X console refresh, an upgraded controller with enhanced haptic feedback, and a lineup of new game releases expected in 2024. This significant leak, stemming from a legal dispute with the Federal Trade Commission, is the latest in a series of security incidents for Microsoft, raising concerns about the company's data protection measures.
领英推荐
Ticket sales for an eagerly awaited event featuring bestselling author Rebecca Yarros at Anderson’s Bookshop were temporarily halted due to a cyber attack on the store's ticketing partner. While tickets for the event are still available, all sales have been closed until further notice. Anderson’s Bookshop plans to provide updates on the situation, and any tickets purchased before the cyber attack will remain valid for the event.
A suspected cyberattack has disrupted operations at the Eitanim psychiatric hospital near Jerusalem, prompting staff to switch to manual protocols. Fortunately, medical treatments at the facility, part of the Kfar Shaul Mental Health Center, have remained unaffected. While the Health Ministry has transferred responsibility for the matter to the National Cyber Directorate, the extent of the damage and the identity of the attackers are yet to be disclosed.
?? Cyber News
Maxim Marchenko, a 51-year-old Russian man residing in Hong Kong, has been apprehended in the United States on charges of smuggling large quantities of American military-grade microelectronics to Russia. Alongside two unnamed Russian co-conspirators, Marchenko allegedly employed shell companies based in Hong Kong to hide the fraudulent acquisition of OLED micro-displays, which have applications in rifle scopes, night-vision goggles, thermal optics, and other weapon systems.
CrowdStrike, the Austin, Texas-based endpoint security giant, is set to acquire Silicon Valley application security startup Bionic for a reported $350 million in cash. Founded by Israel Defense Forces veterans, Bionic specializes in application security posture management, providing valuable insights into application behavior and vulnerability remediation for both server-based and serverless infrastructure within cloud computing environments.
Bot detection and response specialist Netacea, it has been revealed that the majority of malicious bot attacks causing billions in losses to large companies originate from Russia and China. These attacks have resulted in an average annualized cost of $85.6 million per company, dwarfing the average ransomware payment of $1.5 million. These bots are responsible for a significant portion, approximately 4.3%, of a company's online revenue, highlighting the severe financial impact of automated attacks.
Ethiopia's internet blackout in the Amhara region has persisted for over a month and a half, coinciding with a deteriorating human rights situation marked by reported atrocities committed by the Ethiopian military. The blackout began when a state of emergency was declared in response to a militia group's actions in the region.
Texas-based startup HiddenLayer has successfully secured a substantial $50 million in venture capital funding, with prominent investors such as Microsoft's M12, Moore Strategic Ventures, Booz Allen Ventures, IBM Ventures, Capital One Ventures, and Ten Eleven Ventures participating. HiddenLayer, recognized as the 'Most Innovative Startup' at the RSA Innovation Sandbox, is dedicated to enhancing AI security through its Machine Learning Security (MLSec) Platform.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Thanks for reposting!