Cyber Briefing - 2023.10.05
?? What's going on in the cyber world today?
SQL Cloud Breach, Android Trojan, 谷歌 , 苹果 Zero-Day, APT41, Weixin/WeChat Surveillance, 思科 , Atlassian , 索尼 , Cl0p, MPVEit, SiegedSec, NATO , Lyca Mobile , FLAGLER COUNTY PUBLIC SCHOOLS , Phishing, VPN Blocked, Russia, Ransomware Surge, Digital Safety, France.??
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
Microsoft has detected a concerning trend where hackers are targeting cloud environments through vulnerable Microsoft SQL Servers susceptible to SQL injection attacks. These attacks involve exploiting an SQL injection vulnerability within an application in the target environment, granting threat actors access to Azure Virtual Machine-hosted SQL Server instances with elevated permissions. This access allows them to execute SQL commands, retrieve sensitive data, and even gain control of the host's operating system.
A recently discovered Android banking trojan, named GoldDigger, is posing a significant threat by targeting over 50 Vietnamese banking, e-wallet, and crypto wallet applications. While initially detected in August 2023, there's evidence to suggest it has been active since June. This malicious software employs deceptive tactics, impersonating legitimate websites and abusing Android's accessibility services to steal personal information, banking credentials, intercept SMS messages, and facilitate remote device access. GoldDigger's advanced protection mechanism further complicates its detection and analysis, making it a formidable challenge for cybersecurity experts.
In response to an actively exploited zero-day vulnerability (CVE-2023-42824) in iOS and iPadOS, Apple has swiftly released security patches. This kernel vulnerability could potentially allow local attackers to elevate their privileges. Additionally, the update (iOS 17.0.3 and iPadOS 17.0.3) addresses another issue impacting the WebRTC component, marking Apple's commitment to tackling security concerns, having addressed a total of 17 actively exploited zero-days this year.
Security researchers have linked the surveillance toolkit LightSpy to the Chinese cyberespionage group APT41, also known as Wicked Panda. APT41 used spam messages to trick users into downloading a malicious WeChat application from third-party app stores. This state-sponsored hacking group has a history of using surveillance malware compatible with iOS and Android devices, with LightSpy capable of exfiltrating sensitive data like precise location, payment information, call recordings, and chat archives.
Cisco has addressed a security vulnerability in its Emergency Responder (CER) system, known as CVE-2023-20101, that allowed unauthenticated attackers to gain access to unpatched systems using hard-coded root credentials. The flaw could potentially enable attackers to execute arbitrary commands as the root user, posing a significant security risk. Cisco recommends promptly updating vulnerable installations as no temporary workarounds are available to mitigate this issue.
Atlassian, a leading business software maker, has urgently addressed a critical security flaw in its Confluence Data Center and Server products. The company confirmed that this vulnerability has already been exploited in the wild, impacting some customers. The flaw, identified as CVE-2023-22515, allows remote attackers to escalate privileges on Confluence Server and Confluence Data Center instances, particularly those accessible on the public internet.
?? Cyber Incidents
Sony Interactive Entertainment (SIE), a subsidiary responsible for PlayStation consoles, has suffered a significant data breach, affecting thousands of former employees in what has become the largest breach of 2023. The breach occurred through the MOVEit Transfer platform and was orchestrated by the Cl0p ransomware gang, which exploited a zero-day vulnerability in the software. While SIE promptly remediated the issue, the breach exposed sensitive personal information, including Social Security numbers, affecting 6,791 individuals.
Moscow City Hall's website inadvertently revealed a comprehensive list of "special consumers" on Russia's electricity grid, including military and intelligence agency facilities. These "special consumers" require uninterrupted electricity supply, even during blackouts. The leak exposed exact locations, such as a secret ammunition depot, undercover Federal Protective Service facilities, and military units in Russia's Far East. Shockingly, it even disclosed apartment numbers used by intelligence officers in Moscow, all of which are considered state secrets.
领英推荐
The hacking group SiegedSec has recently made headlines by claiming to have leaked over 3,000 files from NATO. These files are reported to have originated from NATO's "Learning Management System" and include data from portals such as the "Lessons Learned Portal" and the "Investment Division Portal." While some of the data appears sensitive, it remains unclear if the dump contains information already publicly available. This is the second such announcement by SiegedSec in recent months regarding alleged breaches of NATO's online infrastructure, raising concerns about the security of intergovernmental organizations and the potential impact of such data leaks.
Lyca Mobile, a global mobile network operator based in the UK with over 16 million customers across 60 countries, has experienced significant disruptions due to a cyberattack that began last week. The attack affected services such as top-ups and national and international calling in all markets except the US, Australia, Tunisia, and Ukraine. While the company is working to restore services, it is also investigating the possibility of a data breach.
The Flagler County school district fell victim to an apparent phishing scheme. The scheme, which involved a substantial sum of money, was discovered when the district identified "an electronic transfer of funds to a possible fraudulent vendor bank account." The incident triggered an internal investigation, and the FBI and the Flagler County Sheriff’s Office were contacted for assistance.
?? Cyber News
Russia's communications watchdog is gearing up to ban Virtual Private Networks (VPNs) starting from March 1st, 2024, according to Senator Artem Sheikin from the ruling United Russia party. The surge in demand for VPNs followed Russia's restrictions on Western social media platforms after President Vladimir Putin's Ukraine incursion in February 2022. Sheikin emphasized the importance of this move to restrict access to Meta Platforms, including Facebook, Instagram, and WhatsApp, which are considered extremist organizations by Russian authorities.
The DRM Report Q2 2023 delves into the evolving ransomware threat landscape during the months of May to August 2023, shedding light on the ever-growing menace in the digital realm. This comprehensive report offers an extensive analysis of global ransomware activities, with a specific focus on the unique challenges faced by Italy. With cybercriminal audacity on the rise, the report monitors 165 criminal groups and 1,736 ransomware claims worldwide.
Freedom House's 13th annual Freedom on the Net report reveals a concerning decline in global internet freedoms. The report, covering June 2022 to May 2023, highlights troubling records, such as 55 countries where individuals faced legal consequences for their online speech and 41 countries limiting access to websites hosting political and social content. Notably, China remains the worst offender in internet restrictions for the ninth consecutive year, followed closely by Myanmar.
French lawmakers are deliberating the SREN bill, a part of the Macron administration's efforts to combat online crime, which includes potential restrictions on virtual private networks (VPNs). The bill aims to enhance digital safety by addressing cyber threats, harassment, internet scams, hate speech, and minors' access to explicit content.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Thanks for sharing this recap!