Cyber Briefing - 2023.11.02
?? What's going on in the cyber world today?
Turla Enhances Kazuar Backdoor, Russia’s Espionage, Spear-Phishing Targets Israel, RAT Attacks Increase, Meal Kits, Citrix Bleed Vulnerability, 谷歌 Releases Chrome 119, Western Germany Government Attacked, Querétaro Airport Hit, Deer Oaks Mental Health Associ Data Breach, FIRST Launches CVSS v4.0, U.S. Launches AI Safety Institute, Splunk Second Round of Layoffs.
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
In a recent cyber campaign, the Iranian nation-state actor MuddyWater has been tied to spear-phishing attacks targeting Israeli entities, using a legitimate remote administration tool called Advanced Monitoring Agent from N-able. Cybersecurity firm Deep Instinct revealed the attack, noting it demonstrates updated tactics, techniques, and procedures compared to past MuddyWater activity. Although the group has traditionally deployed different remote access tools, the campaign's effectiveness continues, with a new twist involving Storyblok for initiating multi-stage infections.?
A surge in Remote Access Trojan attacks is being driven by the increased availability of affordable cyberattack kits, according to HP Wolf Security's "Q3 2023 Threat Insights Report." These malware "meal kits," priced under $100, are often hidden within seemingly legitimate Excel and PowerPoint files delivered via email, with Parallax RAT being particularly prominent. The report reveals a shift in tactics as cybercriminals target inexperienced individuals, raising concerns about the expanding threat landscape and the need for enhanced cybersecurity measures.
Russian-linked hacking group Turla has unveiled an upgraded version of the Kazuar backdoor, aiming to bolster its ability to operate stealthily, evade detection, and foil analysis. Researchers at Palo Alto Networks Unit 42, tracking Turla as Pensive Ursa, discovered the enhancements, showcasing the group's commitment to advanced anti-analysis techniques and robust code encryption.
Cyber threat actors have exploited the recently disclosed "Citrix Bleed" vulnerability to target government, technical, and legal organizations across the Americas, Europe, Africa, and the Asia-Pacific region, according to research by Mandiant. This ongoing campaign, which has been active since late August 2023, primarily targets vulnerable Citrix NetScaler ADC and Gateway appliances. The attackers are utilizing the flaw to gain unauthorized access, compromise authenticated sessions, and bypass multi-factor authentication, making these attacks stealthy and challenging to detect.
A malvertising campaign is using Facebook ads to distribute malware, targeting users with suggestive images. Cybercriminals are exploiting legitimate ad distribution tools to insert infected links into ads, using provocative images as bait. This campaign aims to deliver a new version of the NodeStealer info-stealer malware, allowing hackers to steal browser cookies and hijack Facebook accounts.
Google has launched Chrome 119, providing essential patches for 15 vulnerabilities. Of these, 13 were reported by external researchers, with three rated as high severity. The high-severity vulnerabilities include issues related to Payments, USB data validation, and integer overflow in USB. Google has rewarded the researchers with over $40,000 in bug bounty rewards, with additional amounts yet to be determined, emphasizing the importance of keeping Chrome up to date for security.
?? Cyber Incidents
A ransomware attack has disrupted local government services in multiple cities and districts across western Germany. The attacker targeted the municipal service provider Südwestfalen IT, affecting over 70 municipalities, primarily in North Rhine-Westphalia. The attack has left local government services severely limited, with concerns about financial transactions and ongoing investigations to determine the extent of the damage and those responsible for the attack.
领英推荐
The Querétaro Intercontinental Airport in Mexico, one of the country's busiest airports, has called in experts to address the situation. The attack, attributed to an employee downloading a malware-containing file, did not compromise the airport's operational security, and the response team has isolated and contained the breach. While the data accessed was claimed to be in the public domain, the LockBit ransomware gang has taken credit for the attack and threatened to release the data later this month.
Deer Oaks Behavioral Health in San Antonio, Texas, revealed a cybersecurity incident that may have compromised the personal information of over 171,000 individuals. This breach, discovered on September 1, 2023, led to unauthorized access to patients' data, including names, addresses, Social Security numbers, and medical information. The affected individuals have been informed about the breach and offered credit monitoring and identity theft restoration services.
Dakota Eye Institute in North Dakota has reported a data breach impacting up to 107,143 patients. While the nature and duration of the breach remain undisclosed, DEI is taking steps to address the incident and enhance its data security protocols to prevent future occurrences. Affected individuals are receiving notifications and offered complimentary credit monitoring services.
?? Cyber News
The Forum of Incident Response and Security Teams has unveiled CVSS v4.0, the latest iteration of the Common Vulnerability Scoring System, which has not seen a major update since CVSS v3.0 eight years ago. The updated standard offers finer granularity in base metrics, simplifies threat metrics, and provides additional supplemental metrics for vulnerability assessment. It also introduces nomenclature for different severity ratings, making it more adaptable for operational technology, industrial control systems, and Internet of Things security assessment. The release of CVSS v4.0 is seen as a significant development in cybersecurity risk assessment.
The U.S. government is taking a significant step in AI safety by establishing a dedicated institute to collaborate with the public and private sectors in developing secure AI systems. The AI Safety Institute, to be located within the Department of Commerce, will work on setting standards, conducting testing, and evaluating both known and emerging risks associated with AI.
Splunk is cutting 7% of its workforce as it prepares for Cisco's $28 billion acquisition. This reduction amounts to approximately 560 positions, primarily in the United States. While the company's CEO, Gary Steele, emphasizes the need to adapt to an unpredictable market, these layoffs are part of a broader organizational restructuring, separate from the Cisco deal.
Ransomware attackers in the healthcare sector have shown a growing addiction to maliciously encrypting data, with 75% of attacks successfully encrypting data, according to a report by security firm Sophos. The study, based on a survey of 3,000 IT and cybersecurity organizations across 233 healthcare entities, highlights the evolving tactics of adversaries.
A new report from Dashlane reveals a global improvement in password health and hygiene over the past year, offering increased security for consumers and businesses. While the analysis indicates a reduction in weak, reused, and compromised passwords, the prevalence of password reuse remains high, exposing user accounts to risks like password-spraying attacks, emphasizing the importance of strong multi-factor authentication.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on:
Co-Founder & Executive at ANNRAJ Agro Foods | Enthusiast in Brand Building ??
1 年I have stopped listening to the “CISO Series” podcast. I have become completely dependent on your podcast. Keep uploading that podcast on regular basis, very good content CyberMaterial ??