Cyber Briefing - 2023.11.07
?? What's the latest in the cyber world today?
Hackers Exploit 谷歌 Calendar, Jupyter Infostealer Resurfaces, Android Threat Circumvents Google's Security Safeguards, Critical Vulnerabilities in Veeam Software ONE, Guidelines for Vulnerability Exploitability eXchange, QNAP Systems Security Flaws, Ransomware Attack on Canadian Hospitals, Fake Ledger Live App, $770,000 Crypto Theft, Pro-Palestinian Hackers, Marina Bay Sands Exposes 665,000 Customers' Data, North Korea's Cyber Threats, Chinese Firms Dominate Cybersecurity Patents, Palo Alto Networks Acquires Talon, Gaps in Cloud Native Development, Liechtenstein's AI Chatbot Guidelines.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
Google is sounding the alarm on multiple threat actors who are sharing a public proof-of-concept exploit named Google Calendar RAT, which misuses Google Calendar Events for command-and-control operations. Developed by MrSaighnal, the script creates a 'Covert Channel' by manipulating Google Calendar event descriptions, enabling direct connections to Google.
A recently updated version of the Jupyter Infostealer, also known as Polazert, SolarMarker, and Yellow Cockatoo, has emerged with subtle yet effective changes designed to establish a discreet and persistent presence on compromised systems. This iteration employs PowerShell command alterations and private key signatures to make the malware appear as a legitimately signed file. Jupyter Infostealer has a history of utilizing manipulated search engine optimization tactics and malvertising to trick users into downloading it.
Cybersecurity researchers have unveiled a new Android dropper-as-a-service named SecuriDropper, which cleverly sidesteps Google's latest security barriers to deliver malware. Dropper malware acts as an intermediary for installing payloads on compromised devices, providing a profitable model for cybercriminals to market their capabilities to other criminal groups.
Veeam has released crucial hotfixes to address four vulnerabilities in its IT infrastructure monitoring platform, Veeam ONE, with two of them being rated as critical due to their potential for remote code execution and NTLM hash theft. The vulnerabilities affected actively supported Veeam ONE versions, up to the latest release, requiring admins to apply the provided hotfixes by replacing files on impacted servers and restarting services. Veeam urged administrators to apply the patches promptly to enhance the security of their infrastructure.
The Cybersecurity and Infrastructure Security Agency has released a valuable resource titled "When to Issue Vulnerability Exploitability eXchange Information," developed collaboratively by industry and government experts. This guide is designed to provide structure and guidance to the software security landscape, particularly within the global Software Bill of Materials community.
QNAP has acted swiftly to address two critical security flaws threatening its operating system, which, if exploited, could lead to arbitrary code execution. The vulnerabilities, tracked as CVE-2023-23368 and CVE-2023-23369, posed a significant risk to QNAP's QTS, QuTS hero, QuTScloud, Multimedia Console, and Media Streaming add-on users. With ransomware attacks targeting NAS devices in the past, users are strongly encouraged to update to the latest versions to enhance their security and protect their network-attached storage systems.
?? Cyber Incidents
Five Canadian hospitals, including Bluewater Health and Chatham-Kent Health Alliance, have confirmed that patient and employee data, totaling around 5.6 million patient visits and 267,000 unique patients, was stolen in a ransomware attack and later leaked online. While the affected hospitals are working to identify the impacted individuals and investigate the extent of the breach, the Daixin ransomware gang has claimed responsibility for the attack, exposing thousands of personally identifiable information and protected health information records. The hospitals have assured that no banking information was stolen in the incident, and investigations are ongoing.
A fraudulent Ledger Live app on the Microsoft app store allowed hackers to steal 16.8 bitcoin, totaling $770,000 when including Ethereum and BNB Smart Chain. The hacker received these funds through multiple Bitcoin transactions and attempted to cover their tracks by splitting them across various wallets. This incident underscores the need for increased vigilance and security measures in the face of rising cryptocurrency-related hacks during asset price surges.
In a concerning development, the Pro-Palestinian hacker group known as the 'Soldiers of Solomon' has claimed responsibility for infiltrating the infrastructure of Flour Mills Ltd, a multinational company specializing in flour processing and food products. The hackers assert that they have caused damage to the plant's production cycle, potentially impacting the food supply chain. The incident follows the group's recent cyber attack on the Ashalim Power Station and an extensive data breach in the Nevatim military area, highlighting the persistent threats posed by these hacktivists.
Marina Bay Sands recently revealed a data security breach in which the personal information of 665,000 customers was accessed without authorization. The breach occurred in October, impacting some Sands LifeStyle rewards program members. The exposed data included names, email addresses, phone numbers, country of residence, membership numbers, and tiers. Marina Bay Sands assured affected customers that their personal data was not compromised, and investigations indicated that the breach only affected non-casino rewards program members.
?? Cyber News
In response to the increasing cyber threats posed by North Korea, the United States, South Korea, and Japan have established a high-level consultative body focused on cybersecurity matters. This group, which will convene quarterly, aims to bolster joint capabilities to address global cyber threats effectively. Their primary focus is to block cyber activities that provide significant funding for North Korea's weapons development, including nuclear weapons and weapons of mass destruction.
Chinese companies, including Huawei and Tencent, now hold the majority of the top patent positions in the global cybersecurity technology sector, according to a report by Nikkei Asia. Data compiled in collaboration with U.S. information services provider LexisNexis revealed that six of the top 10 global patent holders in this field were Chinese firms as of August, with IBM leading the list at 6,363 patents, followed by Huawei and Tencent with 5,735 and 4,803 patents, respectively.
Palo Alto Networks is aggressively expanding its presence in the cloud data security space with the acquisition of Talon Cyber Security for $625 million, following its recent purchase of Dig Security for $400 million. The acquisitions are part of Palo Alto's efforts to bolster its enterprise cloud data security offerings and compete with rivals like Cisco.
A recent study by Venafi highlights the increasing security blind spots created by cloud native development practices in the US, UK, France, and Germany. The report, "The Impact of Machine Identities on the State of Cloud Native Security in 2023," is based on a survey of 800 security and IT leaders in large organizations. It discloses that 59% of respondents have encountered security incidents in their Kubernetes or container environments, with network breaches, API vulnerabilities, and certificate misconfigurations being the primary causes.
The data protection regulator of Liechtenstein has released new guidelines for data processing, focusing on AI chatbots powered by large language models like ChatGPT. The guidance specifies that AI chatbots must adhere to GDPR transparency and consent clauses when handling user data, cookies, and sensitive information. It emphasizes the need for obtaining user consent and may require separate consent for specific data processing purposes, particularly related to advertising.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: