Cyber Briefing - 2023.11.15
?? What's trending in cybersecurity today?
VMware Reveals Critical Authentication Flaw, 英特尔 Resolves High-Severity CPU Vulnerability, Russian APT29 Targets Embassies, Researchers Expose Risk to AMD CPU, Microsoft Azure CLI Critical Flaw Patching, Ransomware Surge Targets Nuclear and Oil & Gas Sectors, Booking.com Confirms Data Breach, Stellantis Production Disrupted, Data Breach in North Carolina County, St. Lucie County Tax Collector - Walton Road Hit by Ransomware Attack, NY Governor Proposes Cybersecurity Rules for Hospitals, 谷歌 Initiates Deletion of Dormant Gmail Accounts, Sophos s Unveils Rapid Execution Tactics, Federal Bureau of Investigation (FBI) Shuts Down IPStorm Proxy Service.
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
VMware has exposed a significant unpatched vulnerability, an authentication bypass flaw, affecting Cloud Director appliance deployments. Limited to appliances running VCD Appliance 10.5 upgraded from an older release, the flaw allows unauthenticated attackers to remotely exploit it without user interaction. While VMware works on a patch, admins are advised to implement a temporary workaround provided by the company to mitigate the risk until a permanent solution is available.
Intel has addressed a significant high-severity CPU vulnerability impacting various CPUs, including Alder Lake, Raptor Lake, and Sapphire Rapids. Termed a 'Redundant Prefix Issue,' the flaw could enable attackers to escalate privileges, access sensitive data, or cause a denial-of-service situation. While Intel believes real-world software won't encounter the issue, users are urged to update their systems with the provided microcode updates to mitigate any potential risks.
Ukraine's National Cyber Security Coordination Center has uncovered a cyber-espionage campaign targeting embassies and international organizations, linking the attacks to the Russian state-sponsored hacker group APT29, also known as Cozy Bear. The operation aimed at infiltrating embassy entities, particularly diplomatic accounts associated with foreign affairs ministries in Azerbaijan and Italy. Utilizing a recently discovered vulnerability in WinRAR, the attackers sent phishing emails with a malicious ZIP file, exploiting the vulnerability and potentially gaining access to compromised systems.
Security researchers have discovered a new attack method named CacheWarp that targets a security feature in AMD processors, posing a risk to protected virtual machines. The attack affects AMD Secure Encrypted Virtualization, particularly the SEV-SNP feature, designed to isolate VMs from the underlying hypervisor at the hardware level. CacheWarp, described as a software-based fault injection attack, exploits an architectural bug in AMD CPUs, allowing malicious hackers to hijack control flow.
Microsoft has swiftly addressed a critical security vulnerability in Azure CLI, identified as CVE-2023-36052, which could allow attackers to pilfer credentials from logs generated by Azure CLI in GitHub Actions or Azure DevOps. Security researchers at Palo Alto's Prisma Cloud discovered that successful exploitation of the flaw could enable unauthenticated attackers to remotely access plaintext contents within Continuous Integration and Continuous Deployment? logs.
Resecurity, Inc. highlights a concerning surge in ransomware operations targeting the energy sector, with a particular emphasis on nuclear facilities and associated research entities. Over the past year, energy installations in North America, Asia, and the European Union have witnessed a significant increase in ransomware attacks. With major ransomware groups like BlackCat/ALPHV, Medusa, and LockBit 3.0 intensifying their focus on high-stakes targets, the collaboration between these groups and underground actors poses a serious threat to critical infrastructure.
?? Cyber Incidents
Booking.com confirmed falling victim to a phishing attack, posing potential risks to consumers' credit card information. The incident began when a hacker, posing as a traveler, targeted hotels via email, infecting their systems with a virus. The compromised hotels' IDs and passwords for Booking.com were then exploited to send fake emails to travelers, tricking them into entering credit card details on a fraudulent Booking.com site.
Production at Stellantis, the maker of Chrysler, Dodge, Jeep, and Ram vehicles, is facing disruptions following a cyberattack on its supplier, Yanfeng International Automotive Technology. The Chinese automotive supplier, responsible for just-in-time parts like seats, interiors, and electronics, suffered a cyber incident, impacting Stellantis' North American assembly plants. Stellantis is working closely with the supplier to mitigate further impacts on operations, emphasizing the significance of supply chain cybersecurity in the automotive industry.
A cyberattack on Bladen County, North Carolina, prompted the deployment of the state's national guard for assistance. While data access was confirmed, the notice did not mention ransomware, prompting a forensic investigation by the North Carolina Joint Cybersecurity Task Force. Bladen County, operating in a limited capacity, faces cybersecurity challenges, and despite the ban on ransom payments, the incident reflects the persistent threat to local governments from ransomware groups.
The St. Lucie County tax collector's computer system recently faced a shutdown due to a ransomware attack, confirmed by Tax Collector Chris Craft. Although personal information was not compromised, Craft reassured taxpayers that their data, including driver's license information and car registration, is stored on a secure state server. The attack, while not resulting in a data breach, incurred significant costs as workers labored around the clock to restore the system, emphasizing the challenges faced by public services in dealing with cyber threats.
?? Cyber News
New York Governor Kathy Hochul is pushing for robust cybersecurity regulations for the state's hospitals following a series of debilitating attacks. The proposed rules mandate hospitals to establish cybersecurity programs, appoint chief information security officers, and implement defensive measures. With an allocation of $500 million in the budget for technology upgrades aligned with these regulations, the governor aims to fortify the healthcare sector against cyber threats.
Google is set to delete inactive Gmail accounts starting December 1, as part of a cybersecurity initiative. Any account untouched for two years, including Google Workspace apps like Drive and Docs, could be eradicated. This measure aims to enhance security, targeting older accounts that may be susceptible to hacks due to outdated passwords and lack of two-factor authentication.
The UK's National Cyber Security Centre expresses concern about the increasing threat level to the nation's critical national infrastructure in its annual review. While acknowledging progress in building resilience, the report states that cybersecurity readiness in critical areas is not where it needs to be.
Sophos' latest report exposes a concerning trend as cyber-criminals, in 82% of cases, disable or erase logs, emphasizing the critical importance of telemetry data. Analyzing 232 incident response cases from January 1, 2022, to June 30, 2023, the report sheds light on the accelerated pace of ransomware attacks, often executed within hours. While categorizing attacks based on dwell time, Sophos recommends maintaining current defensive strategies, including robust telemetry.
The U.S. Department of Justice has announced the successful takedown of the IPStorm botnet proxy service by the Federal Bureau of Investigation. IPStorm allowed cybercriminals to anonymously route malicious traffic through compromised Windows, Linux, Mac, and Android devices globally. In connection to this case, Sergei Makinin, a Russian-Moldovan national, pleaded guilty to computer fraud charges, facing a maximum penalty of 10 years in prison, highlighting the significant impact of dismantling this proxy service on cybercrime facilitation.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: