Cyber Briefing - 2023.11.22

?? ????What's trending in cybersecurity today?

Agent Tesla Malware, Citrix , NetScaler , Play Ransomware, Atomic Stealer, ClearFake, Cybersecurity and Infrastructure Security Agency , Israel, Signature-IT Attack, AutoZone , MOVEit, Bahrain, LockBit, NY Bravest FCU, Sabre Insurance Group , 微软 Defender, Bug Bounty, The Tor Project , Cryptocurrency, 摩根士丹利 , UK Health Secretary, FTC, AI?.

Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .

?? Cyber Alerts

1. ?Agent Tesla's ZPAQ Cyber Threat Evolution

In a startling twist, the notorious Agent Tesla malware has adopted a new tactic, utilizing the ZPAQ compression format to infiltrate systems and extract sensitive data from email clients and web browsers. G Data malware analyst Anna Lvova highlighted the unique characteristics of ZPAQ, emphasizing its superior compression ratio and journaling function, albeit with limited software support. This evolution in the Agent Tesla attack chain underscores the adaptability of cyber threats, urging users to remain vigilant against novel techniques and emphasizing the importance of staying updated to thwart these unconventional tactics.

2. NetScaler Urges Session Termination

Amid ongoing exploitation of the Citrix Bleed vulnerability impacting NetScaler devices, the manufacturer has reiterated the urgent need for immediate patching and advised terminating active sessions to thwart potential exploitation. This critical flaw, CVE-2023-4966, has been targeted by various threat actors, enabling unauthorized access, session token theft, and potential post-patch intrusion activities, emphasizing the necessity for swift remediation and thorough investigation across affected organizations.

3. Play Ransomware's Threat Evolution

The notorious Play ransomware has transitioned into a "Ransomware-as-a-Service" (RaaS) model, as uncovered by cybersecurity firm Adlumin. Evidence suggests that Play is now offered as a service to other threat actors, with affiliates following detailed playbooks, leading to near-identical attacks in various sectors. This evolution, marked by uniform attack tactics and an appealing package for potential hackers, highlights a growing wave of incidents that businesses and authorities should brace for, as the threat landscape continues to transform with the rise of RaaS operations.

4. Atomic Stealer Adapts with ClearFake

The macOS-targeting Atomic information stealer, previously confined to Windows, is now utilizing a deceptive web browser update chain called ClearFake, marking a significant expansion in both geolocation and operating system targeting. According to Malwarebytes' Jér?me Segura, this shift represents a novel development in social engineering campaigns. Atomic Stealer, a commercial malware family available through a $1,000 per month subscription, specializes in extracting data from web browsers and cryptocurrency wallets, while ClearFake operates as a burgeoning malware distribution operation, leveraging compromised WordPress sites to deliver fraudulent browser update notifications and deploy stealers and other malware.

5. CISA Warns of 5 ICS Risks

CISA has issued five Industrial Control Systems (ICS) advisories on November 21, 2023, shedding light on prevailing security issues, vulnerabilities, and exploits within the ICS domain. Covering a range of systems, including WAGO PFC200 Series, Fuji Electric Tellus Lite V-Simulator, Mitsubishi Electric CNC Series, Keysight N8844A Data Analytics Web Service, and Rockwell Automation Stratix 5800 and Stratix 5200, these advisories provide crucial insights for users and administrators. CISA strongly advocates a thorough review of these advisories for in-depth technical details and recommended mitigations to enhance ICS security.

?? Cyber Incidents

6. Israeli Cyber Chaos and Retail Disruption

A cyber onslaught on Signature-IT, a website hosting company, has paralyzed online operations for about 40 companies, including major players like Keter, Osem, and Strauss. The National Cyber Directorate confirmed disruptions, with the Home Center and Kravitz chains among those impacted. While the attack targeted Signature-IT's servers and not the individual companies, concerns arise regarding potential data breaches, as attackers gained access to mailing lists containing personal information, potentially enabling targeted phishing attacks in the future.

7. AutoZone Data Breach Alert

AutoZone, a leading U.S. automotive retailer with an annual revenue of nearly $17.5 billion, is notifying tens of thousands of customers about a data breach stemming from the Clop MOVEit file transfer attacks. The breach, occurring on May 28, 2023, exposed data from 184,995 individuals, prompting AutoZone to cover identity theft protection for affected customers. The Clop ransomware gang, responsible for the attack, published a 1.1GB data leak on July 7, 2023, revealing employee details, tax information, and more, emphasizing the escalating threat landscape.

8. Cyber Retaliation Hits Bahrain Ministries

Bahrain faced a cyber onslaught targeting government ministries as hackers, self-identified as Al-Toufan (The Flood), briefly rendered the websites of the Foreign Ministry and Information Affairs Ministry inaccessible. The attack was allegedly a response to the Bahraini ruling family's statements on the Israel-Hamas conflict. The hackers, citing dissatisfaction with the Al Khalifa family's remarks, also claimed responsibility for leaking scans of passports belonging to American citizens and a high-ranking Russian diplomat in Bahrain, adding a complex dimension to the cyber incident.

9. Alleged LockBit Cyberattack on NY Bravest FCU

The NY Bravest FCU faces a menacing cyber threat as the infamous LockBit ransomware group claims responsibility for an attack, setting a deadline of November 30, 2023, for potential data release. The Albany branch is purportedly the target, with the ransomware group ominously warning of the publication of "ALL AVAILABLE DATA" on the dark web. In response to the situation, NY Bravest FCU swiftly updated its website, cautioning members about fraudulent activities affecting financial institutions and advising against responding to suspicious messages or calls impersonating banks.

10. Sabre Insurance Faces LockBit Ransom Threat

The LockBit ransomware group has purportedly taken responsibility for the Sabre Insurance data breach, unleashing cyber threats on their official data leak site and issuing a grave ultimatum. With a looming deadline of November 30, 2023, the threat actors demand a payment of $10,000 to extend the time before the data release by 24 hours. Alternatively, for a staggering $900,000, Sabre Insurance is presented with the option to permanently erase the stolen data or redownload their compromised information—a strategic and high-stakes approach to extortion.

?? Cyber News

?11. Microsoft Defender's Global Bug Quest

Microsoft has introduced a new bug bounty program centered on the Microsoft Defender security platform, offering rewards ranging from $500 to $20,000. While Microsoft retains discretion to determine final reward amounts based on factors like vulnerability severity and impact, the highest rewards are reserved for top-quality reports of critical severity remote code execution vulnerabilities. The initial scope of the Microsoft Defender Bounty Program focuses on Microsoft Defender for Endpoint APIs, with plans to expand to other Defender products in the future, reflecting Microsoft's commitment to global security collaboration for customer protection.

12. Tor Project Takes Action on Threats

The Tor Project has taken a decisive step by removing multiple network relays involved in a cryptocurrency scheme that posed a threat to users. Tor relays, crucial for anonymizing traffic, are typically operated by volunteers worldwide who champion online privacy. The removal sparked a community debate on relay policies, violation consequences, and incentivization models, emphasizing the project's commitment to network integrity and user safety.

13. Morgan Stanley Settles Data Security

Morgan Stanley has reached a $6.5 million settlement following allegations of insecurely disposing of hardware containing unencrypted personal information, potentially exposing millions of customers. The Florida Attorney General's Office revealed that negligent internal data security practices led the multinational investment bank to hire an inexperienced moving company for decommissioning, resulting in the sale of equipment at internet auctions without monitoring. The investigation highlighted flaws in encryption software, missing servers, and inadequate vendor controls, prompting the settlement, which also mandates security improvements, data encryption, and the implementation of comprehensive information security measures.

14. UK Secretary Fined for Patient Data Breach

A former NHS secretary, Loretta Alborghetti, was fined by the Information Commissioner's Office (ICO) for illegally accessing over 150 patient records without consent or legitimate business reasons. Alborghetti accessed these records over 1800 times within three months, prompting concerns over data privacy and prompting the ICO to emphasize that unauthorized access to personal data, regardless of job access, violates data protection laws.

15. FTC Boosts AI Investigation Processes

The Federal Trade Commission (FTC) has unanimously voted to bolster its investigative capabilities concerning artificial intelligence (AI) systems. The resolution allows the FTC to issue demands for information in AI-related investigations, emphasizing the need for compliance and cooperation from organizations developing AI products and services, aligning with efforts to ensure consumer protections and competitive markets in the AI sector.

Subscribe and Comment.

Copyright ? 2023 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .