Cyber Briefing - 2023.11.24

?? What are the latest cybersecurity alerts, incidents, and news?

WailingCrab Loader, UK, South Korea, North Korea, Crypto Scam, SysJoker, Rust Variant, Cyber Warfare, Israel, Kubernetes, Supply Chain Threat, New Relic, Al-Toufan, Bahrain, PLAY Ransomware, McHale Landscape Design, Inc. , NYC Bar Association, Fidelity National Financial , Canada, ARM Cortex-M52 Chip, 法雷奥 , 英伟达 , Telekopye, Neanderthals, 'Pig Butchering' Gang, Romance Scam

?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .

?? Cyber Alerts

1. WailingCrab Malware via Shipping Email

WailingCrab, a sophisticated malware loader, is being spread through shipping-themed emails, utilizing various components like a loader, injector, downloader, and backdoor. Operated by the threat actor TA544, also known as Bamboo Spider and Zeus Panda, this malware exhibits advanced evasion techniques, using platforms like Discord for initial command-and-control communications and adopting the MQTT protocol, a tactic uncommon in the threat landscape, for further stealth.

2. North Korean Cyber Threats Surge Warning

British and South Korean cyber agencies issued a joint alert, cautioning about ongoing North Korean state-affiliated hacking activities targeting software supply chains for espionage and financial gain. These attacks exploit vulnerabilities in third-party software, emphasizing the need for heightened cybersecurity measures, including awareness training, prompt security updates, and vigilant network monitoring to thwart such threats effectively.

3. Researchers Uncover $1M Crypto Scam

?Check Point’s Threat Intel Blockchain system has uncovered a new Rug Pull scam, where investors lost nearly $1 million. The scam involved creating fake tokens, simulating trading activities, and swiftly withdrawing liquidity, highlighting the risks in the crypto market and emphasizing the necessity for investor vigilance and awareness.

4. SysJoker Evolution Unveiling Cyber Threat .

In a recent analysis, cybersecurity researchers reveal a Rust version of the cross-platform backdoor SysJoker, employed by a Hamas-affiliated threat actor targeting Israel amid regional conflict. Notable updates include a complete rewrite in Rust indicating enhanced functionalities and a strategic move from Google Drive to OneDrive for storing dynamic command and control server URLs. This evolution marked by random sleep intervals and adaptive C2 address changes showcases the malware's resilience and the threat actor's agility in evading detection.

5. Kubernetes Secrets Risk Supply Chain .

Cybersecurity researchers are sounding the alarm on publicly exposed Kubernetes configuration secrets, raising concerns about potential supply chain attacks on organizations. The revelation, detailed by Aqua security researchers Yakir Kadkoda and Assaf Morag, exposes encoded Kubernetes configuration secrets uploaded to public repositories, impacting major blockchain companies and Fortune 500 organizations. The research uncovered that 46% of the 438 records potentially held valid credentials, providing unauthorized access to registries, with nearly 50% of passwords identified as weak, emphasizing the urgent need for robust organizational password policies.

?? Cyber Incidents

6. New Relic Alerts Clients of Cyber Incident

New Relic issues a vague security advisory about a recent cyber incident, urging customers to remain vigilant and monitor accounts for suspicious activity without providing clear details. CEO Bill Staples reassures customers of active investigation but offers minimal information, leaving recipients uncertain about the incident's nature or required actions.

7. Al-Toufan Disrupts Bahrain Air Ops

The recently surfaced cybercriminal group, Al-Toufan, has allegedly disrupted Bahrain's Airport and Gulf Air, asserting the cyberattack in solidarity with Palestine. However, Bahrain's government has not fully confirmed these claims, reflecting heightened tension in the digital landscape.

8. PLAY Ransomware Targets McHale Landscape Design

In a targeted cyberattack, McHale Landscape Design has reportedly fallen victim to the PLAY ransomware group, renowned for its sophisticated tactics. The hackers claim to have accessed a vast array of sensitive information, including client documents, financial data, and human resources records. The full extent of the data breach remains uncertain, but the attackers have announced their intention to disclose the stolen information on November 25, 2023, raising concerns about the potential impact on the landscape design company and its clients.

9. NYC Bar Data Breach Exposes 27K Members

The New York City Bar Association confirmed a cyberattack that leaked data of over 27,000 members and staff nearly a year ago, following an investigation that revealed unauthorized access to internal files between December 2 and December 24, 2022. Although the association did not specify if it was a ransomware attack, there were indications of a Clop ransomware incident earlier, with threats to leak stolen information, while the actual cause remained undisclosed until the recent disclosure. The organization is offering affected individuals 12 months of free credit monitoring and identity theft protection services in response to the data breach.

10. Fidelity National Financial Cyber Disruption

A recent cyberattack has disrupted the operations of Fidelity National Financial (FNF), a Fortune 500 company providing title insurance settlement services. The incident, disclosed in an SEC filing, prompted FNF to implement containment measures, including blocking access to certain systems, leading to disruptions in critical services such as title insurance and mortgage transactions. As stakeholders seek alternative solutions amid delays, the cyberattack highlights the broader vulnerabilities in essential financial services, emphasizing the need for continuous investment in cybersecurity strategies to protect sensitive data and maintain trust in an interconnected digital landscape.

?? Cyber News

?11. Canada Investigates Massive Data Breach .

The Office of the Privacy Commissioner of Canada (OPC) is undertaking a comprehensive investigation into a significant data breach spanning 24 years, involving federal employees' information. Brookfield Global Relocation Services (BGRS) and Sirva Canada, government-contracted relocation service providers, were targeted, compromising personal data dating back to 1999. The investigation aims to assess security protocols, scrutinize compliance with data protection regulations, and implement preventive measures to safeguard sensitive data and prevent future breaches.

12. AI-Accelerated IoT with ARM Cortex-M52 .

Arm introduces the Cortex-M52, a groundbreaking chip designed for AI acceleration in IoT devices, removing the need for separate computing units. This innovation brings enhanced AI capabilities to even the smallest IoT endpoints, enabling more intelligent and capable IoT appliances. Featuring Arm's Helium technology, the Cortex-M52 offers significant performance gains in machine learning and digital signal processing compared to previous generations. It also integrates the latest security extensions and provides a unified toolchain for AI workflows, simplifying development for developers and potentially reducing production costs for IoT devices.

13. Valeo Files Lawsuit Against Nvidia .

Car technology firm Valeo has filed a lawsuit against Nvidia, claiming that a senior staff member, Mohammad Moniruzzaman, accidentally exposed stolen trade secrets during an online presentation. Valeo alleges that Moniruzzaman, who had recently joined Nvidia from the company, displayed a file containing the source code for Valeo's parking and driving assistance software. The lawsuit seeks significant damages, asserting that Nvidia financially benefited from the stolen trade secrets, diminishing the value of Valeo's proprietary information.

14. Insights into Telekopye Scam Tactics .

In a comprehensive analysis of the Telekopye scam, researchers unveil the intricate tactics and operational methods employed by the Neanderthals orchestrating online marketplace scams. Drawing from the bot's source code, infiltrated scamming groups, and internal documentation, the study details the recruitment process, scam scenarios (Seller, Buyer, Refund), and the Neanderthals' meticulous market research and preparation. The report also exposes the scammers' communication strategies, web scraping techniques, anonymity measures, and the use of cryptocurrencies to execute successful online marketplace scams, offering a thorough understanding of their modus operandi.

15. US Seizes $9M in Crypto from Romance Scam Gang .

US authorities have seized nearly $9 million in cryptocurrency linked to a criminal gang engaged in romance scams and investment fraud. The funds were associated with a "pig butchering" gang that lures victims into online romances, builds trust, and manipulates them into investing in a fraudulent cryptocurrency platform, ultimately disappearing with the money. The Department of Justice emphasizes its commitment to tracking and seizing illicit gains, warning cybercriminals that law enforcement will continue to follow the money to protect victims.

Subscribe and Comment.

Copyright ? 2023 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .