Cyber Briefing - 2023.11.27

?? What's happening in cybersecurity today?

OpenCart , ownCloud , Black Friday Phishing Scams, Chrome, Brazil, China Energy Company, Ransomware, VANDERBILT MEDICAL CENTER , Municipal Water Authority of Aliquippa , Iranian Hackers, Kybeswap, 通用电气 , BlackCat, Henry Schein , Toronto Public Library , Cybersecurity and Infrastructure Security Agency , UK, European Commission

Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .

?? Cyber Alerts

1. OpenCart Flaw Exposed

A security researcher, known as "0xbro," uncovered a Static Code Injection flaw in OpenCart versions 4.0.0.0 to 4.0.2.3, enabling arbitrary data writing in critical files. Despite responsibly disclosing the vulnerability, the researcher faced an impolite response from OpenCart's administrator, Daniel Kerr, raising concerns about the company's handling of security issues.

2. ownCloud Users Face Critical Flaws

ownCloud has issued warnings about three critical security vulnerabilities, exposing users to potential data breaches and file modifications. The flaws include sensitive information disclosure, WebDAV API authentication bypass, and subdomain validation bypass, urging users to implement fixes, disable certain functions, and update credentials to safeguard their systems. Meanwhile, a separate critical remote code execution vulnerability in CrushFTP was discovered, allowing unauthenticated attackers to access files and execute arbitrary programs on the host without requiring authentication.

3. Phishing Soars Black Friday Alert

Security researchers have highlighted a significant surge in phishing emails, specifically targeting Black Friday and Cyber Monday shoppers. These emails often impersonate popular brands and use various tactics like realistic templates, genuine hyperlinks, and social engineering to deceive recipients into disclosing sensitive information or clicking malicious links. To stay safe, users are advised to thoroughly verify offers and utilize robust anti-phishing and anti-malware defenses both in work and personal environments.

4. Chrome Extensions Target Brazil

The discovery of the malicious Google Chrome extension named "ParaSiteSnatcher" reveals a sophisticated framework capable of extracting highly sensitive data by monitoring and manipulating various sources. This extension operates by exploiting the Chrome Browser API to intercept and siphon off significant information from POST requests, especially those containing sensitive financial details, even before the HTTP request establishes a connection. Specifically tailored for Latin American users, particularly in Brazil, ParaSiteSnatcher targets key financial entities like Banco do Brasil and Caixa Econ?mica Federal, aiming to extract data related to transactions, Brazilian Tax IDs, and cookies associated with Microsoft accounts.

?? Cyber Incidents

5. Ransomware Gang Claims Energy Hack

The Rhysida ransomware gang claimed responsibility for hacking China Energy Engineering Corporation, aiming to auction stolen data for 50 BTC. Their modus operandi, highlighted in FBI-CISA advisories, targets multiple sectors using sophisticated techniques like Zerologon exploitation and off-the-land tools for attacks.

6. Vanderbilt Med Center Probes Cyber Incident

Vanderbilt University Medical Center is investigating a cybersecurity incident following the compromise of a database, leading to its inclusion on the Meow ransomware gang's leak site. Although the hospital confirmed the incident, initial investigations suggest that the compromised database did not contain sensitive personal or protected information of patients or employees. The incident raises concerns about the evolving tactics of cybercriminal groups like Meow, previously associated with Conti ransomware, which exposed its source code in March, prompting various criminal gangs to develop distinct ransomware variants.

7. Iranian-Backed Group Hacks Aliquippa Water

The Municipal Water Authority of Aliquippa disclosed that an Iranian-backed cyber group, Cyber Av3ngers, successfully hacked one of their booster stations. Matthew Mottes, the board chairman, confirmed the breach to KDKA-TV, highlighting that the cyber group gained control over a station on the outskirts responsible for monitoring and regulating pressure in Raccoon and Potter Townships. Despite the intrusion, officials emphasized that there is currently no identified threat to the drinking water or water supply stemming from the cyberattack.

8. KyberSwap Reports $55m Crypto Theft

KyberSwap, a decentralized exchange, fell victim to a sophisticated cyber-attack on November 22, losing approximately $55 million in users' funds through an exploit of its Elastic smart contracts. In response, the company paused deposits, initiated investigations, negotiated with attackers, and offered a 10% bounty to recover exploited funds, while DeFi experts highlighted the attack's intricacies in exploiting a vulnerability unique to KyberSwap's concentrated liquidity system.

9. GE Probes Cyber Attack, Data Theft

General Electric investigates alleged cyber attack and data theft claims made by threat actor IntelBroker, who purportedly breached GE's development environment and leaked stolen data, including DARPA-related military information. GE confirmed awareness of the claims and is conducting an investigation to protect system integrity, while the breach remains unconfirmed. IntelBroker, known for prior successful cyberattacks, posted screenshots as proof of the alleged breach, prompting GE's inquiry into the incident.

10. BlackCat Re-Encrypts Henry Schein

Henry Schein, Inc., a Nasdaq-listed company, suffered a cybersecurity incident on October 14, leading to disruptions in its manufacturing and distribution operations. Initially, AlphV (BlackCat) claimed responsibility for the attack, impacting Henry Schein's dental and medical distribution in North America and Europe. Despite efforts to restore systems, subsequent updates revealed persistent disruptions, including the re-encryption of their platforms by BlackCat, causing ongoing unavailability of their ecommerce applications. However, recent updates indicate the company's proactive response in identifying the cause and foreseeing the restoration of its U.S. ecommerce platform and other applications in the coming days.

?? Cyber News

11. Broadcom to Acquire VMware After Approval

Broadcom has finally cleared all regulatory obstacles for its $69 billion acquisition of VMware, planning to finalize the deal on Wednesday after China's approval. This landmark acquisition marks Broadcom's strategic move to solidify its position in cloud technology and expand its reach in the competitive cloud computing market.

12. Toronto Library Systems Unrestored Until 2024

The Toronto Public Library continues to grapple with a cyberattack that occurred in late October, forcing its systems to remain offline until 2024. While services are expected to gradually resume from January onward, the restoration process for the library's computer systems and website remains a priority amidst ongoing efforts to enhance network security after the ransomware attack.

13. Pentagon's AI Spurs Lethal Weapon Decisions

The Pentagon's Replicator initiative aims to deploy thousands of AI-enabled autonomous vehicles by 2026 to match China's technological advancements, raising concerns about the deployment of fully autonomous lethal weapons. The advancement in AI within the military is apparent, aiding in surveillance, maintenance prediction, space monitoring, and even fitness tracking for soldiers, but it also raises ethical and operational challenges regarding autonomous weapon systems.

14. EU Commission Criticized on Spyware

European lawmakers criticized the European Commission for its inaction following the parliamentary committee's push for stricter regulations against spyware within the EU. The commission failed to implement the recommendations proposed by the PEGA Committee in May, which sought tighter export controls on commercial spyware and limited its use to genuine national security threats. Meanwhile, concerns persist over spyware misuse, exemplified by cases such as the alleged targeting of journalists and activists and the lack of robust investigative powers to counter such abuse.

15. CISA, UK NCSC Release AI Guidelines

CISA and the UK NCSC collaborate on the release of comprehensive Guidelines for Secure AI System Development, offering crucial recommendations for various AI system stakeholders. This landmark publication emphasizes Secure by Design principles, promoting transparency, accountability, and prioritizing security outcomes for customers in AI system development.

Subscribe and Comment.

Copyright ? 2023 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .