Cyber Briefing - 2023.12.07
?? What's going on in the cyber world today?
Krasue RAT, SLAM Attack, 英特尔 , AMD , Arm , Amazon Web Services (AWS) STS, Cybersecurity and Infrastructure Security Agency Memory Safe Roadmap, Atlassian , Austal USA , 日产 Cyber Attack, Addenbrooke’s Hospital ,? India Tax Department, US Healthcare, US Federal Agencies Security, Crypto Losses,? Meta E2EE.
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
?Security researchers discovered the Krasue remote access trojan targeting Linux systems in telecommunications companies since 2021. The trojan's binary includes seven variants of a rootkit based on open-source projects, allowing it to stay undetected. Krasue's primary function is to maintain access to the host, suggesting it may be part of a botnet or sold by initial access brokers. The rootkit operates at the kernel level, making it challenging to detect and remove. The malware's targets seem limited to telecommunications companies in Thailand. Group-IB researchers found similarities with the XorDdos Linux malware, suggesting a common author or code overlap.
Researchers at Vrije Universiteit Amsterdam developed the SLAM side-channel attack, exploiting hardware features in upcoming Intel, AMD, and Arm CPUs to extract root password hash from kernel memory. SLAM leverages a transient execution technique focused on unmasked gadgets, revealing sensitive data through speculative execution traces, impacting specific future chip designs.
Researchers have uncovered a vulnerability in Amazon Web Services Security Token Service (AWS STS) that threat actors can exploit to infiltrate cloud accounts and execute subsequent attacks. AWS STS allows adversaries to impersonate user identities, accessing temporary, limited-privilege credentials for AWS resources.
CISA, in collaboration with the U.S. NSA, FBI, and international cybersecurity agencies, released "The Case for Memory Safe Roadmaps" as part of the Secure by Design initiative. Addressing prevalent memory safety vulnerabilities exploited by cyber actors, the guide advocates for transitioning to memory safe programming languages (MSLs). It outlines steps for software manufacturers to create and publish memory safe roadmaps, emphasizing ownership of security outcomes and transparency.
?Atlassian issues critical fixes for four vulnerabilities, including a SnakeYAML deserialization flaw (CVE-2022-1471) with a CVSS score of 9.8, and a template injection flaw (CVE-2023-22522) allowing code execution in Confluence. Another flaw (CVE-2023-22523) impacts Jira Service Management, and a fourth (CVE-2023-22524) affects the Atlassian Companion app for macOS, both allowing remote code execution. These fixes follow a recent revelation of an actively exploited flaw in Apache ActiveMQ affecting Atlassian's Bamboo products. Users are strongly urged to promptly update their installations to patched versions due to Atlassian products being targeted in cyberattacks.
?? Cyber Incidents
Austal USA, a shipbuilding contractor for the U.S. Department of Defense and Homeland Security, confirmed a cyberattack and is investigating the impact. The Hunters International ransomware group claimed responsibility and threatened to publish more stolen data, but Austal reported no personal or classified information was accessed.
Nissan is currently investigating a cyberattack on its systems in Australia and New Zealand, which could potentially lead to a data breach. The company has informed customers of its Nissan Oceania division about the incident, cautioning them about the risk of scams in the coming days. Nissan Oceania oversees distribution, marketing, sales, and services in Australia and New Zealand. The carmaker has deployed its global incident response team to assess the impact of the cyberattack and investigate whether any personal information has been compromised.
?Addenbrooke's Hospital, Cambridge, apologizes for two breaches releasing private information of over 22,000 maternity and cancer patients in 2020 and 2021. The breaches occurred due to mistakenly including patient data in response to Freedom of Information Act (FOI) requests, prompting calls for a comprehensive review to prevent future occurrences.
领英推荐
?A threat actor known as 'dawnofdevil' claims to have compromised an email account within India's Income Tax Department, offering unauthorized access for $500 and potential exploitation for government-affiliated websites. The alleged breach raises concerns about data security and integrity, prompting investigations into safeguarding measures for sensitive government information.
?Ransomware incidents hit K-12 schools and colleges across multiple states, causing disruptions and data leaks. Henry County Schools in Georgia faced an attack, involving law enforcement and cybersecurity specialists, with the BlackSuit ransomware gang posting the school's information on its leak site. The surge in attacks, affecting institutions like Hermon School Department in Maine and Taylor University in Indiana, highlights a growing trend with 246 ransomware attacks on educational institutions tracked in 2023, up from 189 the previous year.
?? Cyber News
The U.S. Department of Health and Human Services (HHS) has unveiled a comprehensive strategy to enhance cybersecurity in the healthcare sector. The proposed plan includes updating the HIPAA Security Rule, introducing new cybersecurity requirements for Medicare and Medicaid participants, setting voluntary performance goals, and expanding HHS cybersecurity services. HHS aims to tackle rising hacking incidents at medical facilities that lead to disruptions, emphasizing the need to safeguard patient safety. The strategy outlines financial programs to incentivize healthcare entities for adopting cybersecurity goals, with an emphasis on both essential and enhanced practices. Some proposals may require congressional approval to enhance HIPAA enforcement and resources.
?Federal agencies have shown progress in handling cyber threats, bolstering incident response capabilities like detecting and addressing ransomware attacks and breaches. However, some agencies lag in meeting federal requirements for event logging, crucial for effective cyber threat detection and mitigation, highlighting the need for improved implementation of these logging standards across agencies.
?CISA concluded its final 2023 Cybersecurity Advisory Committee (CSAC) meeting in Carlsbad. Subcommittees focused on advancing memory-safe languages and enhancing operational collaboration, submitting a total of 135 recommendations this year. CISA Director Jen Easterly praised the Committee's work and anticipated a more productive 2024. The recommendations, to be posted on CISA.gov , will be reviewed by Director Easterly, who acknowledged the new CSAC Chair, Ron Green, and Vice Chair, Dave DeWalt. Outgoing Chair Tom Fanning set a visionary course, emphasizing innovation and process improvement for critical infrastructure security. The CSAC, established in 2021, aims to strengthen national cybersecurity measures.
Immunefi's latest report reveals that the cryptocurrency space faced a staggering $343 million in losses due to fraud and hacking incidents in November 2023, marking the highest monthly loss this year. With hacking accounting for $335.6 million in losses across 18 incidents, the crypto ecosystem grapples with persistent threats. Interestingly, Centralized Finance (CeFi) took the lead as the primary target for exploits, surpassing Decentralized Finance (DeFi), with platforms like HTX Exchange and Poloniex falling victim, underscoring the evolving challenges in the crypto landscape.
?Meta launches end-to-end encryption by default in Messenger for personal calls and one-to-one messages, calling it a significant milestone. The update follows years of work and involves rebuilding the app with input from privacy and safety experts, with group messaging E2EE still in testing.
Subscribe and Comment.
Copyright ? 2023 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: