Cyber Briefing - 2024.02.20
?? What's the latest in the cyber world today?
Meta , Spyware Firms, #iOS, #Android, #Windows, #North Korea, Cyber Espionage, Global Defense Sector, WordPress Bricks Builder Theme, RCE Attack, Microsoft Exchange Flaw, ConnectWise, ScreenConnect Vulnerabilities, Decentralized Exchange FixedFloat, 英国剑桥大学 , DDoS Attack, Anonymous Sudan, Regional Church of Hanover, Germany, Russian, Ukrainian Media, Fake News, UAE, e& UAE , Lockbit Ransomware, Dark Web Domains, Operation Cronos,?NIST, Software Supply Chain Security, Vietnam, Biometric ID, Critical Security Debt Risk, Raccoon Infostealer Operator.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
??Meta Platforms alerts on the activity of eight spyware firms operating across Italy, Spain, and the U.A.E., targeting iOS, Android, and Windows devices. These firms deploy various malware with capabilities ranging from data collection to device control, posing a serious threat to user privacy and security. Meta's proactive measures include removing over 2,000 fake accounts and introducing new security features to mitigate the risk of exploitation and protect user data.
The Iranian-origin threat actor, Charming Kitten, resurfaces with a new backdoor called BASICSTAR, targeting Middle East policy experts through deceptive webinar portals. Known for its sophisticated social engineering tactics, Charming Kitten has a history of orchestrating multifaceted campaigns aimed at think tanks and NGOs, showcasing its adaptability in cyber warfare. Despite public exposure, the group, affiliated with Iran's Islamic Revolutionary Guard Corps, continues its relentless cyber onslaught, utilizing various malware such as MischiefTut and MediaPl to harvest sensitive information from targeted individuals.
Hackers are actively exploiting a critical remote code execution (RCE) flaw in the Bricks Builder Theme, a popular WordPress site builder with over 25,000 active installations. Detected on February 14, the vulnerability (CVE-2024-25600) allows attackers to execute malicious PHP code, posing a significant threat to vulnerable websites. Immediate action is imperative to patch this security loophole and safeguard against potential breaches.
Hackers are actively exploiting a critical flaw (CVE-2024-21410) in Microsoft Exchange servers, with up to 97,000 potentially vulnerable systems identified. The flaw, addressed by Microsoft on February 13, poses a severe risk of privilege escalation and NTLM relay attacks, affecting essential communication services widely used in business environments. System administrators are urged to apply the latest updates immediately to mitigate the threat and prevent unauthorized access to sensitive data.
ConnectWise has addressed two vulnerabilities in ScreenConnect, mitigating potential remote code execution threats and safeguarding confidential data. While there's no evidence of exploitation, immediate action is urged by on-premise partners to mitigate identified security risks. ScreenConnect, popular among managed service providers and businesses, offers remote desktop solutions but has been targeted by cybercriminals, prompting proactive security measures and updates.
FixedFloat, a decentralized crypto exchange, experienced a significant breach resulting in the loss of at least $26 million worth of Bitcoin and Ether, as confirmed by on-chain data. Following reports on social media, the exchange team acknowledged the attack, initially attributing it to minor technical issues and transitioning to maintenance mode. Amidst frozen transactions and missing funds reported by users, the exchange is under investigation, aiming to address vulnerabilities and improve security before resuming services.
?The University of Cambridge experienced a distributed denial-of-service (DDoS) attack on Monday, disrupting internet access and vital services such as the education platform Moodle and student information system CamSIS. While the attacker's motive remains unclear, the University's IT services, alongside Joint Information Systems Committee (Jisc), are actively working to restore normalcy, with the disruption appearing to subside as of Tuesday morning. The hacking group Anonymous Sudan has claimed responsibility for the attacks, citing the UK's support for Israel as motivation, although security analysts suspect its origins to be Russian.
The IT infrastructure of the Regional Church of Hanover, Germany, has been under cyber attack since Sunday, prompting the shutdown of computer systems in central institutions as a precaution against malware. While the responsible party remains unidentified and no demands have been issued, investigations by the State Office of Criminal Investigation are underway. Affected entities include the State Church Office, the House of Church Services, and the Bishop's Chancellery, with disruptions to communication channels such as phone and email reported.
Over the weekend, Russian hackers launched attacks on several prominent Ukrainian media outlets, spreading fabricated news about the war. Targets included Ukrainska Pravda, Liga.net, Apostrophe, and Telegraf, all manipulated to disseminate false information regarding the alleged destruction of Ukrainian special forces by Russia in Avdiivka. The attacks underscore ongoing cyber warfare tactics aimed at destabilizing Ukraine and sowing misinformation through its media channels.
UAE's Etisalat, the 18th largest mobile network operator globally and a state-owned telecom giant, falls prey to Lockbit ransomware, demanding $100,000 for stolen data security. Lockbit executed their attack on February 16, 2024, uploading sensitive files belonging to Etisalat on their website. Despite the looming deadline set by the ransomware group for April 16, 2024, Etisalat has yet to confirm or respond to the cyberattack threat, leaving millions of subscribers in uncertainty.
?? Cyber News
?Law enforcement agencies worldwide have taken down several operations of LockBit, a notorious ransomware gang, as part of "Operation Cronos." Dark web domains owned by LockBit now display messages indicating control by authorities, disrupting key operations including access to LockBit's affiliate panel. This takedown comes after LockBit's rapid rise in prominence as one of the leading ransomware-as-a-service groups, posing significant disruptions to cybercriminal operations.
The National Institute of Standards and Technology (NIST) has released guidance that offers actionable measures for enhancing software supply chain security, according to experts. NIST's final guidelines, known as SP 800-204D, advise software providers to integrate security into every stage of the development life cycle. These measures include establishing security requirements for open-source software integration and expanding oversight of provenance data.
?Vietnam is set to implement biometric data collection for citizen identification purposes starting July, with iris scans, voice samples, and DNA being recorded as per amendments to the Law on Citizen Identification. This initiative will affect individuals aged 14 and above, with those between 6 and 14 having the option to participate, as reported by the government. The integration of biometric data into national identification cards marks a significant shift in identification protocols, posing challenges and opportunities in managing such vast amounts of sensitive information.
?A recent report reveals alarming statistics regarding security debt, with nearly half of organizations harboring persistent, high-severity flaws. Despite improvements, the prevalence of flaws in both first-party and third-party code underscores the urgent need for comprehensive testing throughout the software development lifecycle. While AI offers efficiency, it does not guarantee security, emphasizing the importance of prioritizing flaw remediation and adopting robust development practices to mitigate risk.
Ukrainian national Mark Sokolovsky, accused of running the Raccoon Infostealer malware-as-a-service, faces US trial after extradition from the Netherlands. Arrested in March 2022, Sokolovsky was indicted for distributing the malware globally, stealing sensitive information, and leasing access to it for $200 monthly in cryptocurrency. The FBI continues its investigation into the extensive data breach, urging potential victims to check a dedicated website for compromised credentials.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: