Microsoft phishing warning, Amazon Ring hacked, CISA’s vulnerability program
Microsoft warns of large-scale use of phishing kits to send millions of emails daily
An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101. An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a target’s password and session cookies by deploying a proxy server between the user and the website. Such attacks are more effective owing to their ability to circumvent multi-factor authentication (MFA) protections. DEV-1101 is said to be the party behind several phishing kits that can be purchased or rented by other criminal actors, thereby reducing the effort and resources required to launch a phishing campaign.
Ransomware group claims hack of Amazon’s Ring
The ransomware group ALPHV whose malware is known as BlackCat, is claiming responsibility for breaching the massively popular security camera company Ring, owned by Amazon. The ransomware gang is threatening to release Ring’s data. Ring told Motherboard it does not have evidence of a breach of its own systems, but said a third-party vendor has been hit with ransomware. Motherboard has verified that a listing naming Ring is currently on ALPHV’s data dump site.
(Vice)
CISA creates new ransomware vulnerability warning program
CISA has announced the creation of a new Ransomware Vulnerability Warning Pilot (RVWP) program. Stemming from the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and coordinated by the Joint Ransomware Task Force (JRTF), the RVWP will see CISA assess flaws commonly associated with known ransomware exploitation. After finding these vulnerabilities, the Agency will warn critical infrastructure entities with the goal of enabling mitigation before a ransomware incident. To identify entities vulnerable to the bugs, CISA will rely on various existing services, data sources, technologies and authorities, including its Cyber Hygiene Vulnerability Scanning service.
Cybercriminals exploit SVB collapse to steal money and data
Threat actors are already registering suspicious domains, conducting phishing pages, and gearing up for business email compromise (BEC) attacks following the collapse of Silicon Valley Bank. Security researcher Johannes Ulrich warned that the scammers might attempt to contact former clients of SVB to offer them a support package, legal services, loans, or other fake services relating to the bank’s collapse. In addition to the domains, many with SVB in them, Ulrich describes an attack already seen in the wild from BEC threat actors impersonating SVB customers and telling customers that they need payments sent to a new bank account after the bank’s collapse. Other scams include informing SVB customers that the bank is distributing USDC a digital stable coin as part of a “payback” program.
领英推荐
Medical device giant says cyberattack leaked sensitive data of 1 million people
Massachusetts based medical device maker ZOLL said a cyberattack in January exposed the sensitive information of more than 1 million people. In documents provided to Maine’s Attorney General, ZOLL said the incident started on January 28 when they “detected unusual activity” on their internal network. The company added that information was accessed on February 2. “Information that may have been disclosed includes your name, address, date of birth, and Social Security number. It may also be inferred that you used or were considered for use of a ZOLL product,” the company told victims. ZOLL produces a range of devices including defibrillation and monitoring tools as well as devices for circulation and CPR feedback, data management, therapeutic temperature management, and ventilation.
Meta to cut 10,000 jobs in second round of layoffs
This announcement makes Meta the first Big Tech company to announce a second round of mass layoffs as the industry braces for a deep economic downturn. The widely-anticipated job cuts are part of a restructuring that will see the company scrap hiring plans for 5,000 openings, kill off lower-priority projects and “flatten” layers of middle management. Meta will also ask many managers to become individual contributors, while eliminating non-engineering roles, automating more functions and at least partially reversing a commitment to “remote-first” work.
(Reuters)
UK’s largest state boarding school announces “sophisticated cyberattack”
Wymondham College, the largest state boarding school in the United Kingdom, announced on Tuesday that it had been hit by a “sophisticated cyberattack”. The school, which has just over 1,200 students aged 11 to 18, did not explain the nature of the attack, but it is the latest educational establishment in the country to face disruption as a result of a cyber incident and follows repeated warnings from British cyber authorities about an increase in ransomware attacks against schools. A spokesperson stated, “We are not aware of any data breach. A number of the College’s systems have been impacted, including access to some files and resources.” No ransom demand has yet been made.
Patch Tuesday update
Yesterday Microsoft announced its March 2023 Patch Tuesday updates, which fix two actively exploited zero-day vulnerabilities and a total of 83 flaws. Nine vulnerabilities have been classified as ‘Critical’ for allowing remote code execution, denial of service, or elevation of privileges attacks. This count does not include twenty-one Microsoft Edge vulnerabilities fixed on Monday. The two actively exploited zero-day vulnerabilities fixed in yesterday’s updates are CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability, and CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability. Other vendors who released updates in March 2023 include: Apple for GarageBand, Cisco for multiple products, Google for Android, ChromeOS, and Google Chrome, Fortinet for the FortiOS vulnerability, SAP and Veeam.
click here for details....