π What’s trending in cybersecurity today?
VMware Reveals Critical Authentication Flaw, Intel Resolves High-Severity CPU Vulnerability, Russian APT29 Targets Embassies, Researchers Expose Risk to AMD CPU, Microsoft Patching Critical Azure CLI Flaw, Ransomware Surge Targets Nuclear and Oil & Gas Sectors, Booking.com Confirms Data Breach, Stellantis Production Disrupted, Data Breach in North Carolina County, St. Lucie County Tax Collector Hit by Ransomware Attack, NY Governor Proposes Cybersecurity Rules for Hospitals, Google Initiates Deletion of Dormant Gmail Accounts, Sophos Unveils Rapid Execution Tactics, FBI Shuts Down IPStorm Proxy Service.
π¨Β Cyber Alerts
1. VMware Unveils Critical Cloud Director Flaw
VMware has exposed a significant unpatched vulnerability, an authentication bypass flaw, affecting Cloud Director appliance deployments. Limited to appliances running VCD Appliance 10.5 upgraded from an older release, the flaw allows unauthenticated attackers to remotely exploit it without user interaction. While VMware works on a patch, admins are advised to implement a temporary workaround provided by the company to mitigate the risk until a permanent solution is available.
2. Intel Fixes Critical CPU Vulnerability
Intel has addressed a significant high-severity CPU vulnerability impacting various CPUs, including Alder Lake, Raptor Lake, and Sapphire Rapids. Termed a ‘Redundant Prefix Issue,’ the flaw could enable attackers to escalate privileges, access sensitive data, or cause a denial-of-service situation. While Intel believes real-world software won’t encounter the issue, users are urged to update their systems with the provided microcode updates to mitigate any potential risks.
3. APT29 Targets Embassies in Recent Operation
Ukraine’s National Cyber Security Coordination Center has uncovered a cyber-espionage campaign targeting embassies and international organizations, linking the attacks to the Russian state-sponsored hacker group APT29, also known as Cozy Bear. The operation aimed at infiltrating embassy entities, particularly diplomatic accounts associated with foreign affairs ministries in Azerbaijan and Italy. Utilizing a recently discovered vulnerability in WinRAR, the attackers sent phishing emails with a malicious ZIP file, exploiting the vulnerability and potentially gaining access to compromised systems.
4. AMD CPU Vulnerability Revealed
Security researchers have discovered a new attack method named CacheWarp that targets a security feature in AMD processors, posing a risk to protected virtual machines. The attack affects AMD Secure Encrypted Virtualization, particularly the SEV-SNP feature, designed to isolate VMs from the underlying hypervisor at the hardware level. CacheWarp, described as a software-based fault injection attack, exploits an architectural bug in AMD CPUs, allowing malicious hackers to hijack control flow.
5. Azure CLI Vulnerability Mitigated
Microsoft has swiftly addressed a critical security vulnerability in Azure CLI, identified as CVE-2023-36052, which could allow attackers to pilfer credentials from logs generated by Azure CLI in GitHub Actions or Azure DevOps. Security researchers at Palo Alto’s Prisma Cloud discovered that successful exploitation of the flaw could enable unauthenticated attackers to remotely access plaintext contents within Continuous Integration and Continuous DeploymentΒ logs.
6. Energy Sector Ransomware Surge Alert
Resecurity, Inc. highlights a concerning surge in ransomware operations targeting the energy sector, with a particular emphasis on nuclear facilities and associated research entities. Over the past year, energy installations in North America, Asia, and the European Union have witnessed a significant increase in ransomware attacks. With major ransomware groups like BlackCat/ALPHV, Medusa, and LockBit 3.0 intensifying their focus on high-stakes targets, the collaboration between these groups and underground actors poses a serious threat to critical infrastructure.
7. Booking.com‘s Phishing Incident Revealed
Booking.com confirmed falling victim to a phishing attack, posing potential risks to consumers’ credit card information. The incident began when a hacker, posing as a traveler, targeted hotels via email, infecting their systems with a virus. The compromised hotels’ IDs and passwords for Booking.com were then exploited to send fake emails to travelers, tricking them into entering credit card details on a fraudulent Booking.com site.
8. Stellantis Faces Production Disruption
Production at Stellantis, the maker of Chrysler, Dodge, Jeep, and Ram vehicles, is facing disruptions following a cyberattack on its supplier, Yanfeng International Automotive Technology. The Chinese automotive supplier, responsible for just-in-time parts like seats, interiors, and electronics, suffered a cyber incident, impacting Stellantis’ North American assembly plants. Stellantis is working closely with the supplier to mitigate further impacts on operations, emphasizing the significance of supply chain cybersecurity in the automotive industry.
9. North Carolina Cyberattack Raises Concerns
A cyberattack on Bladen County, North Carolina, prompted the deployment of the state’s national guard for assistance. While data access was confirmed, the notice did not mention ransomware, prompting a forensic investigation by the North Carolina Joint Cybersecurity Task Force. Bladen County, operating in a limited capacity, faces cybersecurity challenges, and despite the ban on ransom payments, the incident reflects the persistent threat to local governments from ransomware groups.
10. Ransomware Hits St. Lucie Tax Office
The St. Lucie County tax collector’s computer system recently faced a shutdown due to a ransomware attack, confirmed by Tax Collector Chris Craft. Although personal information was not compromised, Craft reassured taxpayers that their data, including driver’s license information and car registration, is stored on a secure state server. The attack, while not resulting in a data breach, incurred significant costs as workers labored around the clock to restore the system, emphasizing the challenges faced by public services in dealing with cyber threats.
11. New York Hospitals Face Cyber Rules
New York Governor Kathy Hochul is pushing for robust cybersecurity regulations for the state’s hospitals following a series of debilitating attacks. The proposed rules mandate hospitals to establish cybersecurity programs, appoint chief information security officers, and implement defensive measures. With an allocation of $500 million in the budget for technology upgrades aligned with these regulations, the governor aims to fortify the healthcare sector against cyber threats.
12. Google to Remove Inactive Gmails
Google is set to delete inactive Gmail accounts starting December 1, as part of a cybersecurity initiative. Any account untouched for two years, including Google Workspace apps like Drive and Docs, could be eradicated. This measure aims to enhance security, targeting older accounts that may be susceptible to hacks due to outdated passwords and lack of two-factor authentication.
13. NCSC Raises Alarm on Infrastructure Risks
The UK’s National Cyber Security Centre expresses concern about the increasing threat level to the nation’s critical national infrastructure in its annual review. While acknowledging progress in building resilience, the report states that cybersecurity readiness in critical areas is not where it needs to be.
14. Telemetry Loss Risks in Ransomware
Sophos’ latest report exposes a concerning trend as cyber-criminals, in 82% of cases, disable or erase logs, emphasizing the critical importance of telemetry data. Analyzing 232 incident response cases from January 1, 2022, to June 30, 2023, the report sheds light on the accelerated pace of ransomware attacks, often executed within hours. While categorizing attacks based on dwell time, Sophos recommends maintaining current defensive strategies, including robust telemetry.
15. DOJ Dismantles IPStorm Botnet Proxy
The U.S. Department of Justice has announced the successful takedown of the IPStorm botnet proxy service by the Federal Bureau of Investigation. IPStorm allowed cybercriminals to anonymously route malicious traffic through compromised Windows, Linux, Mac, and Android devices globally. In connection to this case, Sergei Makinin, a Russian-Moldovan national, pleaded guilty to computer fraud charges, facing a maximum penalty of 10 years in prison, highlighting the significant impact of dismantling this proxy service on cybercrime facilitation.
