π What’s happening in cybersecurity today?
OpenCart, ownCloud, Black Friday Phishing Scams, Chrome, Brazil, China Energy Company, Ransomware, Vanderbilt Medical Center, Aliquippa Water, Iranian Hackers, Kybeswap, General Electric, BlackCat, Henry Schein, Inc. Toronto Public Library, CISA, UK, European Commission
π¨Β Cyber Alerts
1.Β OpenCart Flaw Exposed
A security researcher, known as “0xbro,” uncovered a Static Code Injection flaw in OpenCart versions 4.0.0.0 to 4.0.2.3, enabling arbitrary data writing in critical files. Despite responsibly disclosing the vulnerability, the researcher faced an impolite response from OpenCart’s administrator, Daniel Kerr, raising concerns about the company’s handling of security issues.
2.Β ownCloud Users Face Critical Flaws
ownCloud has issued warnings about three critical security vulnerabilities, exposing users to potential data breaches and file modifications. The flaws include sensitive information disclosure, WebDAV API authentication bypass, and subdomain validation bypass, urging users to implement fixes, disable certain functions, and update credentials to safeguard their systems. Meanwhile, a separate critical remote code execution vulnerability in CrushFTP was discovered, allowing unauthenticated attackers to access files and execute arbitrary programs on the host without requiring authentication.
3.Β Phishing Soars Black Friday Alert
Security researchers have highlighted a significant surge in phishing emails, specifically targeting Black Friday and Cyber Monday shoppers. These emails often impersonate popular brands and use various tactics like realistic templates, genuine hyperlinks, and social engineering to deceive recipients into disclosing sensitive information or clicking malicious links. To stay safe, users are advised to thoroughly verify offers and utilize robust anti-phishing and anti-malware defenses both in work and personal environments.
4.Β Chrome Extensions Target Brazil
The discovery of the malicious Google Chrome extension named “ParaSiteSnatcher” reveals a sophisticated framework capable of extracting highly sensitive data by monitoring and manipulating various sources. This extension operates by exploiting the Chrome Browser API to intercept and siphon off significant information from POST requests, especially those containing sensitive financial details, even before the HTTP request establishes a connection. Specifically tailored for Latin American users, particularly in Brazil, ParaSiteSnatcher targets key financial entities like Banco do Brasil and Caixa EconΓ΄mica Federal, aiming to extract data related to transactions, Brazilian Tax IDs, and cookies associated with Microsoft accounts.
5.Β Ransomware Gang Claims Energy Hack
The Rhysida ransomware gang claimed responsibility for hacking China Energy Engineering Corporation, aiming to auction stolen data for 50 BTC. Their modus operandi, highlighted in FBI-CISA advisories, targets multiple sectors using sophisticated techniques like Zerologon exploitation and off-the-land tools for attacks.
6.Β Vanderbilt Med Center Probes Cyber Incident
Vanderbilt University Medical Center is investigating a cybersecurity incident following the compromise of a database, leading to its inclusion on the Meow ransomware gang’s leak site. Although the hospital confirmed the incident, initial investigations suggest that the compromised database did not contain sensitive personal or protected information of patients or employees. The incident raises concerns about the evolving tactics of cybercriminal groups like Meow, previously associated with Conti ransomware, which exposed its source code in March, prompting various criminal gangs to develop distinct ransomware variants.
7.Β Iranian-Backed Group Hacks Aliquippa Water
The Municipal Water Authority of Aliquippa disclosed that an Iranian-backed cyber group, Cyber Av3ngers, successfully hacked one of their booster stations. Matthew Mottes, the board chairman, confirmed the breach to KDKA-TV, highlighting that the cyber group gained control over a station on the outskirts responsible for monitoring and regulating pressure in Raccoon and Potter Townships. Despite the intrusion, officials emphasized that there is currently no identified threat to the drinking water or water supply stemming from the cyberattack.
8.Β KyberSwap Reports $55m Crypto Theft
KyberSwap, a decentralized exchange, fell victim to a sophisticated cyber-attack on November 22, losing approximately $55 million in users’ funds through an exploit of its Elastic smart contracts. In response, the company paused deposits, initiated investigations, negotiated with attackers, and offered a 10% bounty to recover exploited funds, while DeFi experts highlighted the attack’s intricacies in exploiting a vulnerability unique to KyberSwap’s concentrated liquidity system.
9.Β GE Probes Cyber Attack, Data Theft
General Electric investigates alleged cyber attack and data theft claims made by threat actor IntelBroker, who purportedly breached GE’s development environment and leaked stolen data, including DARPA-related military information. GE confirmed awareness of the claims and is conducting an investigation to protect system integrity, while the breach remains unconfirmed. IntelBroker, known for prior successful cyberattacks, posted screenshots as proof of the alleged breach, prompting GE’s inquiry into the incident.
10.Β BlackCat Re-Encrypts Henry Schein
Henry Schein, Inc., a Nasdaq-listed company, suffered a cybersecurity incident on October 14, leading to disruptions in its manufacturing and distribution operations. Initially, AlphV (BlackCat) claimed responsibility for the attack, impacting Henry Schein’s dental and medical distribution in North America and Europe. Despite efforts to restore systems, subsequent updates revealed persistent disruptions, including the re-encryption of their platforms by BlackCat, causing ongoing unavailability of their ecommerce applications. However, recent updates indicate the company’s proactive response in identifying the cause and foreseeing the restoration of its U.S. ecommerce platform and other applications in the coming days.
11.Β Broadcom to Acquire VMware After Approval
Broadcom has finally cleared all regulatory obstacles for its $69 billion acquisition of VMware, planning to finalize the deal on Wednesday after China’s approval. This landmark acquisition marks Broadcom’s strategic move to solidify its position in cloud technology and expand its reach in the competitive cloud computing market.
12.Β Toronto Library Systems Unrestored Until 2024
The Toronto Public Library continues to grapple with a cyberattack that occurred in late October, forcing its systems to remain offline until 2024. While services are expected to gradually resume from January onward, the restoration process for the library’s computer systems and website remains a priority amidst ongoing efforts to enhance network security after the ransomware attack.
13.Β Pentagon’s AI Spurs Lethal Weapon Decisions
The Pentagon’s Replicator initiative aims to deploy thousands of AI-enabled autonomous vehicles by 2026 to match China’s technological advancements, raising concerns about the deployment of fully autonomous lethal weapons. The advancement in AI within the military is apparent, aiding in surveillance, maintenance prediction, space monitoring, and even fitness tracking for soldiers, but it also raises ethical and operational challenges regarding autonomous weapon systems.
14.Β EU Commission Criticized on Spyware
European lawmakers criticized the European Commission for its inaction following the parliamentary committee’s push for stricter regulations against spyware within the EU. The commission failed to implement the recommendations proposed by the PEGA Committee in May, which sought tighter export controls on commercial spyware and limited its use to genuine national security threats. Meanwhile, concerns persist over spyware misuse, exemplified by cases such as the alleged targeting of journalists and activists and the lack of robust investigative powers to counter such abuse.
15.Β CISA, UK NCSC Release AI Guidelines
CISA and the UK NCSC collaborate on the release of comprehensive Guidelines for Secure AI System Development, offering crucial recommendations for various AI system stakeholders. This landmark publication emphasizes Secure by Design principles, promoting transparency, accountability, and prioritizing security outcomes for customers in AI system development.