π What’s trending in cybersecurity today?
SSH Servers, Cryptocurrency Attacks, GitHub 2FA Setup, Apple Security Update, Bandook Malware, Medical Devices Vulnerabilities, EasyPark Group, Yakult Australia, National Amusements, Integris Health, Abdali Hospital, NASA Cyber Guide, Africa Cybersecurity, Apple Ban Appealed, DDoS Attack Surge, Mend.io Acquires Atom Security.
π¨Β Cyber Alerts
1. Hackers Target Linux SSH Servers
Hackers are intensifying attacks on Linux SSH servers, exploiting weak passwords and misconfigurations to gain unauthorized access. AhnLab Security Emergency Response Center reveals active assaults deploying scanner malware, targeting SSH credentials for DDoS and CoinMiner malware deployment. With an array of malware at their disposal, hackers seek poorly managed servers, amplifying DDoS attacks and cryptocurrency mining.
2. GitHub Urges 2FA Setup Before Deadline
GitHub is notifying users that, starting January 19th, 2024, those contributing code on GitHub.com must enable two-factor authentication (2FA) to enhance security against breaches and supply chain attacks. Failure to set up 2FA by the deadline will result in limited access, and GitHub provides instructions on configuring 2FA through various methods such as security keys, mobile apps, and SMS text messages.
3. Apple’s Unplanned iOS Update
Apple rolled out iOS 17.2.1 unexpectedly, emphasizing vital bug fixes. Security details remain undisclosed, but it’s labeled crucial, prompting swift action before the holidays. This rush suggests potential security concerns or crucial bug repairs. While specifics are scarce, the urgency implies a need for immediate updates, especially amid recent spyware attacks targeting iPhones. iOS 16.7.4’s release hints at significant security fixes. Despite the Japanese notes mentioning a battery drain fix, details on security patches remain undisclosed. Users are advised to update swiftly through Settings to ensure device security.
4. Bandook Malware’s Advanced Tactics
The Bandook malware, in its latest variant, employs new strategies for infiltration via a PDF file, leveraging a password-protected .7z file that, once extracted, injects its payload into msinfo32.exe. This variant has reduced control codes and exhibits more precise task divisions. The payload establishes persistence through registry manipulation and downloads additional modules like fcd.dll. Its C2 communication involves multiple commands, facilitating file manipulation, registry control, data downloads, and even screen monitoring and control.
5. US Medical Device Vulnerabilities
A Government Accountability Office (GAO) report reveals that a majority of U.S. medical devices carry significant vulnerabilities, posing potential catastrophic risks to hospitals and patient care. The report highlights the failure of federal agencies to provide adequate resources and information for addressing these flaws, raising concerns about the cybersecurity of critical medical devices. The GAO calls for updated security guidance and public alerts, emphasizing the urgent need to address vulnerabilities that could be exploited by threat actors, putting patient safety at risk.
6. EasyPark Group’s Europe Data Breach
EasyPark Group, Europeβs parking app operator, faced a data breach impacting thousands of customers. The breach exposed personal and financial data, prompting alerts to affected users and regulatory bodies. While no ransom demands emerged, EasyPark warned of potential phishing risks. The breach, affecting RingGo app users in Europe, excluded ParkMobile users in the US. This incident underscores growing security threats to parking services, necessitating heightened user caution and ongoing vigilance.
7. Data Leak at Yakult Australia
Yakult Australia confirmed a cyber incident affecting its IT systems in mid-December. Cybercrime group DragonForce claimed responsibility and leaked 95GB of company data, including business documents and employee records. The leaked dump contains contracts, passports, and other sensitive information. Yakult is investigating with cybersecurity experts, while DragonForce operates by extorting victims for payment and publicly leaking data upon refusal. DragonForce has listed 20 victims on its leak site.
8. National Amusements Faces Data Breach
Shari Redstone’s National Amusements, parent company of Paramount Global and CBS, reported a data breach in which hackers stole personal and financial information from over 82,000 people. The breach, which occurred in December 2022, was discovered in August, prompting the company to engage a cybersecurity firm for investigation and containment. While there is no indication of identity theft or fraud, National Amusements has notified affected individuals as a precaution and continues to enhance information security measures.
9. Integris Health Cybersecurity Breach
Integris Health reported a cyber-attack involving unauthorized access to patient data, including sensitive information like names, birthdates, contacts, demographics, and Social Security numbers. While services remained unaffected, the facility advises vigilance against suspicious communications and pledges to notify impacted individuals, offering free credit monitoring.
10. Rhysida Targets Abdali Hospital in Jordan
The Rhysida ransomware group claims responsibility for breaching Jordan’s Abdali Hospital, adding it to their list of victims. The group threatens to auction stolen sensitive data, including ID cards and contracts, and demands 10 BTC for the trove. This follows recent attacks on entities like King Edward VIIβs Hospital, the British Library, and China Energy Engineering Corporation, prompting a joint FBI and CISA advisory to raise awareness about Rhysida ransomware threats.
11. NASA’s Space Cybersecurity Best Practices
NASA’s groundbreaking cybersecurity guide for space communications aligns security controls with NIST’s SP 800-53. The guide aims to adapt security practices for integrated space systems, emphasizing risk analysis and response, domain separation, and least privilege designs.
12. African Nations Strengthen Cyber Resilience
African nations are addressing cybersecurity challenges through initiatives like Nigeria’s Cyber Hub, aiming to train a skilled workforce and create homegrown solutions.
13. Apple Challenges ITC Ban on Smartwatches
Apple is pushing back against a federal government ban on importing its latest smartwatches, the Apple Watch Series 9 and Apple Watch Ultra 2, following a ruling by the US International Trade Commission (ITC) that found patent infringement.
14. DDoS Attacks Surge 67% in Q3 2023
The Indusface AppSec Q3, 2023 Report notes a 67% surge in DDoS attacks. Over 41% of websites faced these assaults. Attacks originating from India, the US, Germany, the UK, and Singapore surged. Microsoft and OpenAI suffered significant disruptions due to DDoS assaults. Anonymous Sudanβs politically motivated attacks and new exploit vulnerabilities fuelled unprecedented attacks, urging robust DDoS mitigation practices like behavioral-based protection and minimizing attack surfaces.
15. Mend.io Acquires Atom Security
Israeli cybersecurity firm Mend.io has recently acquired Atom Security, a company specializing in cyber risk assessment, in a deal valued at several million dollars. This strategic move marks Mend’s fifth acquisition in the last three years, underlining its commitment to expanding its cybersecurity capabilities. Founded in 2011 as WhiteSource, Mend.io focuses on aiding developers in managing open-source libraries, addressing security risks, and handling open-source license concerns, making it a significant player in the cybersecurity landscape.
Copyright Β© 2023 CyberMaterial. All Rights Reserved.
