π What are the latest cybersecurity alerts, incidents, and news?
Microsoft, APT29, Cisco, Critical Security Flaw, Chinese Nation-State Actor, LODEINFO Backdoor, iOS Apps, Push Notifications, WordPress Plugin, Critical Flaw, India, Ukrainian Critical Infrastructure, Double Eagle Energy Holdings, Hunters Ransomware, Colombian Government, VPN Access, Washington County Government, FTC, AI Influence, Antitrust Concerns, Gaming Restructure, US Court, Silk Road, OneCoin Scheme, iOS 17.3, Stolen Device Protection
Listen to the full podcast
π¨Β Cyber Alerts
Microsoft has revealed that the state-sponsored Russian threat actors responsible for the November 2023 cyber attack on its systems are now targeting other organizations. The hacking group, known as APT29 or BlueBravo, specializes in infiltrating governments, diplomatic entities, NGOs, and IT service providers, primarily in the U.S. and Europe. Microsoft warns of the group’s advanced tactics, including the use of legitimate but compromised accounts, OAuth application abuse, and password spraying, emphasizing the need for enhanced cybersecurity measures against this persistent threat.
Cisco has issued a security warning for a critical remote code execution vulnerability in its Unified Communications Manager (CM) and Contact Center Solutions products. The flaw, tracked as CVE-2024-20253, allows an unauthenticated remote attacker to execute arbitrary code on affected devices. Several Cisco products, including Unified Communications Manager and Contact Center Express, are impacted, and the company recommends applying available security updates to address the issue.
Japanese firm ITOCHU Cyber & Intelligence has reported an updated version of the LODEINFO backdoor distributed via spear-phishing attacks. Linked to the Chinese nation-state actor Stone Panda, the malware has evolved with new features and anti-analysis techniques. The backdoor is deployed through phishing emails using malicious Word documents, and recent observations note changes in infection paths, including remote template injection methods and an added intermediate stage in attack delivery, emphasizing the importance of memory-scanning malware detection measures.
Several iOS apps use background processes triggered by push notifications to collect user data, posing a privacy risk for iPhone users. The apps bypass Apple’s restrictions, potentially creating fingerprinting profiles for tracking. Apple plans to address the issue by tightening API restrictions in Spring 2024, requiring apps to declare the specific need for APIs susceptible to fingerprinting abuse. Until then, users concerned about fingerprinting should disable push notifications, as simply making notifications silent does not prevent abuse.
Researchers observe a surge in malicious activity targeting a critical vulnerability in the ‘Better Search Replace’ WordPress plugin, with over 2,500 attacks blocked in the past 24 hours. The plugin, used for search and replace operations in databases, recently addressed a critical-severity PHP object injection vulnerability (CVE-2023-6933) that could lead to code execution, data access, file manipulation, or denial of service. While Better Search Replace itself isn’t directly vulnerable, attackers exploit it to execute code if another plugin or theme on the same site contains the Property Oriented Programming (POP) chain.
π₯ Cyber Incidents
Threat actors, affiliated with CYBOCREW, advertise a 1.8TB database containing 750 million Indian phone numbers, along with names, addresses, and Aadhaar details. The dataset affects major telecom providers, comprising over half of India’s population, with the threat actors demanding $3,000 for the entire dataset. CYBOCREW, a new threat group, emerged in July 2023 and has been linked to major breaches across various sectors.
Several state-owned Ukrainian critical infrastructure entities, including Naftogaz, Ukrposhta, and DSBT, reported cyberattacks. Naftogaz, Ukraine’s largest state-owned oil and gas company, faced an attack on its data center, affecting website and call center operations. Other entities, such as Ukrposhta and DSBT, also reported disruptions, with the perpetrators yet to be identified, raising concerns about the cybersecurity landscape in Ukraine amid ongoing tensions.
The Hunters ransomware group targeted Double Eagle Energy Holdings IV, LLC, a major US-based oil and gas company, claiming a successful cyberattack on January 23, 2024. The attackers exfiltrated 768.2 GB of sensitive data, including corporate structures, internal documents, accounting records, bank information, tax returns, and passports. While the group has not disclosed any plans to release the compromised data, the affected company’s website remains inoperative, displaying an SSL error.
Allegations of unauthorized VPN access to a Colombian government ministry are surfacing, with a threat actor named “dawnofdevil” offering it for $1000. The sale specifies SSL VPN access related to the Ministry of Colombia, using Fortinet technology. Despite the claims, the associated website shows no signs of a data breach on the front end, suggesting a potential back-end targeting strategy by hackers.
A cyberattack has paralyzed Washington County’s main computer server, impacting daily government operations. The phishing scheme prompted IT workers to shut down systems, leading to widespread inconvenience for residents. While court operations continue with manual processes, investigations are ongoing, and no timeline for system restoration has been provided.
π’ Cyber News
The U.S. Federal Trade Commission launches investigations into Google, Amazon, Anthropic, Microsoft, and OpenAI, examining potential undue influence in the generative AI sector. Letters were sent demanding documentation on exclusive partnerships, privileged access, and pricing control. The move aligns the FTC with European and British counterparts investigating competition concerns in the AI space, triggered in part by Microsoft’s role in reinstating OpenAI CEO Sam Altman and its significant investment in the AI model maker.
Microsoft is cutting 1,900 jobs at Activision Blizzard and Xbox, with the layoffs primarily affecting Activision Blizzard roles but also impacting some Xbox and ZeniMax employees. The layoffs account for approximately 8% of the total Microsoft Gaming division workforce, which stands at around 22,000 employees. The move follows Microsoft’s $68.7 billion acquisition of Activision Blizzard in October, and the company aims to align its strategy and execution plan with a sustainable cost structure to support its growing business.
The United States District Court of Maryland plans to auction over $131 million worth of Bitcoin recovered from Silk Road. This decision follows the U.S v Joseph Farace case, involving money laundering through Bitcoin. The auction includes 2,874 Bitcoins valued at about $129 million and 58 pieces worth $3 million, confiscated a year ago. Interested parties have 60 days to make a legal claim; after that, the U.S. government can sell the cryptocurrency, marking a significant step in combating dark web criminal activities and potentially boosting government revenue.
A lawyer, Mark Scott, has been sentenced to ten years in prison for laundering $400 million from the OneCoin cryptocurrency fraud scheme. Scott, an equity partner at Locke Lord LLP, abused his position to conceal his involvement in the fraudulent scheme led by Ruja Ignatova, known as the “Crypto Queen.” Ignatova ran a massive cryptocurrency fraud that claimed over $4 billion from more than 3.5 million victims globally between 2014 and 2016. Scott set up fake private equity investment funds, known as the “Fenero Funds,” to launder the illegal proceeds before transferring the funds back to Ignatova and other OneCoin accomplices.
The latest iOS 17.3 update addresses an actively exploited zero-day vulnerability and introduces a Stolen Device Protection feature. This new security measure aims to safeguard accounts and sensitive information in case of iPhone theft. By enabling Stolen Device Protection, thieves face challenges in accessing passwords, erasing content, setting up new devices, or making certain Apple Card and Wallet actions, reinforcing the security of user data even if the device is stolen.