π What’s the latest in the cyber world today?
Microsoft Azure, Phishing Campaign, CISA, Roundcube Cross-Site Scripting Flaw, Ivanti Gateways, New DSLog Backdoor, Free Decryptor, Rhysida Ransomware, Hunter-Killer Malware, Bank of America, Infosys McCamish Systems, Thailand, Department of Older Persons, GAO Employees, CGI Federal Data Breach, Romanian Hospitals, Armentières Hospital, FCC, Telecommunication Companies, Data Breaches, White House, Deepfake Scams, Cryptographic Verification, Bugcrowd, Apple, Ex-Employee, Stealing Self-Driving Tech, National Semiconductor Tech Center.
Listen to the full podcast
π¨Β Cyber Alerts
1. Phishing Threat Targets Executives
Β A sophisticated phishing campaign, detected in late November 2023, has compromised numerous user accounts across Microsoft Azure environments, including those belonging to senior executives. Hackers exploit executives’ access to gain entry to confidential corporate data, self-approve fraudulent financial transactions, and exploit critical systems, posing a significant threat to breached organizations and their partners. Proofpoint’s Cloud Security Response Team has issued an alert, identifying the deceptive tactics used by threat actors and recommending tailored defense strategies to mitigate the risks.
2. Roundcube Email XSS Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a medium-severity security vulnerability in Roundcube email software, identified as CVE-2023-43770, due to active exploitation concerns. This cross-site scripting (XSS) flaw, present in Roundcube versions before 1.4.14, poses a risk of information disclosure through malicious link references in plain text messages. Roundcube addressed the vulnerability with the release of version 1.6.3, prompting U.S. Federal Civilian Executive Branch (FCEB) agencies to apply vendor-provided fixes by March 4, 2024, for enhanced network security.
3. Ivanti Gateways Exploited with DSLog
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. This vulnerability, disclosed as CVE-2024-21893, allows attackers to bypass authentication and access restricted resources on Ivanti gateways. Ivanti has released security updates and mitigation advice to address the issue, but threat monitoring services report ongoing attempts to leverage the flaw, indicating the urgency of applying the fixes to secure networks against potential threats.
4. Rhysida Ransomware Decryptor Released
South Korean researchers reveal a flaw in Rhysida ransomware encryption, allowing victims to recover files for free, targeting healthcare organizations. The flaw exploits a predictable seed value in Rhysida’s encryption process, enabling researchers to develop a decryption method and an automated tool available on KISA’s website. However, experts warn that the flaw’s public disclosure may prompt the ransomware operators to patch it, hindering future file recovery efforts.
5. Rise of Hunter-Killer Malware
A concerning surge in ‘hunter-killer’ malware tactics is observed, mimicking submarine warfare strategies, where attackers stay hidden until launching devastating attacks. Dr. Suleyman Ozarslan of Picus Security warns of ultra-evasive malware, evading detection and disabling cyber defenses, akin to modern-day submarines stalking their prey. This trend, evidenced by a significant increase in evasion techniques, demands heightened vigilance and proactive defense measures against evolving cyber threats.
π₯ Cyber Incidents
Bank of America alerts customers of a data breach linked to a hack at Infosys McCamish Systems, exposing sensitive personal information such as names, addresses, and financial data. While the full extent of the breach is undisclosed, over 57,000 individuals were directly affected, raising concerns about data security across financial institutions. The breach, attributed to the LockBit ransomware gang, highlights ongoing cybersecurity threats faced by major corporations and underscores the importance of robust security measures in safeguarding customer data.
Β The personal data of 19.7 million Thai citizens, particularly elderly members, was found for sale on the dark web, prompting urgent security actions. The Thailand Consumers Council has called on the Department of Older Persons to address the breach, emphasizing the need for immediate notification and protective measures. Concerns arise over delays in response and enforcement, highlighting vulnerabilities in data protection despite existing regulations.
The U.S. Government Accountability Office disclosed a recent data breach involving CGI Federal, impacting approximately 6,000 current and former GAO employees. Personally identifiable information, including names, social security numbers, addresses, and banking details, was compromised, with the breach attributed to a threat actor exploiting vulnerabilities in an external platform. CGI Federal, a key IT contractor for federal agencies, has yet to comment on the incident, while the U.S. cybersecurity agency and the FBI are investigating the breach’s ramifications.
Over 21 hospitals in Romania grappled with a ransomware attack that paralyzed their healthcare management system, known as the Hipocrate Information System (HIS), disrupting medical operations. The cyber incident prompted an investigation by the National Cyber Security Directorate (DNSC) and precautionary measures to safeguard unaffected hospitals. Despite the setback, medical staff reverted to manual processes, like paper-based records, until IT systems could be restored.
The Armentières hospital faces a cyber-attack with ransom demands, prompting the closure of its emergency department until Monday. A crisis unit is assembled to address the situation, redirecting new patients to hospitals in the Lille Metropolis, while existing patients continue to receive care with printed records.
π’ Cyber News
Β Starting March 13th, telecom companies are required to report data breaches impacting customers’ personally identifiable information within 30 days, under FCC’s updated rules. These changes aim to enhance accountability in safeguarding sensitive customer data and provide tools for protection. FCC Chairwoman emphasizes the importance of securing personal data amid the prevalence of always-on connectivity.
The rise of deepfake and generative AI scams poses a significant challenge, but the White House is taking proactive steps to combat them. With a focus on ensuring authenticity, official releases, including President Joe Biden’s addresses, will now undergo cryptographic verification. This move aims to instill trust and confidence in official communications amidst growing concerns about AI-amplified misinformation.
Β Bugcrowd, a bug bounty platform provider, secures $102 million in funding to bolster its growth initiatives, enhance its security platform, and explore strategic acquisitions. With nearly 1,000 customers and over 200 new additions in the past year, Bugcrowd facilitates bug bounty programs, vulnerability disclosure initiatives, penetration testing, and attack surface management services. CEO Casey Ellis emphasizes the company’s commitment to empowering defenders with innovative crowd-driven solutions to combat evolving cyber threats.
Β Xiaolang Zhang, a former Apple engineer, received a 120-day prison sentence and three-year supervised release for stealing secrets related to Apple’s self-driving car project. Zhang was apprehended at the San Jose airport in 2018 as he tried to flee to China. His theft included transferring documents to his wife’s laptop and taking hardware from Apple’s labs, resulting in restitution of nearly $150,000.
The US establishes the National Semiconductor Technology Center (NSTC), a major initiative under the CHIPS program, expecting over $5 billion investment to bolster semiconductor research and development (R&D). Led by Natcast, a non-profit entity, the NSTC aims to foster collaboration among government, industry, academia, and investors to ensure US leadership in semiconductor innovation. This endeavor, supported by President Biden’s CHIPS Act, marks a significant step toward strengthening the nation’s semiconductor ecosystem and securing its technological and economic future.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
